|NO.Z.00016|——————————|CloudNative|——|Kubernetes&pod操作.V04|——|controller操作|

一、controller

二、controller实验操作

### --- 对base64进行编码执行
[root@k8s-master ~]# echo -n 'admin' | base64
YWRtaW4=
 
### --- 将下列文件上传到服务器
[root@k8s-master ~]# ls secret*
secret-var.yaml  secret-vol.yaml  secret.yaml

### --- 创建Secret加密数据

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  username: YWRtaW4=                            # 将该内容改为创建的base64编码
  password: MWYyZDFlMmU2N2Rm        
[root@k8s-master ~]# kubectl create -f secret.yaml 
secret/mysecret created

### --- 创建完成一个secret编码数据的过程

[root@k8s-master ~]# kubectl get secret                         
NAME                  TYPE                                  DATA   AGE
default-token-686hn   kubernetes.io/service-account-token   3      3d7h
mysecret              Opaque                                2      11s  

### --- 在pod中挂载编码
~~~     以变量的形式把编码的数据挂载到pod容器中

[root@k8s-master ~]# vim secret-var.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: nginx
    image: nginx
    env:
      - name: SECRET_USERNAME
        valueFrom:                                      # 以变量的形式挂载
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password

[root@k8s-master ~]# kubectl apply -f secret-var.yaml 
pod/mypod created
 
[root@k8s-master ~]# kubectl get pods
mypod                    1/1     Running     0          11s     

[root@k8s-master ~]# kubectl exec -it mypod bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
root@mypod:/# echo $SECRET_USERNAME                     # echo输出username及密码，
admin
root@mypod:/# echo $SECRET_PASSWORD
1f2d1e2e67df

### --- 通过volume形式挂载到pod中

[root@k8s-master ~]# vim secret-vol.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: nginx                                                # 名字一致
    image: nginx
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"                                    # 挂载地址
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret 

### --- 删除挂载形式的配置

[root@k8s-master ~]# kubectl delete -f secret-var.yaml    
pod "mypod" deleted
[root@k8s-master ~]# kubectl apply -f secret-vol.yaml 
pod/mypod created

[root@k8s-master ~]# kubectl get pods
mypod                    0/1     Running   0          14s
 
[root@k8s-master ~]# kubectl exec -it mypod bash
root@mypod:/# ls /etc/foo/
password  username
root@mypod:/# cat /etc/foo/username                         # 在提示符上显示输出值
adminroot@mypod:/# cat /etc/foo/password 

---

 

 

 

 

 

 

 

 

 

---

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart

                                                                                                                                                   ——W.S.Landor

---