自习
Sign Up

Kubernetes Secret 资源对象使用方法

Kubernetes Secret 资源对象使用方法:

  1. 创建 Secret

    apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: default
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2NTIxODRhNjc2YWUxZGM3YmQzZDgxOTM=

  2. 引用 Secret

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
  - name: my-container
    image: nginx
    env:
    - name: MY_USERNAME
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: username
    - name: MY_PASSWORD
      valueFrom:
        secretKeyRef:
          name: my-secret
          key: password

  3. 挂载 Secret

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
  - name: my-container
    image: nginx
    volumeMounts:
    - name: my-secret
      mountPath: /etc/secrets
  volumes:
  - name: my-secret
    secret:
      secretName: my-secret

  4. 使用环境变量

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
  - name: my-container
    image: nginx
    envFrom:
    - secretRef:
        name: my-secret

  5. 使用 ConfigMap

    apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
  namespace: default
data:
  username: admin
  password: password

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
  - name: my-container
    image: nginx
    envFrom:
    - configMapRef:
        name: my-configmap

  6. 使用 Secrets 插件

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
  - name: my-container
    image: nginx
    volumeMounts:
    - name: my-secret
      mountPath: /etc/secrets
  volumes:
  - name: my-secret
    projected:
      sources:
      - secret:
          name: my-secret
          items:
          - key: username
            path: my-username
          - key: password
            path: my-password

  7. 使用 init 容器

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  initContainers:
  - name: init-secret
    image: busybox
    command: ["cp", "/secret/username", "/etc/app/username"]
  containers:
  - name: my-container
    image: my-app
    env:
    - name: MY_USERNAME
      value: /etc/app/username
  volumes:
  - name: my-secret
    secret:
      secretName: my-secret

  8. 使用 Downward API

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
spec:
  containers:
  - name: my-container
    image: nginx
    env:
    - name: MY_POD_NAME
      valueFrom:
        fieldRef:
          fieldPath: metadata.name
    - name: MY_POD_NAMESPACE
      valueFrom:
        fieldRef:
          fieldPath: metadata.namespace
@阿亮 Statement: Please indicate the author and link for reprinting.

  • Scan me to read on mobile phone

Related Articles