- 访问私有镜像仓库的认证信息
- 身份识别的凭证信息
- HTTPS 通信的证书和私钥
- 一般的机密信息(格式由用户自行解释)
前几种我们现在暂时用不到,所以就只使用最后一种。
下面进行示例说明:
1、账号及密码base64加密
$ echo -n "aming"|base64
$ echo -n "linux123"|base64
2、定义YAML
$ vi mysecret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
user: YW1pbmc= ## echo -n "aming"|base64
passwd: bGludXgxMjM= ## echo -n "linux123"|base64
3、查看
$ k apply -f mysecret.yaml
$ k get secret
$ k describe secret mysecret
4、在其它pod里引用Secret
$ vi testpod2.yaml
apiVersion: v1
kind: Pod
metadata:
name: testpod2
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/abroad_images/busybox:latest
name: busy
imagePullPolicy: IfNotPresent
command: ["/bin/sleep", "300"]
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: user
- name: PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: passwd
应用YAML
$ k apply -f testpod2.yaml
5、验证
$ k exec -it testpod2 -- sh
/ # echo $PASSWORD
linux123
6、恢复
$ k delete -f testpod2.yaml
$ k delete -f mysecret.yaml