微信小程序可以做网站用,用摄像头直播网站怎么做,昆明网站制作工具,网站制作素材图片secret资源介绍
secret用于敏感数据存储#xff0c;底层基于base64编码#xff0c;数据存储在etcd数据库中
应用场景举例#xff1a;
数据库的用户名#xff0c;密码#xff0c;tls的证书ssh等服务的相关证书
secret的基础管理
1 在命令行响应式创建
1.响应式创建
…secret资源介绍
secret用于敏感数据存储底层基于base64编码数据存储在etcd数据库中
应用场景举例
数据库的用户名密码tls的证书ssh等服务的相关证书
secret的基础管理
1 在命令行响应式创建
1.响应式创建
kubectl create secret generic mysql-info \
--from-literalnamewenzhiyong \
--from-literalhost10.0.0.231 \
--from-literalpasswordwzy6662.查看secret mysql-info数据值被base64编码过了
[rootmaster231~]# kubectl get secrets mysql-info -o yaml
apiVersion: v1
data:host: MTAuMC4wLjIzMQname: d2VuemhpeW9uZwpassword: d3p5NjY2
kind: Secret
metadata:name: mysql-infonamespace: default
type: Opaque3.使用base64 -d查看内容和原来的一样
[rootmaster231~]# echo MTAuMC4wLjIzMQ | base64 -d | more
10.0.0.2312 基于yaml声明式创建
基于yaml声明式创建secret时又有2种细微的差别。就是value填写明文还是密文。
方式1明文形式书写
apiVersion: v1
kind: Secret
metadata:name: my-info
stringData:name: wenzhiyongage: 18sex: man创建后明文会自动经过base64编码
[rootmaster23103-secret]# echo MTg |base64 -d |more
18方式2密文方式书写
注需要提前把要申明的值进行base64编码然后手动在yaml中直接填写。比较繁琐不推荐
[rootmaster23103-secret]# echo username | base64
dXNlcm5hbWUK
[rootmaster23103-secret]# echo 123456 | base64
MTIzNDU2CgapiVersion: v1
kind: Secret
metadata:name: wzy-username-and-password
data:username: d3p5Cgpassword: MTIzNDU2Cg3 删除secret
和删除configmap一样kubectl delete secret name1
4 基于配置文件创建secret
1.先把文件内容写在1个txt然后使用kubectl指定创建
kubectl create secret generic service-secret --from-file/etc/nginx/nginx.conf基于环境变量引入secrets
1.声明式定义变量后再创建pod使用变量最后打印验证。
apiVersion: v1
kind: Secret
metadata:name: my-info
stringData:name: wenzhiyongage: 18sex: man---
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-sec-env
spec:replicas: 1selector:matchLabels:apps: xiuxiantemplate:metadata:labels:apps: xiuxianspec:containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1env: - name: my_namevalueFrom:secretKeyRef:name: my-infokey: name3.验证环境变量正确
[rootmaster23103-secret]# kubectl exec deploy-sec-env-5cf84b8f94-mz9h6 -- sh -c echo $my_name
wenzhiyong基于存储卷引入secrets资源
1.依赖于02-secrets-stringData.yaml
[rootmaster23107-secret]# cat 02-secrets-stringData.yaml
apiVersion: v1
kind: Secret
metadata:name: harborinfo
# 直接将value的值自定义字符串可读性较强
stringData:username: adminpassword: 1harbor_server: harbor.zhiyong18.com2.编写资源清单
[rootmaster23107-secret]# cat 04-deploy-secrets-volumes.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-secret-volumes
spec:replicas: 1selector:matchExpressions:- key: appsvalues:- xiuxianoperator: Intemplate:metadata:labels:apps: xiuxianspec:volumes:- name: data# 指定存储卷类型为secret资源secret:# 指定secret的名称secretName: harborinfo# 用 items 指定要引用secret的 key 信息若不指定则默认引用所有的KEY信息这一点和configmap类似items:- key: usernamepath: username.txt- key: passwordpath: password.txtcontainers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v3volumeMounts:- name: datamountPath: /zhiyong18-data3.验证结果如下进入pod查看2个文件创建成功内容和 secret 的内容一致
~ # cd /zhiyong18-data//zhiyong18-data # cat password.txt
1/zhiyong18-data # cat username.txt
admin使用secret资源进行镜像仓库认证
1.基于响应式创建一个secret资源存储harbor的认证信息
kubectl create secret docker-registry harbor-admin \
--docker-usernameadmin \
--docker-password1 \
--docker-emailadminoldboyedu.com \
--docker-serverharbor.oldboyedu.com[rootmaster231 secrets-harbor]# kubectl get secrets harbor-admin
NAME TYPE DATA AGE
harbor-admin kubernetes.io/dockerconfigjson 1 2m9s2.引用secret资源进行harbor私有仓库认证
[rootmaster231 secrets-harbor]# cat 01-secrets-harbor.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: deploy-xiuxian
spec:replicas: 1selector:matchExpressions:- key: appsvalues:- xiuxianoperator: Intemplate:metadata:labels:apps: xiuxianspec:# 指定拉取私有仓库的认证信息imagePullSecrets:# 指定的是secret信息- name: harbor-admincontainers:- name: c1image: harbor.oldboyedu.com/oldboyedu-linux/alpine:3.20.2stdin: trueimagePullPolicy: IfNotPresent3.实测可以成功拉取alpine镜像
基于声明式创建镜像仓库的secret
apiVersion: v1
kind: Secret
metadata:name: harbor
type: kubernetes.io/dockerconfigjson
stringData:.dockerconfigjson: |{auths: {harbor.zhiyong18.com: {username: admin,password: aa,email: wzywzy.com,auth: YWRtaW46YWE}}}
