創建username和password文件:
$ echo -n "admin" > ./username $ echo -n "1f2d1e2e67df" > ./password
用kubectl生成secret對象:
$ kubectl create secret generic db-user-pass --from-file=./username --from-file=./password secret "db-user-pass" created
pod中引用Secret
apiVersion: v1 kind: Pod metadata: name: secret-env-pod spec: containers: - name: mycontainer image: redis env: - name: SECRET_USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: SECRET_PASSWORD valueFrom: secretKeyRef: name: mysecret key: password restartPolicy: Never
$ kubectl get secrets NAME TYPE DATA AGE db-user-pass Opaque 2 51s $ kubectl describe secrets/db-user-pass Name: db-user-pass Namespace: default Labels: Annotations: Type: Opaque Data ==== password: 12 bytes username: 5 bytes
手動創建 SECRET
您也可以先以 json 或 yaml 格式在文件中創建一個 secret 對象,然后創建該對象。
每一項必須是 base64 編碼:
$ echo -n "admin" | base64 YWRtaW4= $ echo -n "1f2d1e2e67df" | base64 MWYyZDFlMmU2N2Rm
apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: username: YWRtaW4= password: MWYyZDFlMmU2N2Rm