一、Secret
- Secret 用于保存机密数据的对象。一般由于保存密码、令牌或密钥等。
data字段用来存储 base64 编码数据。stringData存储未编码的字符串。
- Secret 意味着你不需要在应用程序代码中包含机密数据,减少机密数据(如密码)泄露的风险。
- Secret 可以用作环境变量、命令行参数或者存储卷文件。
二、创建secrets资源
1.创建工作目录
2.尝试使用base64进行编码
3.声明式创建secrets资源
apiVersion: v1
kind: Secret
metadata:
name: s1
type: Opaque
data:
k8s: b3NsZWUK
oslee: b3NsZWUK
4.响应式创建secret
三、pod引用secret资源
1.pod资源env环境变量引用
apiVersion: v1
kind: Pod
metadata:
name: m13
spec:
containers:
- image: nginx:1.20.1-alpine
name: nginx
env:
- name: secret-env01
valueFrom:
secretKeyRef:
name: s1
key: oslee
- name: secret-env02
valueFrom:
secretKeyRef:
name: secret-02
key: class
2.pod资源volume存储卷引用secret资源
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-01
spec:
containers:
- name: c1
image: nginx:1.20.1-alpine
env:
- name: k8s
valueFrom:
secretKeyRef:
name: s1
key: k8s
---
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-02
spec:
volumes:
- name: vol-secret
secret:
secretName: s1
containers:
- name: c2
image: nginx:1.24.0-alpine
volumeMounts:
- name: vol-secret
mountPath: /secret/
3.pod资源清单指定key引用secret
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-03
spec:
volumes:
- name: vol-secret
secret:
secretName: s1
items:
- key: k8s
path: oslee.path
containers:
- name: c2
image: nginx:1.24.0-alpine
volumeMounts:
- name: vol-secret
mountPath: /secret/oslee.path
subPath: oslee.path
四、secret类型之-私有镜像仓库使用
1.harbor创建私有仓库
2.推送镜像到私有仓库
3.响应式创建拉取镜像的secret资源
4.创建pod引用拉取镜像的secret资源
[root@k8s1 secrets]
apiVersion: v1
kind: Pod
metadata:
name: pod-harbor-01
spec:
imagePullSecrets:
- name: oslee-harbor
containers:
- name: c3
image: harbor.oslee.com/oslee-private/nginx:1.20.1-alpine
5.声明式创建docker registry类型的secret资源
5.1.【-o yaml】模仿系统声明式的写法
5.2.base64解码查看内容
5.3根据上述信息,自己编辑secret声明式资源清单
[root@k8s1 secrets]
apiVersion: v1
kind: Secret
metadata:
name: oslee-harbor02
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iub3NsZWUuY29tIjp7InVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6ImhhcmJvcjEyMyIsImVtYWlsIjoib3NsZWVAcXEuY29tIiwiYXV0aCI6IllXUnRhVzQ2YUdGeVltOXlNVEl6In19fQ==
