[root@master01 secret-file]# echo "cXdlcnF3ZXIxMjMxMjM=" | base64-dqwerqwer1231232.1.2、from-literal基于字面意思上的命令行中指定好key和value创建Secret
[root@master01 secret-file]# kubectl create secret generic secret-from-literal --from-literal=username=admin --from-literal=passsword=123456secret/secret-from-literal created查看
[root@master01 secret-file]# kubectl get secrets secret-from-literal -oyamlapiVersion: v1data:passsword: MTIzNDU2username: YWRtaW4=kind: Secretmetadata:creationTimestamp: "2022-04-05T23:19:02Z"name: secret-from-literalnamespace: defaultresourceVersion: "838616"uid: ebb95a99-8cbf-48fd-a651-60e12cd30110type: Opaque2.1.3、基于yaml文件创建
- 需要将data使用base64提前加密好 , 必须基于秘文创建
- 也可以使用stringData基于明文创建secret
apiVersion: v1kind: Secretmetadata:name: my-secret-from-yamlnamespace: defaulttype: Opaquedata:username: YWRtaW4=password: MWYyZDFlMmU2N2Rm创建[root@master01 secret-file]# kubectl apply -f secret-user-info.yamlsecret/my-secret-from-yaml created查看[root@master01 secret-file]# kubectl get secrets my-secret-from-yaml -o yamlapiVersion: v1data:password: MWYyZDFlMmU2N2Rmusername: YWRtaW4=kind: Secretmetadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","data":{"password":"MWYyZDFlMmU2NRm","username":"YWRW4="},"kind":"Secret","metadata":{"annotations":{},"name":"my-secret-from-yaml","namespace":"default"},"type":"Opaque"}creationTimestamp: "2022-04-05T23:28:27Z"name: my-secret-from-yamlnamespace: defaultresourceVersion: "839971"uid: eb3acb4d-edf2-4ac0-9373-e7a931a1a559type: Opaque基于明文创建使用
stringData关键字可以基于明文创建 , 因为不安全所以不推荐 。apiVersion: v1kind: Secretmetadata:name: secret-basic-authtype: kubernetes.io/basic-authstringData:username: admin#kubernetes.io/basic-auth 类型的必需字段password: t0p-Secret # kubernetes.io/basic-auth 类型的必需字段2.1.4、from-env-file用法和cm的from-env-file类似[root@master01 secret-file]# cat ./secret-env-file.txtusername=adminpassword=123456[root@master01 secret-file]# kubectl get secrets secret-from-env -oyamlapiVersion: v1data:password: MTIzNDU2username: YWRtaW4=kind: Secretmetadata:creationTimestamp: "2022-04-05T23:39:47Z"name: secret-from-envnamespace: defaultresourceVersion: "841608"uid: efaf7ad6-2ded-4544-93f8-5efabd2ca449type: Opaque2.2、实战2.2.1、配置阿里云私有仓库密钥
文章插图
给kubelet配置私有云下载Docker镜像的账号密码
# 查看帮助文档[root@master01 secret-file]# kubectl create secret docker-registry -h# 将username、password、email修改成自己的[root@master01 secret-file]# kubectl create secret docker-registry brm-alicloud-docker-secret --docker-username=xxxx --docker-password=xxx --docker-email=xxx@qq.com--docker-server=registry.cn-hangzhou.aliyuncs.com查看(data中的dockerconfigjson) 同样可以使用base64解码看到一个json串[root@master01 secret-file]# kubectl get secrets brm-alicloud-docker-secret -oyamlapiVersion: v1data:.dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5jbi1oYW5nemhvdS5hbGl5dW5jcy5jb20iOnsidXNlcm5hbWUiOiLmnLHmmIzmraYyMjMzIiwicGFzc3dvcmQiOiJxd2VyMTAxMC4uIiwiZW1haWwiOiI2NDY0NTAzMDhAcXEuY29tIiwiYXV0aCI6IjVweXg1cGlNNXEybU1qSXpNenB4ZDJWeU1UQXhNQzR1In19fQ==kind: Secretmetadata:creationTimestamp: "2022-04-06T00:04:17Z"name: brm-alicloud-docker-secretnamespace: defaultresourceVersion: "845134"uid: 6e7bd04e-621c-4da8-8649-99c0ebffcee9type: kubernetes.io/dockerconfigjson挂载 , 先搞一个模版dp[root@master01 secret-file]# kubectl create deployment alicloud-private-nginx --image=registry.cn-hangzhou.aliyuncs.com/changwu/nginx:1.7.9-nettools --dry-run=client -oyaml
经验总结扩展阅读
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 1分钟完成在线测试部署便捷收集班级同学文件的web管理系统
- 王者荣耀怎么取消健康系统?
- RHCE习题
- 红米note10怎么更新系统_系统更新教程
- 重新整理 .net core 实践篇 ———— linux上性能排查 [外篇]
- k8s 中的 ingress 使用细节
- oppo手机如何快速整理桌面 oppo怎样快速整理桌面
- 重新整理 .net core 实践篇 ———— linux上排查问题实用工具 [外篇]
- 消防报警器什么牌子好 十大消防报警系统品牌
- 第2-1-1章 FastDFS分布式文件服务背景及系统架构介绍
