创建一个secret,使用以下:
名字:super-secret
credential:bob
创建一个pod名为pod-secrets-via-file 使用redis镜像,挂载名为super-secret的 挂载路径/secrets
使用redis镜像创建第二个Pod名称Pod-secrets-via-env, 导出为 CREDENTIALS
解答:
(1).创建secret(https://kubernetes.io/docs/concepts/configuration/secret/)
kubectl create secret generic super-secret --from-literal=credential=bob
对应的yaml
apiVersion: v1 data: credential: Ym9i kind: Secret metadata: creationTimestamp: null name: super-secret
(2).创建pod-secrets-via-file (https://kubernetes.io/docs/concepts/configuration/secret/)
apiVersion: v1 kind: Pod metadata: name: pod-secrets-via-file spec: containers: - name: mypod image: redis volumeMounts: - name: foo mountPath: "/secrets" readOnly: true volumes: - name: foo secret: secretName: super-secret
(3).Pod-secrets-via-env (https://kubernetes.io/docs/concepts/configuration/secret/)
apiVersion: v1 kind: Pod metadata: name: Pod-secrets-via-env spec: containers: - name: mycontainer image: redis env: - name: CREDENTIALS valueFrom: secretKeyRef: name: super-secret key: credential