从 redis 容器获取变量的访问权限
Get access to variables from the redis container
我使用以下命令创建秘密 redis-secret。
kubectl create secret generic redis-secret --from-literal=password=0123456
之后,我创建 pod secrets-via-file,使用 redis 映像,挂载秘密名称 redis-secret 在 /secrets.
kubectl run secret-via-file --image=redis --dry-run=client -o yaml > pod.yaml
我编辑了创建 pod.yaml 文件。
apiVersion: v1
kind: Pod
metadata:
labels:
run: secret-via-file
name: secret-via-file
spec:
containers:
- image: redis
name: secret-via-file
volumeMounts:
- name: redis-secret
mountPath: /secrets
volumes:
- name: redis-secret
secret:
secretName: redis-secret
我创建了第二个 pod 名称 secret-via-env,使用 redis 图像,导出 password 作为 密码.
kubectl run secret-via-env --image=redis --dry-run=client -o yaml > pod2.yaml
我编辑了 pod2.yaml 文件。
apiVersion: v1
kind: Pod
metadata:
labels:
run: secrets-via-env
name: secrets-via-env
spec:
containers:
- image: redis
name: secrets-via-env
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
我使用以下命令连接到 pod secrets-via-env。
kubectl exec -it secret-via-file -- redis-cli
我尝试验证密钥是否已安装到 pods。在第二个 pod 中,我想使用变量 PASSWORD 来检索分配的值 (0123456)。我使用了下面的命令,但它不起作用。
SECRET GET PASSWORD
尝试如下。我看到密码密码在 pod
中被列为 env
# create secret
kubectl create secret generic redis-secret --from-literal=password=0123456
# create pod
apiVersion: v1
kind: Pod
metadata:
labels:
run: secrets-via-env
name: secrets-via-env
spec:
containers:
- image: redis
name: secrets-via-env
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
# check PASSWORD secret
master $ kubectl exec -it secrets-via-env sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
# echo $PASSWORD
0123456
# from first pod
---
apiVersion: v1
kind: Pod
metadata:
labels:
run: secret-via-file
name: secret-via-file
spec:
containers:
- image: redis
name: secret-via-file
volumeMounts:
- name: redis-secret
mountPath: /secrets
volumes:
- name: redis-secret
secret:
secretName: redis-secret
controlplane $ kubectl exec -it secret-via-file sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
# ls -l /secrets
total 0
lrwxrwxrwx 1 root root 15 Jul 22 09:45 password -> ..data/password
# cat /secrets/password
0123456#
我使用以下命令创建秘密 redis-secret。
kubectl create secret generic redis-secret --from-literal=password=0123456
之后,我创建 pod secrets-via-file,使用 redis 映像,挂载秘密名称 redis-secret 在 /secrets.
kubectl run secret-via-file --image=redis --dry-run=client -o yaml > pod.yaml
我编辑了创建 pod.yaml 文件。
apiVersion: v1
kind: Pod
metadata:
labels:
run: secret-via-file
name: secret-via-file
spec:
containers:
- image: redis
name: secret-via-file
volumeMounts:
- name: redis-secret
mountPath: /secrets
volumes:
- name: redis-secret
secret:
secretName: redis-secret
我创建了第二个 pod 名称 secret-via-env,使用 redis 图像,导出 password 作为 密码.
kubectl run secret-via-env --image=redis --dry-run=client -o yaml > pod2.yaml
我编辑了 pod2.yaml 文件。
apiVersion: v1
kind: Pod
metadata:
labels:
run: secrets-via-env
name: secrets-via-env
spec:
containers:
- image: redis
name: secrets-via-env
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
我使用以下命令连接到 pod secrets-via-env。
kubectl exec -it secret-via-file -- redis-cli
我尝试验证密钥是否已安装到 pods。在第二个 pod 中,我想使用变量 PASSWORD 来检索分配的值 (0123456)。我使用了下面的命令,但它不起作用。
SECRET GET PASSWORD
尝试如下。我看到密码密码在 pod
中被列为 env# create secret
kubectl create secret generic redis-secret --from-literal=password=0123456
# create pod
apiVersion: v1
kind: Pod
metadata:
labels:
run: secrets-via-env
name: secrets-via-env
spec:
containers:
- image: redis
name: secrets-via-env
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
# check PASSWORD secret
master $ kubectl exec -it secrets-via-env sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
# echo $PASSWORD
0123456
# from first pod
---
apiVersion: v1
kind: Pod
metadata:
labels:
run: secret-via-file
name: secret-via-file
spec:
containers:
- image: redis
name: secret-via-file
volumeMounts:
- name: redis-secret
mountPath: /secrets
volumes:
- name: redis-secret
secret:
secretName: redis-secret
controlplane $ kubectl exec -it secret-via-file sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
# ls -l /secrets
total 0
lrwxrwxrwx 1 root root 15 Jul 22 09:45 password -> ..data/password
# cat /secrets/password
0123456#