{"id":9164,"date":"2023-01-18T19:33:29","date_gmt":"2023-01-18T11:33:29","guid":{"rendered":"http:\/\/123.57.164.21\/?p=9164"},"modified":"2023-01-18T19:33:29","modified_gmt":"2023-01-18T11:33:29","slug":"kubernetesk8s-secret%e8%af%a6%e8%a7%a3","status":"publish","type":"post","link":"https:\/\/92it.top\/?p=9164","title":{"rendered":"kubernetes(k8s) &#8211; Secret\u8be6\u89e3"},"content":{"rendered":"\n<p><strong>1. \u7406\u89e3Secret<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p>Secret\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u7684\u65b9\u5f0f\u662f\u4ee5\u952e\u503c\u65b9\u5f0f\u5b58\u50a8\u6570\u636e\uff0c\u5728Pod\u8d44\u6e90\u8fdb\u884c\u8c03\u7528Secret\u7684\u65b9\u5f0f\u662f<code>\u901a\u8fc7\u73af\u5883\u53d8\u91cf\u6216\u8005\u5b58\u50a8\u5377\u7684\u65b9\u5f0f\u8fdb\u884c\u8bbf\u95ee\u6570\u636e<\/code>\uff0c\u89e3\u51b3\u4e86\u5bc6\u7801\u3001token\u3001\u5bc6\u94a5\u7b49\u654f\u611f\u6570\u636e\u7684\u914d\u7f6e\u95ee\u9898\uff0c\u800c\u4e0d\u9700\u8981\u628a\u8fd9\u4e9b\u654f\u611f\u6570\u636e\u66b4\u9732\u5230\u955c\u50cf\u6216\u8005Pod Spec\u4e2d\u3002<\/p>\n\n\n\n<p>\u53e6\u5916\uff0cSecret\u5bf9\u8c61\u7684\u6570\u636e\u5b58\u50a8\u548c\u6253\u5370\u683c\u5f0f\u4e3aBase64\u7f16\u7801\u7684\u5b57\u7b26\u4e32\uff0c\u56e0\u6b64\u7528\u6237\u5728\u521b\u5efaSecret\u5bf9\u8c61\u65f6\uff0c\u4e5f\u9700\u8981\u63d0\u4f9b\u8be5\u7c7b\u578b\u7684\u7f16\u7801\u683c\u5f0f\u7684\u6570\u636e\u3002<code>\u5728\u5bb9\u5668\u4e2d\u4ee5\u73af\u5883\u53d8\u91cf\u6216\u5b58\u50a8\u5377\u7684\u65b9\u5f0f\u8bbf\u95ee\u65f6\uff0c\u4f1a\u81ea\u52a8\u89e3\u7801\u4e3a\u660e\u6587\u683c\u5f0f<\/code>\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0c\u5982\u679c\u662f\u5728Master\u8282\u70b9\u4e0a\uff0cSecret\u5bf9\u8c61\u4ee5\u975e\u52a0\u5bc6\u7684\u683c\u5f0f\u5b58\u50a8\u5728etcd\u4e2d\uff0c\u6240\u4ee5\u9700\u8981\u5bf9etcd\u7684\u7ba1\u7406\u548c\u6743\u9650\u8fdb\u884c\u4e25\u683c\u63a7\u5236\u3002<\/p>\n\n\n\n<p>\u8981\u4f7f\u7528 Secret\uff0cPod \u9700\u8981\u5f15\u7528 Secret\u3002 Pod \u53ef\u4ee5\u7528\u4e09\u79cd\u65b9\u5f0f\u4e4b\u4e00\u6765\u4f7f\u7528 Secret\uff1a<\/p>\n\n\n\n<ul><li>\u4f5c\u4e3a\u6302\u8f7d\u5230\u4e00\u4e2a\u6216\u591a\u4e2a\u5bb9\u5668\u4e0a\u7684 \u5377 \u4e2d\u7684\u6587\u4ef6\u3002<br><\/li><li>\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf<br><\/li><li>\u7531 kubelet \u5728\u4e3a Pod \u62c9\u53d6\u955c\u50cf\u65f6\u4f7f\u7528<br><\/li><\/ul>\n\n\n\n<p>Secret \u5bf9\u8c61\u7684\u540d\u79f0\u5fc5\u987b\u662f\u5408\u6cd5\u7684 DNS \u5b50\u57df\u540d\u3002 \u5728\u4e3a\u521b\u5efa Secret \u7f16\u5199\u914d\u7f6e\u6587\u4ef6\u65f6\uff0c\u4f60\u53ef\u4ee5\u8bbe\u7f6e data \u4e0e\/\u6216 stringData \u5b57\u6bb5\u3002 data \u548c stringData \u5b57\u6bb5\u90fd\u662f\u53ef\u9009\u7684\u3002data \u5b57\u6bb5\u4e2d\u6240\u6709\u952e\u503c\u90fd\u5fc5\u987b\u662f base64 \u7f16\u7801\u7684\u5b57\u7b26\u4e32\u3002\u5982\u679c\u4e0d\u5e0c\u671b\u6267\u884c\u8fd9\u79cd base64 \u5b57\u7b26\u4e32\u7684\u8f6c\u6362\u64cd\u4f5c\uff0c\u4f60\u53ef\u4ee5\u9009\u62e9\u8bbe\u7f6e stringData \u5b57\u6bb5\uff0c\u5176\u4e2d\u53ef\u4ee5\u4f7f\u7528\u4efb\u4f55\u5b57\u7b26\u4e32\u4f5c\u4e3a\u5176\u53d6\u503c\u3002<\/p>\n\n\n\n<p><strong>2. Secret \u7684\u7c7b\u578b<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p>\u5728\u521b\u5efa Secret \u5bf9\u8c61\u65f6\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 Secret \u8d44\u6e90\u7684 type \u5b57\u6bb5\uff0c\u6216\u8005\u4e0e\u5176\u7b49\u4ef7\u7684 kubectl \u547d\u4ee4\u884c\u53c2\u6570\uff08\u5982\u679c\u6709\u7684\u8bdd\uff09\u4e3a\u5176\u8bbe\u7f6e\u7c7b\u578b\u3002 Secret \u7684\u7c7b\u578b\u7528\u6765\u5e2e\u52a9\u7f16\u5199\u7a0b\u5e8f\u5904\u7406 Secret \u6570\u636e\u3002<\/p>\n\n\n\n<p>Kubernetes \u63d0\u4f9b\u82e5\u5e72\u79cd\u5185\u7f6e\u7684\u7c7b\u578b\uff0c\u7528\u4e8e\u4e00\u4e9b\u5e38\u89c1\u7684\u4f7f\u7528\u573a\u666f\u3002 \u9488\u5bf9\u8fd9\u4e9b\u7c7b\u578b\uff0cKubernetes \u6240\u6267\u884c\u7684\u5408\u6cd5\u6027\u68c0\u67e5\u64cd\u4f5c\u4ee5\u53ca\u5bf9\u5176\u6240\u5b9e\u65bd\u7684\u9650\u5236\u5404\u4e0d\u76f8\u540c\u3002<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/123.57.164.21\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-1024x745.png\" alt=\"\" class=\"wp-image-9165\" width=\"560\" height=\"407\" srcset=\"https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-1024x745.png 1024w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-300x218.png 300w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-768x559.png 768w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-830x604.png 830w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-550x400.png 550w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-230x167.png 230w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-350x255.png 350w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12-480x349.png 480w, https:\/\/92it.top\/wp-content\/uploads\/2023\/01\/\u56fe\u7247-12.png 1410w\" sizes=\"(max-width: 560px) 100vw, 560px\" \/><\/figure><\/div>\n\n\n\n<p>\u901a\u8fc7\u4e3a Secret \u5bf9\u8c61\u7684 type \u5b57\u6bb5\u8bbe\u7f6e\u4e00\u4e2a\u975e\u7a7a\u7684\u5b57\u7b26\u4e32\u503c\uff0c\u4f60\u4e5f\u53ef\u4ee5\u5b9a\u4e49\u5e76\u4f7f\u7528\u81ea\u5df1 Secret \u7c7b\u578b\u3002\u5982\u679c type \u503c\u4e3a\u7a7a\u5b57\u7b26\u4e32\uff0c\u5219\u88ab\u89c6\u4e3a Opaque \u7c7b\u578b\u3002 Kubernetes \u5e76\u4e0d\u5bf9\u7c7b\u578b\u7684\u540d\u79f0\u4f5c\u4efb\u4f55\u9650\u5236\u3002\u4e0d\u8fc7\uff0c\u5982\u679c\u4f60\u8981\u4f7f\u7528\u5185\u7f6e\u7c7b\u578b\u4e4b\u4e00\uff0c \u5219\u4f60\u5fc5\u987b\u6ee1\u8db3\u4e3a\u8be5\u7c7b\u578b\u6240\u5b9a\u4e49\u7684\u6240\u6709\u8981\u6c42\u3002<\/p>\n\n\n\n<p><strong>3. Service Account<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p>Kubernetes \u5728\u521b\u5efa Pod \u65f6\u4f1a\u81ea\u52a8\u521b\u5efa\u4e00\u4e2a\u670d\u52a1\u8d26\u53f7 Secret \u5e76\u81ea\u52a8\u4fee\u6539\u4f60\u7684 Pod \u4ee5\u4f7f\u7528\u8be5 Secret\u3002\u8be5\u670d\u52a1\u8d26\u53f7\u4ee4\u724c Secret \u4e2d\u5305\u542b\u4e86\u8bbf\u95ee Kubernetes API \u6240\u9700\u8981\u7684\u51ed\u636e\u3002<\/p>\n\n\n\n<p>Service Account \u7528\u6765\u8bbf\u95eekubernetes API\uff0c\u7531Kubernetes\u81ea\u52a8\u521b\u5efa\uff0c\u5e76\u4e14\u4f1a\u81ea\u52a8\u6302\u8f7d\u5230Pod\u7684\/run\/secrets\/<a href=\"https:\/\/link.zhihu.com\/?target=http%3A\/\/kubernetes.io\/serviceaccount\" target=\"_blank\" rel=\"noreferrer noopener\">http:\/\/kubernetes.io\/serviceaccount<\/a>\u76ee\u5f55\u4e2d\u3002<\/p>\n\n\n\n<p>Service Account \u4e0d\u9700\u8981\u6211\u4eec\u81ea\u5df1\u53bb\u7ba1\u7406\u7684\uff0c\u6b64\u8bc1\u4e66\u662f\u7531kubernetes\u81ea\u5df1\u6765\u8fdb\u884c\u7ef4\u62a4\u7ba1\u7406\u7684\u3002<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u521b\u5efapod\nkubectl run my-nginx --image=nginx:1.20.0\n\n# \u67e5\u770b\u8bc1\u4e66\nkubctl exec -it podName -- bash\n\n# \u8fdb\u5165\u8bc1\u4e66\u76ee\u5f55\/run\/secrets\/kubernetes.io\/serviceaccount\u67e5\u770b\u5373\u53ef\nca.crt\nnamespace\ntoken\n\n# \u67e5\u770b\u8bc1\u4e66\n# root@my-nginx:\/run\/secrets\/kubernetes.io\/serviceaccount# cat ca.crt \n-----BEGIN CERTIFICATE-----\nMIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl\ncm5ldGVzMB4XDTIxMDUxNzA3MTgyMloXDTMxMDUxNTA3MTgyMlowFTETMBEGA1UE\nAxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIB\neVgGvrAomjLyj4fgasSoJQoZnhpZj75wKDOg7gYFKmGb9oLX5qIj33jqmrK4bUI5\nsymIPTJTrNZ7FsVmeC66JiE50niMpxuD01pDJARTfc0cMgkFWDq7JsVptA7MNILT\n81keKB7eOZY0Cx7c\/O+9w6f6UrvpHTMgNvE6wG3StFw2YJFPhDC6ZqwduISzBIsK\nwbTrwp6jBHPTxsQEmEuHuoe0Hz+sjov5wXFpw7QB5V+P980tVvgK1GGX9wPxMytJ\nofv3vwbvHD\/DrotA6HNwdYELIEgFULXPGuO\/HL4z7C2MJxqVW7UdirCdnBDtI6HB\nm55toVZJtmHj7kCpkzMCAwEAAaNCMEAwDgYDVR0PAQH\/BAQDAgKkMA8GA1UdEwEB\n\/wQFMAMBAf8wHQYDVR0OBBYEFIaXFp8Y2aneT8Wk59gysMNJxmOhMA0GCSqGSIb3\nDQEBCwUAA4IBAQCuPXfqD25NJagNOoEPjXyTfWGCHHBJSqSknnz3B\/KaJu7hzIwD\nG5c5zLQwDc\/chHNjaRRZWcvOpfQfmqdhRg0EdDIa\/B4cVmGa9eUs7f2XwlZuu6aw\n5VOoTRZ6h\/a9L4RQLxSSWTl2\/AR4YeiBiU1tjfrc+gmZTObptmNLyuDfU7A4BG7U\n1N8AddG4dojH2a7xbAnIKbTjTXRtLsI5aC0BPWHazwwG5NOreCauD+yVnQlw\/dcw\nC74QaamuFeWr\/K2W0pq0qcjH471xuKhOUnY02HkN7P1zOL2uIZQ613yBYNksmPZB\n9AQJ9VZlD6szo0XoniWcSD0Z2J90pbFCJCUd\n-----END CERTIFICATE-----\n\n# \u67e5\u770b\u547d\u540d\u7a7a\u95f4\nroot@my-nginx:\/run\/secrets\/kubernetes.io\/serviceaccount# cat namespace \ndefault\n\n# \u67e5\u770btoken\n# root@my-nginx:\/run\/secrets\/kubernetes.io\/serviceaccount# cat token \neyJhbGciOiJSUzI1NiIsImtpZCI6ImIyMVg2OTBtZm1jUVNWM2ZGMUI0QkQ2MzJVS0EyOER2N3NuZFpha3pRMDgifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjU0MzM0NzE4LCJpYXQiOjE2MjI3OTg3MTgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJteS1uZ2lueCIsInVpZCI6IjEyNzI5NWFjLWIzN2EtNDc5Zi1hMzYwLWEzNDg4ODA0NDgxZCJ9LCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoiZGVmYXVsdCIsInVpZCI6IjE5Y2ZkZmM2LThlZGMtNDNjYy05YjUxLTJlNDUzZjMwNTRhZSJ9LCJ3YXJuYWZ0ZXIiOjE2MjI4MDIzMjV9LCJuYmYiOjE2MjI3OTg3MTgsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.i-VcnUBSBGm6FlukqjgcWe50nBQNGgERoKjWhkPod5rTAIswJ9EGyUcADt-vYewT4CYb8R4SVRY53kfk2mPnaH54_b9BbHD5jixA99YxYcDc7N99UE_ySyJj13zHlPNRFgoagBKmwr2b2nXNtw5PEAKqI_lHbDI2oQfUHY_yTqUM9si6HMqGJJ7W2non44OzGnB33RAV--ZzJkr6oZBkgMesPYAwsJa4FMoCOIB8OtczQ3Yvtr7IxvMGoeSRbjcjN5A_v4p8-GpjlkbbXfMME9B04iFeZmhERQpkf6CwtnXgEtNwktYJATQ9jOE9lXLwYd4WpBr7zspmU67yuVtuqQ<\/pre>\n\n\n\n<p><strong>4. Opaque Secret<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><strong>4.1 \u521b\u5efa\u793a\u4f8b<\/strong><\/p>\n\n\n\n<p>\u5f53 Secret \u914d\u7f6e\u6587\u4ef6\u4e2d\u672a\u4f5c\u663e\u5f0f\u8bbe\u5b9a\u65f6\uff0c\u9ed8\u8ba4\u7684 Secret \u7c7b\u578b\u662f Opaque\u3002 \u5f53\u4f60\u4f7f\u7528 kubectl \u6765\u521b\u5efa\u4e00\u4e2a Secret \u65f6\uff0c\u4f60\u4f1a\u4f7f\u7528 generic \u5b50\u547d\u4ee4\u6765\u6807\u660e \u8981\u521b\u5efa\u7684\u662f\u4e00\u4e2a Opaque \u7c7b\u578b Secret\u3002<\/p>\n\n\n\n<p>Opaque\u7c7b\u578b\u7684\u6570\u636e\u4e00\u4e2amap\u7c7b\u578b\uff0c\u8981\u6c42value\u662fbase64\u7f16\u7801\u683c\u5f0f<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># base64\u5bf9\u7528\u6237\u540d\uff0c\u5bc6\u7801\u52a0\u5bc6\u6548\u679c\u6f14\u793a\n# [root@k8s-master configmap]# echo \"superadmin\" | base64\nc3VwZXJhZG1pbgo=\n\n# [root@k8s-master configmap]# echo \"passpppp\" | base64\ncGFzc3BwcHAK<\/pre>\n\n\n\n<p>\u591a\u6b21\u52a0\u5bc6\u7ed3\u679c\u90fd\u662f\u4e00\u6837\u7684\uff0c\u7834\u89e3\u5f88\u5bb9\u6613<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># secre-test.yaml\u914d\u7f6e\u6587\u4ef6\u65b9\u5f0f\napiVersion: v1\nkind: Secret\nmetadata:\n  name: mysecret\ntype: Opaque\ndata:\n username: c3VwZXJhZG1pbgo=   # \u4e0a\u9762\u6f14\u793a\u7528\u6237\u540d\u52a0\u5bc6\u7ed3\u679c\n password: cGFzc3BwcHAK       # \u5bc6\u7801\u52a0\u5bc6\u7ed3\u679c\n# [root@k8s-master configmap]# kubectl apply -f secret-test.yaml\nsecret\/mysecret created\n\n# [root@k8s-master configmap]# kubectl get secret\nNAME                  TYPE                                  DATA   AGE\ndefault-token-cgxwv   kubernetes.io\/service-account-token   3      18d\nmysecret              Opaque                                2      13s  # \u81ea\u5b9a\u4e49\u7684secret\u7c7b\u578b\u4e3aOpaque\ntls-secret            kubernetes.io\/tls                     2      8d<\/pre>\n\n\n\n<p><strong>4.2 \u4f7f\u7528\u65b9\u5f0f\u4e00\uff1a\u4f5c\u4e3a\u6302\u8f7d\u5230\u4e00\u4e2a\u6216\u591a\u4e2a\u5bb9\u5668\u4e0a\u7684 \u5377 \u4e2d\u7684\u6587\u4ef6<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u5c06secret\u6302\u8f7d\u5230volume\u4e2d\n# secret-in-volume.yaml\napiVersion: v1\nkind: Pod\nmetadata:\n name: secret-test\n labels:\n   name: secret-test\nspec:\n  containers:\n  - name: nginx-secret-volume\n    image: nginx:1.20.0\n    imagePullPolicy: IfNotPresent\n    volumeMounts:\n    - name: myvolsecrets\n      mountPath: \"\/etc\/secrets\" # \u5bb9\u5668\u6302\u8f7d\u6570\u636e\u5377\uff0c\u6302\u8f7d\u5230\/etc\/secrets\u76ee\u5f55\u4e0b\n      readOnly: true\n  volumes: # \u5f15\u5165\u4e00\u4e2a\u6570\u636e\u5377\n  - name: myvolsecrets\n    secret: # \u6302\u8f7d\u6307\u5b9a\u7684secret\n      secretName: mysecret\n# [root@k8s-master configmap]# kubectl apply -f secret-in-volume.yaml\npod\/secret-test created\n\n# [root@k8s-master configmap]# kubectl get pods \nNAME          READY   STATUS    RESTARTS   AGE\nsecret-test   1\/1     Running   0          3m1s\n\n# \u8fdb\u5165\u5bb9\u5668\n[root@k8s-master configmap]# kubectl exec -it secret-test -n default -- bash\n\n# \u5207\u6362\u8def\u5f84\n# root@secret-test:\/# cd \/etc\/secrets\/\n\n# \u67e5\u770b\u6302\u8f7d\u6587\u4ef6\n# root@secret-test:\/etc\/secrets# ls\npassword  username\n\n# \u67e5\u770b\u6587\u4ef6\u5185\u5bb9--\u6587\u4ef6\u5185\u5bb9\u5df2\u81ea\u52a8\u89e3\u6790\u4e3a\u660e\u6587\n# root@secret-test:\/etc\/secrets# cat password username\npasspppp\nsuperadmin<\/pre>\n\n\n\n<p><strong>4.3 \u4f7f\u7528\u65b9\u5f0f\u4e8c\uff1a\u4f5c\u4e3a\u5bb9\u5668\u7684\u73af\u5883\u53d8\u91cf<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \u5c06secret\u5bfc\u51fa\u5230\u73af\u5883\u53d8\u91cf\u4e2d\n# vim secret-to-env.yaml\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: secret-to-envdeployment\nspec:\n  replicas: 2\n  selector:\n    matchLabels:\n      app: pod-secret-to-env\n  template:\n    metadata:\n      labels:\n        app: pod-secret-to-env\n    spec:\n      containers:\n      - name: secret-to-envdeployment\n        image: nginx:1.20.0\n        imagePullPolicy: IfNotPresent\n        ports:\n        - containerPort: 80\n        env: # \u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\n        - name: TEST_USER\n          valueFrom:\n            secretKeyRef: # \u6838\u5fc3\u5728\u8fd9\u91cc secretKeyRef\n              name: mysecret   # secret\u540d\u79f0\n              key: username    # key\u7684\u540d\u79f0\n        - name: TEST_PASSWORD\n          valueFrom:\n            secretKeyRef:\n              name: mysecret\n              key: password\n# [root@k8s-master configmap]# kubectl apply -f secret-to-env.yaml\ndeployment.apps\/secret-to-envdeployment created\n\n# [root@k8s-master configmap]# kubectl get pods \nNAME                                       READY   STATUS    RESTARTS   AGE\nsecret-to-envdeployment-67b9584f69-tmlzf   1\/1     Running   0          9s\n\n# \u8fdb\u5165\u5bb9\u5668\n# [root@k8s-master configmap]# kubectl exec -it  pod\/secret-to-envdeployment-67b9584f69-tmlzf -n default -- bash\n\n# \u6253\u5370\u73af\u5883\u53d8\u91cf\n# root@secret-to-envdeployment-67b9584f69-tmlzf:\/# echo ${TEST_USER}\nsuperadmin\n# root@secret-to-envdeployment-67b9584f69-tmlzf:\/# echo ${TEST_PASSWORD}\npasspppp<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>1. \u7406\u89e3Secret Secret\u5bf9\u8c61\u5b58\u50a8\u6570\u636e\u7684\u65b9\u5f0f\u662f\u4ee5\u952e\u503c\u65b9\u5f0f\u5b58\u50a8\u6570\u636e\uff0c\u5728Pod\u8d44\u6e90\u8fdb\u884c\u8c03\u7528Secret\u7684 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"_links":{"self":[{"href":"https:\/\/92it.top\/index.php?rest_route=\/wp\/v2\/posts\/9164"}],"collection":[{"href":"https:\/\/92it.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/92it.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/92it.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/92it.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9164"}],"version-history":[{"count":1,"href":"https:\/\/92it.top\/index.php?rest_route=\/wp\/v2\/posts\/9164\/revisions"}],"predecessor-version":[{"id":9166,"href":"https:\/\/92it.top\/index.php?rest_route=\/wp\/v2\/posts\/9164\/revisions\/9166"}],"wp:attachment":[{"href":"https:\/\/92it.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/92it.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/92it.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}