K8SSecret

#通过明文创建Secret[root@k8s-master-01 ~]# kubectl create secret generic mysecret --from-literal=myuser=tom --from-literal=mypass=secretTestsecret/mysecret created[root@k8s-master-01 ~]# kubectl get secretNAME TYPE DATA AGEdefault-token-kxfs4 kubernetes.io/service-account-token 3 23hmysecret Opaque 2 7s[root@k8s-master-01 ~]# kubectl get secret mysecret -o yamlapiVersion: v1data: mypass: c2VjcmV0VGVzdA== myuser: dG9tkind: Secretmetadata: creationTimestamp: "2022-02-12T03:51:24Z" name: mysecret namespace: app01 resourceVersion: "142857" uid: e74a923c-c706-42bb-bba2-678f70144546type: Opaque#通过base64解码成明文密码。[root@k8s-master-01 ~]# echo c2VjcmV0VGVzdA== | base64 -dsecretTest#直接通过jsonpath获取。{.data.mypass}中.表示根，从根向下逐级寻找[root@k8s-master-01 ~]# kubectl get secret mysecret -o jsonpath='{.data.mypass}' | base64 -dsecretTest#通过文件明文创建secret[root@k8s-master-01 ~]# kubectl create secret generic mysecret3 --from-file=/etc/hosts --from-file=/etc/resolv.confsecret/mysecret3 created[root@k8s-master-01 ~]# kubectl get secret mysecret3 -o yamlapiVersion: v1data: hosts: MTI3LjAuMC4xICAgbG9jYWxob3N0IGxvY2FsaG9zdC5sb2NhbGRvbWFpbiBsb2NhbGhvc3Q0IGxvY2FsaG9zdDQubG9jYWxkb21haW40Cjo6MSAgICAgICAgIGxvY2FsaG9zdCBsb2NhbGhvc3QubG9jYWxkb21haW4gbG9jYWxob3N0NiBsb2NhbGhvc3Q2LmxvY2FsZG9tYWluNgoxOTIuMTY4LjcxLjEzMyAgazhzLW1hc3Rlci0wMQoxOTIuMTY4LjcxLjEzNCAgazhzLW5vZGUtMDEKMTkyLjE2OC43MS4xMzUgIGs4cy1ub2RlLTAyCgo= resolv.conf: IyBHZW5lcmF0ZWQgYnkgTmV0d29ya01hbmFnZXIKbmFtZXNlcnZlciAxMTQuMTE0LjExNC4xMTQKkind: Secretmetadata: creationTimestamp: "2022-02-12T04:08:28Z" name: mysecret3 namespace: app01 resourceVersion: "144187" uid: 3bd9ff38-a97c-4060-a5ae-96a5241667fbtype: Opaque[root@k8s-master-01 ~]# kubectl get secret mysecret3 -o jsonpath='{.data.hosts}' | base64 -d127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.71.133 k8s-master-01192.168.71.134 k8s-node-01192.168.71.135 k8s-node-02#变量方式引用secret[root@k8s-master-01 k8s]# kubectl run dbpod --image=mysql --image-pull-policy=IfNotPresent --dry-run -o yaml > dbSecretTest.yaml##修改dbSecretTset.yaml如下apiVersion: v1kind: Podmetadata: creationTimestamp: null labels: run: dbpod name: dbpodspec: containers: - image: mysql imagePullPolicy: IfNotPresent name: dbpod resources: {} env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysecret #引用之前创建过的secret key: mypass #之前创建过的secret的key mypass dnsPolicy: ClusterFirst restartPolicy: Alwaysstatus: {}[root@k8s-master-01 k8s]# kubectl get pods -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESdbpod 1/1 Running 0 90s 10.244.1.23 k8s-node-01