secret可选参数
generic: 通用型,通常用于存储密码数据
tls: 此类型仅用于存储私钥和证书
docker-register: 若要保存docker仓库认证信息,就必须使用此种类型来创建
secret类型
Service Account: 用于被service Account引用
0paque: base64 编码格式的seret,用来存储密码、秘钥。可以通过base64 --decode解码
kubernetes.io/dockerconfig.json: 存储私有docker registry认真信息
generic创建
kubectl create secret generic mysql-password --from-literal=password=xianchaopod**lucky66
generic创建结果
[root@k8smaster4 sc]# kubectl describe secret mysql-password
Name: mysql-password
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 20 bytes
引用secret的Pod
[root@k8smaster4 sc]# cat pod-secret.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-secret
labels:
environment: secret-test
app: myapp
spec:
containers:
- name: secret-test
image: docker.io/janakiramm/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-password
key: password
