Secret将密码保存在etcd中统一管理,可通过名称引用来解耦
secret创建
1)kubectl create secret
2)mysql-secret.yaml(推荐)
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
type: Opaque
data:
mysql-user: 填入echo -n 'username' | base64生成值
mysql-pass: 填入echo -n 'password' | base64生成值发布secret
kubeapply -f mysql-secret.yaml查看发布的secret
kubectl get secret查看secret详情,已被非明文保护起来
kubectl describe secret mysql-secretsecret使用
1)通过环境变量获取的secret仅保存获取时的值
…
spec:
containers:
- image: mysql:5.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
…2)通过volume挂载时secret更改会生成到容器中(推荐)
…
volumes:
- name: mysql-volume
secret:
secretName: mysql-user
secretName: mysql-pass
…