Some sensitive information may be required during the application startup process, such as username, password or secret key to access the database. It is obviously inappropriate to store this information directly in the container image. The solution provided by Kubernetes is Secret.
Secret will store data in ciphertext, avoiding storing sensitive information directly in the configuration file. The Secret will be mounted to the Pod in the form of a Volume, and the container can use the sensitive data in the Secret in the form of files; in addition, the container can also use the data in the form of environment variables.
Secrets can be created from the command line or YAML. For example, you want the Secret to contain the following information:
-
username
admin
-
password
123456
Create Secret
There are four ways to create a Secret:
1. By --from-literal
:
kubectl create secret generic mysecret --from-literal=username=admin --from-literal=password=123456
Each --from-literal
corresponds to an information item.
2. By --from-file
:
echo -n admin > ./username echo -n 123456 > ./password kubectl create secret generic mysecret --from-file=./username --from-file=./password
Each file content corresponds to an information entry.
3. By --from-env-file
:
cat << EOF > env.txt username=admin password=123456 EOF kubectl create secret generic mysecret --from-env-file=env.txt
env.txt
Each line of Key=Value in the file corresponds to an information item.
4. Via the YAML configuration file:
Sensitive data in the file must be base64 encoded.
Execute to kubectl apply
create Secret:
In the next section we learn how to use these created Secrets.
books:
1. "Play Kubernetes for 5 minutes a day"
https://item.jd.com/26225745440.html
2. "Fun with Docker container technology for 5 minutes a day"
https://item.jd.com/16936307278.html
3. "Fun with OpenStack for 5 minutes a day"
https://item.jd.com/12086376.html