Secret

目录

• Overview
• Yaml
• Pod Example
• 测试

Overview

• Store encrypted/encoded environments information in k8s.
• echo -n xxx|base64 to generate base64 string.
• both data / stringData
  • stringData is plaintext.
  • data is encoded text using base64.
• Use command kubectl get secret xxx -n matt -o yaml to see the key/value pair(encoded or plaintext). This is why Secret is not secret.
• Not matt using data or stringData, we can get plaintext of the environtment value in container.

Yaml

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: matt
type: Opaque
# echo -n admin|base64
#data:
#  NAME: YWRtaW4=
#  PWD: MTIz
stringData:
  NAME: admin
  PWD: "123"

Pod Example

apiVersion: v1
kind: Pod
metadata:
  name: my-pod-2
  namespace: matt
spec:
  containers:
    - name: my-pod-2
      image: busybox
      imagePullPolicy: IfNotPresent
      command: ["/bin/sh","-c","sleep 3600"]
      envFrom:
        - secretRef:
            name: my-secret
#        - configMapRef:
#            name: my-configMap

测试

kubectl describe secret my-secret -n matt
kubectl get secret my-secret -n matt -o yaml
kubectl exec -it my-pod-2 -n matt -- printenv