Giriş
1. volume ile Secret volume haline getirilir
2. Pod volumeMounts ile bu volume'u yükler.Örnek
Şöyle yaparız
apiVersion: v1
stringData:
file.conf: |-
username=demo
password=my_plain_password
kind: Secret
metadata:
name: my_secret
type: Opaque
---
apiVersion: v1
kind: Deployment
metadata:
name: my-deployment
spec:
containers:
...
volumeMounts:
- name: secret-file
mountPath: "path/in/the/pod/where/to/mount/the/file"
subPath: file.conf # Just the file to mount
volumes:
- name: secret-file
secret:
secretName: my_secret # same as secret's metadata nameÖrnek
Şöyle yaparız. Burada secret veri bir volume'a yükleniyor. Her Key/Value çifti ayrı bir dosya
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
data:
username: YWRtaW4=
password: MTIzNDU2
--
apiVersion: v1
kind: Pod
metadata:
name: basic-app
spec:
volumes:
- name: my-volume-for-secret
secret:
secretName: my-secret
containers:
- name: basic-app
image: nginx
volumeMounts:
- name: my-volume-for-secret
mountPath: /etc/my-secret-vol
readOnly: trueSecret veriye erişmek için şöyle yaparız
> kubectl exec basic-app -- ls /etc/my-secret-vol password username > kubectl exec basic-app — cat /etc/my-secret-vol/username admin > kubectl exec basic-app — cat /etc/my-secret-vol/password 123456
Hiç yorum yok:
Yorum Gönder