从redis容器访问变量

zour9fqk  于 2021-06-10  发布在  Redis
关注(0)|答案(1)|浏览(352)

我使用以下命令创建secret redis secret。

kubectl create secret generic redis-secret --from-literal=password=0123456

之后,我通过文件创建pod secrets,使用redis映像,它在/secrets处挂载秘密名称redis secret。

kubectl run secret-via-file --image=redis --dry-run=client -o yaml > pod.yaml

我编辑了create pod.yaml文件。

apiVersion: v1
    kind: Pod
metadata:
  labels:
    run: secret-via-file
  name: secret-via-file
spec:
  containers:
  - image: redis
    name: secret-via-file
    volumeMounts:
    - name: redis-secret
      mountPath: /secrets
  volumes:
  - name: redis-secret
    secret:
      secretName: redis-secret

我使用redis映像通过env创建了第二个pod name secret,该映像将密码导出为password。

kubectl run secret-via-env --image=redis --dry-run=client -o yaml > pod2.yaml

我编辑了 pod2.yaml文件。 

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: secrets-via-env
  name: secrets-via-env
spec:
  containers:
  - image: redis
    name: secrets-via-env
    env:
      - name: PASSWORD
        valueFrom:
          secretKeyRef:
            name: redis-secret
            key: password

我用以下命令通过env连接到pod机密。

kubectl exec -it secret-via-file -- redis-cli

我试着验证这个秘密是不是装在吊舱里了。在第二个pod中,我想使用变量password来检索赋值(0123456)。 我使用了下面的命令,但它不工作。

SECRET GET PASSWORD
j8yoct9x

j8yoct9x1#

尝试如下。我看到密码秘密被列为舱内环境


# create secret

kubectl create secret generic redis-secret --from-literal=password=0123456

# create pod

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: secrets-via-env
  name: secrets-via-env
spec:
  containers:
  - image: redis
    name: secrets-via-env
    env:
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: redis-secret
          key: password

# check PASSWORD secret

master $ kubectl exec -it secrets-via-env sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.

# echo $PASSWORD

0123456

# from first pod

---
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: secret-via-file
  name: secret-via-file
spec:
  containers:
  - image: redis
    name: secret-via-file
    volumeMounts:
    - name: redis-secret
      mountPath: /secrets
  volumes:
  - name: redis-secret
    secret:
      secretName: redis-secret

controlplane $ kubectl exec -it secret-via-file sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.

# ls -l /secrets

total 0
lrwxrwxrwx 1 root root 15 Jul 22 09:45 password -> ..data/password

# cat /secrets/password

0123456#

相关问题