我正在阅读Vyas和Love的Core Kubernetes,第8.3.1节有以下2个yaml文件,我们将它们命名为secret.yaml:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
val1: YXNkZgo=
val2: YXNkZjIK
stringData:
val1: asdf和secret-pod.yaml:
apiVersion: v1
kind: Pod
metadata:
name: mysecretpod
spec:
containers:
- name: mypod
image: nginx
volumeMounts:
- name: myval
mountPath: /etc/myval
readOnly: true
volumes:
- name: myval
secret:
secretName: val1当我运行kubectl apply -f secret-pod.yaml时,它出错了。使用describe,我可以看到:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3s default-scheduler Successfully assigned default/mysecretpod to minikube
Warning FailedMount 0s (x4 over 3s) kubelet MountVolume.SetUp failed for volume "myval" : secret "val1" not found这有点道理。使用kubectl get secrets,我只能看到以下内容:
NAME TYPE DATA AGE
default-token-vhllg kubernetes.io/service-account-token 3 5d3h
mysecret Opaque 2 19m因此,我对secret-pod.yaml进行了以下更改:
volumes:
- name: myval
secret:
secretName: mysecret这让kubectl很高兴,它很快就创建了mysecretpod,没有任何问题。然而,查看使用kubectl exec -it mysecretpod -- ls -l /etc/myval的Pod,我得到:
total 0
lrwxrwxrwx 1 root root 11 Dec 12 08:08 val1 -> ..data/val1
lrwxrwxrwx 1 root root 11 Dec 12 08:08 val2 -> ..data/val2所以mysecret的内容加载到那个文件夹中,val1和val2是文件,我想作者是想把val1挂载成那个pod中的/etc/myval文件,那么secret-pod.yaml应该怎么写呢?我试过这个方法,但是失败了:
volumes:
- name: myval
secret:
secretName: mysecret/val1另外,为什么我看到val1和val2都有多余的-> ..data/val...?它们是什么?
1条答案
按热度按时间kmynzznz1#
因此,要使其按预期工作,
secret-pod.yaml必须按如下方式指定subPath: