如何在kubernetes中创建一个秘密文件
How to create a secret file in kubernetes
我有 yaml,我用它来使用下面的命令创建一个秘密。
kubectl create secret generic -n <NAMESPACE> gitlab-openid-connect --from-file=provider=provider.yaml
下面是Provider.yaml
:
name: 'openid_connect'
label: 'OpenID SSO Login'
args:
name: 'openid_connect'
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'https://keycloak.example.com/auth/realms/myrealm'
discovery: true
client_auth_method: 'basic'
client_options:
identifier: 'gitlab.example.com-oidc'
secret: '<keycloak clientID secret>'
redirect_uri: 'https://gitlab.example.com/users/auth/openid_connect/callback'
我想将它转换成 Secret yaml 文件,这样我就可以 运行 kubectl apply -f provider.yaml
我尝试创建以下文件,但它不起作用,provider-new.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: 'openid_connect'
label: 'OpenID SSO Login'
data:
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'url'
discovery: true
client_auth_method: 'basic'
client_options:
identifier: 'identifier'
secret: 'secret-key'
redirect_uri: 'url'
要完成这项工作,您需要使用 --from-env-file
而不是 --from-file
。并且包含变量的文件应该是纯文本。
To create a Secret from one or more files, use --from-file or
--from-env-file. The file must be plaintext, but the extension of the file does not matter.
When you create the Secret using --from-file, the value of the Secret
is the entire contents of the file. If the value of your Secret
contains multiple key-value pairs, use --from-env-file instead.
文件 provider.yaml
变量:
scope= ['openid','profile','email']
response_type= 'code'
issuer= 'url'
discovery= true
client_auth_method= 'basic'
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
kubectl create secret generic -n default gitlab-openid-connect --from-env-file=provider.yaml
结果:
apiVersion: v1
data:
client_auth_method: ICdiYXNpYyc=
discovery: IHRydWU=
identifier: ICdpZGVudGlmaWVyJw==
issuer: ICd1cmwn
redirect_uri: ICd1cmwn
response_type: ICdjb2RlJw==
scope: IFsnb3BlbmlkJywncHJvZmlsZScsJ2VtYWlsJ10=
secret: ICdzZWNyZXQta2V5Jw==
kind: Secret
metadata:
creationTimestamp: null
name: gitlab-openid-connect
namespace: default
另一件事是无法在秘密数据范围内建立层次结构,因此以下内容不会起作用:
client_options
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
来源:google cloud
我有 yaml,我用它来使用下面的命令创建一个秘密。
kubectl create secret generic -n <NAMESPACE> gitlab-openid-connect --from-file=provider=provider.yaml
下面是Provider.yaml
:
name: 'openid_connect'
label: 'OpenID SSO Login'
args:
name: 'openid_connect'
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'https://keycloak.example.com/auth/realms/myrealm'
discovery: true
client_auth_method: 'basic'
client_options:
identifier: 'gitlab.example.com-oidc'
secret: '<keycloak clientID secret>'
redirect_uri: 'https://gitlab.example.com/users/auth/openid_connect/callback'
我想将它转换成 Secret yaml 文件,这样我就可以 运行 kubectl apply -f provider.yaml
我尝试创建以下文件,但它不起作用,provider-new.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: 'openid_connect'
label: 'OpenID SSO Login'
data:
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'url'
discovery: true
client_auth_method: 'basic'
client_options:
identifier: 'identifier'
secret: 'secret-key'
redirect_uri: 'url'
要完成这项工作,您需要使用 --from-env-file
而不是 --from-file
。并且包含变量的文件应该是纯文本。
To create a Secret from one or more files, use --from-file or --from-env-file. The file must be plaintext, but the extension of the file does not matter.
When you create the Secret using --from-file, the value of the Secret is the entire contents of the file. If the value of your Secret contains multiple key-value pairs, use --from-env-file instead.
文件 provider.yaml
变量:
scope= ['openid','profile','email']
response_type= 'code'
issuer= 'url'
discovery= true
client_auth_method= 'basic'
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
kubectl create secret generic -n default gitlab-openid-connect --from-env-file=provider.yaml
结果:
apiVersion: v1
data:
client_auth_method: ICdiYXNpYyc=
discovery: IHRydWU=
identifier: ICdpZGVudGlmaWVyJw==
issuer: ICd1cmwn
redirect_uri: ICd1cmwn
response_type: ICdjb2RlJw==
scope: IFsnb3BlbmlkJywncHJvZmlsZScsJ2VtYWlsJ10=
secret: ICdzZWNyZXQta2V5Jw==
kind: Secret
metadata:
creationTimestamp: null
name: gitlab-openid-connect
namespace: default
另一件事是无法在秘密数据范围内建立层次结构,因此以下内容不会起作用:
client_options
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
来源:google cloud