Define/change YAML 中的 Kubernetes SSH 密钥文件名
Define/change Kubernetes SSH key file name in a YAML
我有个秘密:
apiVersion: v1
kind: Secret
metadata:
name: secret-ssh-auth
type: kubernetes.io/ssh-auth
data:
ssh-privatekey: |
SEVMTE9PT09PT09PT09PT09PT09PCg==
和部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
volumeMounts:
- name: secret-ssh-auth
mountPath: /root/.ssh
volumes:
- name: secret-ssh-auth
secret:
secretName: secret-ssh-auth
defaultMode: 0400
它使用此路径创建了一个文件 /root/.ssh/ssh-privatekey
,而我想使用 /root/.ssh/id_rsa
名称。
我知道我们可以通过 运行 kubectl 命令解决它,但我想在 YAML 文件中处理它。
那么,如何通过 YAML 文件做到这一点?
根据 Kubernetes 文档,ssh-privatekey
键是必需的,在这种情况下,您可以通过 stringData
键将其留空,然后通过 data
键定义另一个键,如下所示:
apiVersion: v1
kind: Secret
metadata:
name: secret-ssh-auth
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: |
-
data:
id_rsa: |
SEVMTE9PT09PT09PT09PT09PT09PCg==
遇到同样的问题,通过简单地定义 spec.volumes 来解决它,将 key
重命名为 path
值:
volumes:
- name: privatekey
secret:
secretName: private-key
items:
- key: ssh-privatekey
path: id_rsa
defaultMode: 384
然后在容器定义中引用它:
containers:
- name: xxx
volumeMounts:
- name: privatekey
mountPath: /path/to/.ssh
我有个秘密:
apiVersion: v1
kind: Secret
metadata:
name: secret-ssh-auth
type: kubernetes.io/ssh-auth
data:
ssh-privatekey: |
SEVMTE9PT09PT09PT09PT09PT09PCg==
和部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
volumeMounts:
- name: secret-ssh-auth
mountPath: /root/.ssh
volumes:
- name: secret-ssh-auth
secret:
secretName: secret-ssh-auth
defaultMode: 0400
它使用此路径创建了一个文件 /root/.ssh/ssh-privatekey
,而我想使用 /root/.ssh/id_rsa
名称。
我知道我们可以通过 运行 kubectl 命令解决它,但我想在 YAML 文件中处理它。 那么,如何通过 YAML 文件做到这一点?
根据 Kubernetes 文档,ssh-privatekey
键是必需的,在这种情况下,您可以通过 stringData
键将其留空,然后通过 data
键定义另一个键,如下所示:
apiVersion: v1
kind: Secret
metadata:
name: secret-ssh-auth
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: |
-
data:
id_rsa: |
SEVMTE9PT09PT09PT09PT09PT09PCg==
遇到同样的问题,通过简单地定义 spec.volumes 来解决它,将 key
重命名为 path
值:
volumes:
- name: privatekey
secret:
secretName: private-key
items:
- key: ssh-privatekey
path: id_rsa
defaultMode: 384
然后在容器定义中引用它:
containers:
- name: xxx
volumeMounts:
- name: privatekey
mountPath: /path/to/.ssh