如何将kubernetes秘密内容复制到单个文件

How to copy kubernetes secret content to single file

我有如下 kubernetes 秘密,想将所有内容原样复制到单个文件。

api: 
  url: https://app.a.com/test
application: 
  metadata: name="myname"

在 yaml 中我有以下内容

apiVersion: apps/v1
kind: Deployment
metadata:
  name: active-mq
  labels:
    app: active-mq
spec:
  replicas: 1
  selector:
    matchLabels:
      app: active-mq
  template:
    metadata:
      labels:
        app: active-mq
    spec:
      containers:
        - image: [name-of-my-image-from-docker-hub]
          name: active-mq
          imagePullPolicy: Always
          resources:
            requests:
              memory: 500Mi
              cpu: 200m
            limits:
              memory: 1000Mi
              cpu: 400m
          volumeMounts:
          - name: active-creds
            mountPath: /home/my.properties
            subPath: my.properties
      volumes:
      - name: active-creds
        secret:
          secretName: creds
      restartPolicy: Always

当我 bash 到容器时,我看到它在 /home 下创建了名为 my.properties 的目录。那是我在这里想念的东西吗? 我期待 my.properties 应该包含以下内容

api: 
  url: https://app.a.com/test
application: 
  metadata: name="myname"

你的问题不清楚,但我怀疑没有创建 Secret 来反映你需要的密钥。在这种情况下,密钥成为文件名(即 my.properties)。您不希望键为 apiapplication.

# Create the file locally
echo '
api: 
  url: https://app.a.com/test
application: 
  metadata: name="myname"' > my.foo

# Create the Kubernetes Secret from it
# NB This renames to "my.properties" from "my.foo"
kubectl create secret generic test \
--from-file=my.properties=${PWD}/my.foo

get secret test \
--output=yaml

产量:

apiVersion: v1
data:
  my.properties: YXBpOiAK...
kind: Secret
metadata:
  name: test
type: Opaque

NOTE data contains a key my.properties

然后:

# Using your Deployment
kubectl apply \
--filename=71484256.yaml

# I replaced your image with busybox
kubectl exec \
--stdin --tty \
deployment/test \
-- ash

然后从容器的 shell:

# ls /home
my.properties

# more /home/my.properties
api: 
  url: https://app.a.com/test
application: 
  metadata: name=myname