如何将kubernetes秘密内容复制到单个文件
How to copy kubernetes secret content to single file
我有如下 kubernetes 秘密,想将所有内容原样复制到单个文件。
api:
url: https://app.a.com/test
application:
metadata: name="myname"
在 yaml 中我有以下内容
apiVersion: apps/v1
kind: Deployment
metadata:
name: active-mq
labels:
app: active-mq
spec:
replicas: 1
selector:
matchLabels:
app: active-mq
template:
metadata:
labels:
app: active-mq
spec:
containers:
- image: [name-of-my-image-from-docker-hub]
name: active-mq
imagePullPolicy: Always
resources:
requests:
memory: 500Mi
cpu: 200m
limits:
memory: 1000Mi
cpu: 400m
volumeMounts:
- name: active-creds
mountPath: /home/my.properties
subPath: my.properties
volumes:
- name: active-creds
secret:
secretName: creds
restartPolicy: Always
当我 bash 到容器时,我看到它在 /home
下创建了名为 my.properties
的目录。那是我在这里想念的东西吗?
我期待 my.properties 应该包含以下内容
api:
url: https://app.a.com/test
application:
metadata: name="myname"
你的问题不清楚,但我怀疑没有创建 Secret 来反映你需要的密钥。在这种情况下,密钥成为文件名(即 my.properties
)。您不希望键为 api
和 application
.
# Create the file locally
echo '
api:
url: https://app.a.com/test
application:
metadata: name="myname"' > my.foo
# Create the Kubernetes Secret from it
# NB This renames to "my.properties" from "my.foo"
kubectl create secret generic test \
--from-file=my.properties=${PWD}/my.foo
get secret test \
--output=yaml
产量:
apiVersion: v1
data:
my.properties: YXBpOiAK...
kind: Secret
metadata:
name: test
type: Opaque
NOTE data
contains a key my.properties
然后:
# Using your Deployment
kubectl apply \
--filename=71484256.yaml
# I replaced your image with busybox
kubectl exec \
--stdin --tty \
deployment/test \
-- ash
然后从容器的 shell:
# ls /home
my.properties
# more /home/my.properties
api:
url: https://app.a.com/test
application:
metadata: name=myname
我有如下 kubernetes 秘密,想将所有内容原样复制到单个文件。
api:
url: https://app.a.com/test
application:
metadata: name="myname"
在 yaml 中我有以下内容
apiVersion: apps/v1
kind: Deployment
metadata:
name: active-mq
labels:
app: active-mq
spec:
replicas: 1
selector:
matchLabels:
app: active-mq
template:
metadata:
labels:
app: active-mq
spec:
containers:
- image: [name-of-my-image-from-docker-hub]
name: active-mq
imagePullPolicy: Always
resources:
requests:
memory: 500Mi
cpu: 200m
limits:
memory: 1000Mi
cpu: 400m
volumeMounts:
- name: active-creds
mountPath: /home/my.properties
subPath: my.properties
volumes:
- name: active-creds
secret:
secretName: creds
restartPolicy: Always
当我 bash 到容器时,我看到它在 /home
下创建了名为 my.properties
的目录。那是我在这里想念的东西吗?
我期待 my.properties 应该包含以下内容
api:
url: https://app.a.com/test
application:
metadata: name="myname"
你的问题不清楚,但我怀疑没有创建 Secret 来反映你需要的密钥。在这种情况下,密钥成为文件名(即 my.properties
)。您不希望键为 api
和 application
.
# Create the file locally
echo '
api:
url: https://app.a.com/test
application:
metadata: name="myname"' > my.foo
# Create the Kubernetes Secret from it
# NB This renames to "my.properties" from "my.foo"
kubectl create secret generic test \
--from-file=my.properties=${PWD}/my.foo
get secret test \
--output=yaml
产量:
apiVersion: v1
data:
my.properties: YXBpOiAK...
kind: Secret
metadata:
name: test
type: Opaque
NOTE
data
contains a keymy.properties
然后:
# Using your Deployment
kubectl apply \
--filename=71484256.yaml
# I replaced your image with busybox
kubectl exec \
--stdin --tty \
deployment/test \
-- ash
然后从容器的 shell:
# ls /home
my.properties
# more /home/my.properties
api:
url: https://app.a.com/test
application:
metadata: name=myname