生成base64 参数
[root@k8smaster4 sc]# echo -n 'admin' | base64
YWRtaW4=
[root@k8smaster4 sc]# echo -n '51cto' | base64
NTFjdG8=
创建secret
[root@k8smaster4 sc]# cat secret-demo.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-opaque
labels:
environment: test
app: myadmin
type: Opaque
data:
username: YWRtaW4=
password: NTFjdG8=
查看创建结果
[root@k8smaster4 sc]# kubectl describe secret secret-opaque
Name: secret-opaque
Namespace: default
Labels: app=myadmin
environment=test
Annotations: <none>
Type: Opaque
Data
====
password: 5 bytes
username: 5 bytes
创建挂载Pod
apiVersion: v1
kind: Pod
metadata:
name: secret-volume
labels:
environment: test
app: secret-volume-test
spec:
containers:
- name: secret-voluem-test
image: docker.io/ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
volumeMounts:
- name: secret-volume-demo
readOnly: true
mountPath: /etc/secret
volumes:
- secret:
secretName: secret-opaque
name: secret-volume-demo
验证挂载结果
[root@k8smaster4 sc]# kubectl exec -it secret-volume -c secret-voluem-test -- /bin/sh
/ # cd /etc/secret
/etc/secret # ls
password username
/etc/secret # cat password
/etc/secret # cat username