我正在尝试在init容器中获取机密,并将其传递给主容器。我在这里有2个问题,
答案 0 :(得分:2)
您可以在initContainer和mainContainer上安装与环境变量相同的密码。
给出一个秘密,例如:
k create secret generic mysecret --from-literal=key=secret
那将是这样的:
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: mypod
name: mypod
spec:
initContainers:
- name: init
image: busybox
env:
- name: SECRET
valueFrom:
secretKeyRef:
name: mysecret
key: key
command: ['sh','-c','echo $SECRET']
containers:
- image: busybox
name: mypod
resources: {}
env:
- name: SECRET
valueFrom:
secretKeyRef:
name: mysecret
key: key
command: ['sh','-c','echo $SECRET']
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
运行Pod时,看到它们都打印相同秘密的内容。
kubectl logs mypod -c init
secret
kubectl logs mypod
secret