从Redis容器访问变量

时间:2020-07-22 08:50:30

标签: kubernetes redis kubernetes-pod

我用以下命令创建秘密的redis-secret。

kubectl create secret generic redis-secret --from-literal=password=0123456

此后,我使用 redis 镜像创建了一个 secrets-via-file 荚,该镜像将秘密名称 redis-secret 安装在/ secrets 

kubectl run secret-via-file --image=redis --dry-run=client -o yaml > pod.yaml

我编辑了创建的 pod.yaml 文件。

apiVersion: v1
    kind: Pod
metadata:
  labels:
    run: secret-via-file
  name: secret-via-file
spec:
  containers:
  - image: redis
    name: secret-via-file
    volumeMounts:
    - name: redis-secret
      mountPath: /secrets
  volumes:
  - name: redis-secret
    secret:
      secretName: redis-secret

我使用 redis 图片创建了第二个Pod名称 secret-via-env ,该图片将密码导出为 PASSWORD 

kubectl run secret-via-env --image=redis --dry-run=client -o yaml > pod2.yaml

我编辑了 pod2.yaml 文件。 

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: secrets-via-env
  name: secrets-via-env
spec:
  containers:
  - image: redis
    name: secrets-via-env
    env:
      - name: PASSWORD
        valueFrom:
          secretKeyRef:
            name: redis-secret
            key: password

我使用以下命令连接到Pod secrets-via-env 

kubectl exec -it secret-via-file -- redis-cli

我尝试验证机密是否已安装到吊舱。在第二个窗格中,我想使用变量PASSWORD检索分配的值(0123456)。我使用了下面的命令,但是它不起作用。

SECRET GET PASSWORD

1 个答案:

答案 0 :(得分:2)

尝试如下。我看到PASSWORD机密在pod内被列为env 

# create secret
kubectl create secret generic redis-secret --from-literal=password=0123456

# create pod
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: secrets-via-env
  name: secrets-via-env
spec:
  containers:
  - image: redis
    name: secrets-via-env
    env:
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: redis-secret
          key: password

# check PASSWORD secret
master $ kubectl exec -it secrets-via-env sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
# echo $PASSWORD
0123456

# from first pod
---
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: secret-via-file
  name: secret-via-file
spec:
  containers:
  - image: redis
    name: secret-via-file
    volumeMounts:
    - name: redis-secret
      mountPath: /secrets
  volumes:
  - name: redis-secret
    secret:
      secretName: redis-secret

controlplane $ kubectl exec -it secret-via-file sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.
# ls -l /secrets
total 0
lrwxrwxrwx 1 root root 15 Jul 22 09:45 password -> ..data/password
# cat /secrets/password
0123456#
相关问题
最新问题