Task weight: 3%
NOTE: This task can only be solved if questions 18 or 20 have been successfully implemented and the k8s-c3-CCC cluster has a functioning worker node
Use context: kubectl config use-context k8s-c3-CCC
Do the following in a new Namespace secret . Create a Pod named secret-pod of image busybox:1.31.1 which should keep running for some time.
There is an existing Secret located at /opt/course/19/secret1.yaml , create it in the Namespace secret and mount it readonly into the Pod at /tmp/secret1 .
Create a new Secret in Namespace secret called secret2 which should contain user=user1 and pass=1234 . These entries should be available inside the Pod's container as environment variables APP_USER and APP_PASS .
Confirm everything is working.
译文:
注意:只有当问题18或20已经成功实施,并且k8s-c3-CCC集群有一个正常工作的工作节点时,才能解决这个任务
在一个新的命名空间 secret 中进行以下操作。创建一个名为 secret-pod 的Pod,其镜像为 busybox:1.31.1 ,应该保持运行一段时间。
有一个位于 /opt/course/19/secret1.yaml 的现有Secret ,在命名空间 secret 中创建它,并将其以只读方式装载到 /tmp/secret1 的Pod中。
在命名空间 secret 中创建一个新的 secret ,称为 secret2 ,它应该包含user=user1 和 pass=1234 。这些条目应该在Pod的容器中作为环境变量 APP_USER 和 APP_PASS 可用。
确认一切都在工作。
解答:
kubectl config use-context k8s-c3-CCC
创建一个secret,并复制文件到当前目录进行编辑
k create ns secret
cp /opt/course/19/secret1.yaml 19_secret1.yaml
vim 19_secret1.yaml
19_secret1.yaml
# 19_secret1.yaml
apiVersion: v1
data:
halt: IyEgL2Jpbi9zaAo...
kind: Secret
metadata:
creationTimestamp: null
name: secret1
namespace: secret # change
创建secret
k -f 19_secret1.yaml create
创建第二个secret
k -n secret create secret generic secret2 --from-literal=user=user1 --from-literal=pass=1234
创建一个pod模板并进行编辑
k -n secret run secret-pod --image=busybox:1.31.1 $do -- sh -c "sleep 1d" > 19.yaml
vim 19.yaml
19.yaml
# 19.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: secret-pod
name: secret-pod
namespace: secret # add
spec:
containers:
- args:
- sh
- -c
- sleep 1d
image: busybox:1.31.1
name: secret-pod
resources: {}
env: # add
- name: APP_USER # add
valueFrom: # add
secretKeyRef: # add
name: secret2 # add
key: user # add
- name: APP_PASS # add
valueFrom: # add
secretKeyRef: # add
name: secret2 # add
key: pass # add
volumeMounts: # add
- name: secret1 # add
mountPath: /tmp/secret1 # add
readOnly: true # add
dnsPolicy: ClusterFirst
restartPolicy: Always
volumes: # add
- name: secret1 # add
secret: # add
secretName: secret1 # add
status: {}
创建pod
k -f 19.yaml create
检查
k -n secret exec secret-pod -- env | grep APP
k -n secret exec secret-pod -- find /tmp/secret1
k -n secret exec secret-pod -- cat /tmp/secret1/halt