模拟题目:

设置配置环境:

[candidate@node-1] $ kubectl config use-context k8s

Task

test 命名空间,创建一个名为 mysecret 的密钥,其值 usernamedevuserpassword为A!B*d$zDsb=test 命名空间,创建一个 pod,镜像使用 nginx:1.16 ,名字为 mypod ,将秘密 mysecret 挂载到路径 /etc/foo 上的卷中

参考:

https://kubernetes.io/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kubectl/ https://kubernetes.io/zh-cn/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod

解答:

切换环境

kubectl config use-context k8s

创建secret

echo -n 'devuser' > ./username.txt
echo -n 'A!B\*d$zDsb=' > ./password.txt
kubectl create secret generic mysecret \
    --from-file=./username.txt \
    --from-file=./password.txt

或者

kubectl -n test create secret generic mysecret \
    --from-literal=username=devuser \
    --from-literal=password='A!B\*d$zDsb='

创建pod,并挂载secret

apiVersion: v1
kind: Pod
metadata:
  name: mypod
  namespace: test
spec:
  volumes:
  - name: mysecret-volume
    secret:
      secretName: mysecret
  containers:
  - name: mypod
    image: nginx:1.16
    volumeMounts:
    - name: mysecret-volume
      readOnly: true
      mountPath: "/etc/foo"

创建并检查

kubectl apply -f pod.yaml
kubectl -n test exec -it pods/mypod -- ls /etc/foo
kubectl -n test exec -it pods/mypod -- cat /etc/foo/username

file