┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "docker pull hub.c.163.com/library/mysql:latest" ┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$ansible node -m shell -a "docker pull hub.c.163.com/library/wordpress:latest"
学习环境准备,新建一个命名空间
1 2 3 4 5 6 7 8 9 10 11 12
┌──[root@vms81.liruilongs.github.io]-[~/ansible] └─$dir=k8s-secret-create;mkdir $dir;cd$dir ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get ns NAME STATUS AGE default Active 66d kube-node-lease Active 66d kube-public Active 66d kube-system Active 66d liruilong Active 65d liruilong-pod-create Active 58d liruilong-volume-create Active 16d
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$yum -y install mariadb ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$mysql -uroot -pliruilong -h10.244.171.190 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.18 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h'forhelp. Type '\c' to clear the current input statement.
MySQL [(none)]> quit Bye ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
创建 secret
1 2 3 4 5 6 7
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl describe pod mysqlpod | grep -A 2 Env Environment: MYSQL_ROOT_PASSWORD: liruilong Mounts: ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
上面的密码我们使用的是明文,但是在实际的生产环境使用明文是很危险的一件事,所以我们需要加密处理
secret主要用于密码的保存 通过键值对的方式创建。直接指定键值对,或者存放中secret中
命令行创建secret
查看secret
1 2 3 4 5 6 7 8 9 10
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get sa NAME SECRETS AGE default 1 46m ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get secrets NAME TYPE DATA AGE default-token-7q2qj kubernetes.io/service-account-token 3 46m ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
创建secret
1 2 3 4 5 6 7 8 9 10
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl create secret generic mysecl --from-literal=mysqlpassword=liruilong --from-literal=rqpassword=rq secret/mysecl created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get secrets NAME TYPE DATA AGE default-token-7q2qj kubernetes.io/service-account-token 3 49m mysecl Opaque 2 9s ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl apply -f mysqlpodargs.yaml pod/mysqlpod created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mysqlpod 0/1 ContainerCreating 0 15s <none> vms83.liruilongs.github.io <none> <none> ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mysqlpod 1/1 Running 0 21s 10.244.70.19 vms83.liruilongs.github.io <none> <none>
测试登录
1 2 3 4 5 6 7 8 9 10 11
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$mysql -uroot -h10.244.70.19 -pliruilong Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.18 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h'forhelp. Type '\c' to clear the current input statement.
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl apply -f nginxsecret.yaml pod/nginxsecret created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get pods NAME READY STATUS RESTARTS AGE nginxsecret 1/1 Running 0 41s ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectlexec -it nginxsecret -- bash root@nginxsecret:/# ls bin data docker-entrypoint.d etc lib media opt root sbin sys usr boot dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var root@nginxsecret:/# cd data/;ls mysqlpassword rqpassword root@nginxsecret:/data# exit exit
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get cm NAME DATA AGE kube-root-ca.crt 1 7h32m myconfig1 2 81s ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl describe configmaps myconfig1 Name: myconfig1 Namespace: liruilong-secret-create Labels: <none> Annotations: <none>
Data ==== password: ---- liruilong user: ---- liruilong
BinaryData ====
Events: <none>
1 2 3 4 5 6
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get cm myconfig1 -o jsonpath='{.data.password}' liruilong┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get cm myconfig1 -o jsonpath='{.data.user}' liruilong┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get cm NAME DATA AGE kube-root-ca.crt 1 8h myconfig1 2 37m myconfig2 1 9m16s myconfig3 3 18s ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl apply -f mysqlpodconfig.yaml pod/mysqlpod created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mysqlpod 1/1 Running 0 3m19s 10.244.171.130 vms82.liruilongs.github.io <none> <none> ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$
测试使用
1 2 3 4 5 6 7 8 9 10 11
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-secret-create] └─$mysql -uroot -h10.244.171.130 -pliruilong Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.18 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h'forhelp. Type '\c' to clear the current input statement.