有時候應用程式會需要使用帳號密碼等敏感資訊, 因此在部署時我們可以採用 secret 物件來儲存.

使用 secret 儲存敏感資訊

1. 用命令 kubectl create secret generic apikey --from-literal=api_key=1234567890 來建立 secret key.

PS C:\k8s> kubectl create secret generic apikey --from-literal=api_key=1234567890
secret "apikey" created

2. 使用命令 kubectl get secrets 取得 secrets

PS C:\k8s> kubectl get secrets
NAME                   TYPE                                  DATA      AGE
apikey                 Opaque                                1         1m

3. 使用命令 kubectl get secret apikey -o yaml 將 secret apikey 輸出到 yaml

PS C:\k8s> kubectl get secret apikey -o yaml

# secretreader-deployment.yaml
apiVersion: v1
data:
  api_key: MTIzNDU2Nzg5MA==
kind: Secret
metadata:
  creationTimestamp: 2018-10-27T14:36:33Z
  name: apikey
  namespace: default
  resourceVersion: "446152"
  selfLink: /api/v1/namespaces/default/secrets/apikey
  uid: b3a45d52-d9f5-11e8-b771-00155d54100f
type: Opaque

4. 使用命令 kubectl create -f .\secretreader-deployment.yaml 部署 secrets

PS C:\k8s> kubectl create -f .\secretreader-deployment.yaml
deployment.extensions "secretreader" created
PS C:\k8s> kubectl get pods
NAME                                               READY     STATUS             RESTARTS   AGE
secretreader-598bc7845c-7jg2g                      1/1       Running            0          18s

5. 用以下的命令 kubectl logs secretreader-598bc7845c-7jg2g 輸出 secret 看看

PS C:\k8s\05_04> kubectl logs secretreader-598bc7845c-7jg2g
api_key passed via env variable was: '1234567890'
api_key passed via env variable was: '1234567890'
api_key passed via env variable was: '1234567890'
api_key passed via env variable was: '1234567890'
api_key passed via env variable was: '1234567890'
api_key passed via env variable was: '1234567890'
api_key passed via env variable was: '1234567890'
<略…>

以上是使用 scerets 儲存敏感資訊的方式

參考資料

• https://www.linkedin.com/learning/learning-kubernetes/dealing-with-application-secrets