[英]How to create a secret file in kubernetes
I have yaml which I used to create a secret using below command.我有 yaml,我曾经使用下面的命令创建一个秘密。
kubectl create secret generic -n <NAMESPACE> gitlab-openid-connect --from-file=provider=provider.yaml
below is Provider.yaml
:下面是Provider.yaml
:
name: 'openid_connect'
label: 'OpenID SSO Login'
args:
name: 'openid_connect'
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'https://keycloak.example.com/auth/realms/myrealm'
discovery: true
client_auth_method: 'basic'
client_options:
identifier: 'gitlab.example.com-oidc'
secret: '<keycloak clientID secret>'
redirect_uri: 'https://gitlab.example.com/users/auth/openid_connect/callback'
I want to convert it into a Secret yaml file so that I can run kubectl apply -f provider.yaml
我想把它转换成一个 Secret yaml 文件,这样我就可以运行kubectl apply -f provider.yaml
I tried to create below file but it does not work, provider-new.yaml
我试图创建下面的文件,但它不起作用, provider-new.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: 'openid_connect'
label: 'OpenID SSO Login'
data:
scope: ['openid','profile','email']
response_type: 'code'
issuer: 'url'
discovery: true
client_auth_method: 'basic'
client_options:
identifier: 'identifier'
secret: 'secret-key'
redirect_uri: 'url'
To make this work you need to use --from-env-file
instead --from-file
.要完成这项工作,您需要使用--from-env-file
代替--from-file
。 And the file containing the variables should be in the plain text.包含变量的文件应该是纯文本。
To create a Secret from one or more files, use --from-file or --from-env-file.要从一个或多个文件创建 Secret,请使用 --from-file 或 --from-env-file。 The file must be plaintext, but the extension of the file does not matter.文件必须是纯文本的,但文件的扩展名无关紧要。
When you create the Secret using --from-file, the value of the Secret is the entire contents of the file.当您使用 --from-file 创建 Secret 时,Secret 的值是文件的全部内容。 If the value of your Secret contains multiple key-value pairs, use --from-env-file instead.如果您的 Secret 的值包含多个键值对,请改用 --from-env-file。
File provider.yaml
with variables:带有变量的文件provider.yaml
:
scope= ['openid','profile','email']
response_type= 'code'
issuer= 'url'
discovery= true
client_auth_method= 'basic'
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
kubectl create secret generic -n default gitlab-openid-connect --from-env-file=provider.yaml
Result:结果:
apiVersion: v1
data:
client_auth_method: ICdiYXNpYyc=
discovery: IHRydWU=
identifier: ICdpZGVudGlmaWVyJw==
issuer: ICd1cmwn
redirect_uri: ICd1cmwn
response_type: ICdjb2RlJw==
scope: IFsnb3BlbmlkJywncHJvZmlsZScsJ2VtYWlsJ10=
secret: ICdzZWNyZXQta2V5Jw==
kind: Secret
metadata:
creationTimestamp: null
name: gitlab-openid-connect
namespace: default
Another thing is that isn't possible to establish a hierarchy in the secret data scope, so the following isn't gonna work:另一件事是不可能在秘密数据范围内建立层次结构,因此以下内容不起作用:
client_options
identifier= 'identifier'
secret= 'secret-key'
redirect_uri= 'url'
source: google cloud来源: 谷歌云
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.