[英]Pass file to docker container in a kubernetes Pod
I'm beginner in Kube.netes, what I would like to achieve is:我是 Kube.netes 的初学者,我想实现的是:
So I would like to know if it's possible to do that in the Kubectl apply?所以我想知道是否可以在 Kubectl apply 中做到这一点?
My pod.yaml looks like:我的 pod.yaml 看起来像:
apiVersion: v1
kind: Pod
metadata:
generateName: testing
labels:
type: testing
namespace: ns-test
name: testing-config
spec:
restartPolicy: OnFailure
hostNetwork: true
containers:
- name: mycontainer
image: ".../mycontainer:latest"
you have to store the private / public key in a kube.netes secret object你必须将私钥/公钥存储在kube.netes 秘密object
apiVersion: v1
kind: Secret
metadata:
name: mysshkey
namespace: ns-test
data:
id_rsa: {{ value }}
id_rsa.pub: {{ value }}
and now you can mount this secret file in your container:现在你可以将这个秘密文件挂载到你的容器中:
containers:
- image: "my-image:latest"
name: my-app
...
volumeMounts:
- mountPath: "/var/my-app"
name: ssh-key
readOnly: true
volumes:
- name: ssh-key
secret:
secretName: mysshkey
The documentation of kuberentes provides also an chapter of Using Secrets as files from a Pod kuberentes 的文档还提供了Using Secrets as files from a Pod的一章
It's not tested but i hope it works.它没有经过测试,但我希望它能起作用。
First, you create a secret with your keys: kubectl create secret generic mysecret-keys --from-file=privatekey=</path/to/the/key/file/on/your/host> --from-file=publickey=</path/to/the/key/file/on/your/host>
首先,你用你的密钥创建一个秘密:
kubectl create secret generic mysecret-keys --from-file=privatekey=</path/to/the/key/file/on/your/host> --from-file=publickey=</path/to/the/key/file/on/your/host>
Then you refer to the key files using the secret in your pod:然后,您使用 pod 中的秘密引用密钥文件:
apiVersion: v1
kind: Pod
metadata:
...
spec:
...
containers:
- name: mycontainer
image: ".../mycontainer:latest"
volumeMounts:
- name: mysecret-keys
mountPath: /path/in/the/container # <-- privatekey & publickey will be mounted as file in this directory where your shell script can access
volumes:
- name: mysecret-keys
secret:
secretName: mysecret-keys # <-- mount the secret resource you created above
You can check the secret with kubectl get secret mysecret-keys --output yaml
.您可以使用
kubectl get secret mysecret-keys --output yaml
检查秘密。 You can check the pod and its mounting with kubectl describe pod testing-config
.您可以使用
kubectl describe pod testing-config
检查 pod 及其安装。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.