堆栈内存溢出
  简体   繁体   English

将文件传递到 kube.netes Pod 中的 docker 容器

[英]Pass file to docker container in a kubernetes Pod

 原文  2022-04-13 10:49:01       docker/ kubernetes/ kubectl

问题描述

I'm beginner in Kube.netes, what I would like to achieve is:我是 Kube.netes 的初学者,我想实现的是:

  • Pass user's ssh private/public key to the Pod and then to the Docker container (there's a shell script that will be using this key)将用户的 ssh 私钥/公钥传递给 Pod,然后传递给 Docker 容器(有一个 shell 脚本将使用此密钥)

So I would like to know if it's possible to do that in the Kubectl apply?所以我想知道是否可以在 Kubectl apply 中做到这一点?

My pod.yaml looks like:我的 pod.yaml 看起来像:

apiVersion: v1
kind: Pod
metadata:
  generateName: testing
  labels:
    type: testing
  namespace: ns-test
  name: testing-config
spec:
  restartPolicy: OnFailure
  hostNetwork: true
  containers:
    - name: mycontainer
      image: ".../mycontainer:latest"

2 个解决方案

解决方案1
 2  2022-04-13 11:08:31

you have to store the private / public key in a kube.netes secret object你必须将私钥/公钥存储在kube.netes 秘密object

apiVersion: v1
kind: Secret
metadata:
  name: mysshkey
  namespace: ns-test
data:
  id_rsa: {{ value }}
  id_rsa.pub: {{ value }}

and now you can mount this secret file in your container:现在你可以将这个秘密文件挂载到你的容器中:

      containers:
      - image: "my-image:latest"
        name: my-app
        ...
        volumeMounts:
          - mountPath: "/var/my-app"
            name: ssh-key
            readOnly: true
      volumes:
        - name: ssh-key
          secret:
            secretName: mysshkey

The documentation of kuberentes provides also an chapter of Using Secrets as files from a Pod kuberentes 的文档还提供了Using Secrets as files from a Pod的一章

It's not tested but i hope it works.它没有经过测试,但我希望它能起作用。

解决方案2
 1 已采纳  2022-04-13 11:05:06

First, you create a secret with your keys: kubectl create secret generic mysecret-keys --from-file=privatekey=</path/to/the/key/file/on/your/host> --from-file=publickey=</path/to/the/key/file/on/your/host>首先,你用你的密钥创建一个秘密: kubectl create secret generic mysecret-keys --from-file=privatekey=</path/to/the/key/file/on/your/host> --from-file=publickey=</path/to/the/key/file/on/your/host>

Then you refer to the key files using the secret in your pod:然后,您使用 pod 中的秘密引用密钥文件:

apiVersion: v1
kind: Pod
metadata:
  ...
spec:
  ...
  containers:
  - name: mycontainer
    image: ".../mycontainer:latest"
    volumeMounts:
    - name: mysecret-keys
      mountPath: /path/in/the/container  # <-- privatekey & publickey will be mounted as file in this directory where your shell script can access
  volumes:
  - name: mysecret-keys
    secret:
      secretName: mysecret-keys  # <-- mount the secret resource you created above

You can check the secret with kubectl get secret mysecret-keys --output yaml .您可以使用kubectl get secret mysecret-keys --output yaml检查秘密。 You can check the pod and its mounting with kubectl describe pod testing-config .您可以使用kubectl describe pod testing-config检查 pod 及其安装。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在kubernetes容器中将hosts文件用于docker-in-docker容器 - Use hosts file for docker-in-docker container in kubernetes pod 如何使用 docker 容器创建 kubernetes pod - how to create kubernetes pod with docker container Docker Container与Kubernetes Pod之间的通信 - Communication between Docker Container and Kubernetes Pod 在 kubernetes 中旋转另一个 docker 容器和 pod - Spin another docker container and pod in kubernetes 测试 docker 容器的 Kubernetes pod 失败 - failed Kubernetes pod of a test docker container 如何将 docker 容器添加到正在运行的 kube.netes pod? - How to add a docker container to a running kubernetes pod? 如何登录运行在特定Kubernetes容器内的Docker容器并运行test.sh文件? - How do I login into a Docker container running inside the specific Kubernetes pod and run an test.sh file? 部署为 kubernetes pod 时容器中的文件丢失 - The file in the container is missing while deploying as a kubernetes pod 如何在 Docker 容器和 Kubernetes pod 中获取应用程序指标 - How to get the application metrics in Docker container and Kubernetes pod 如何将卷附加到 kube.netes pod 容器,如 docker? - How to attache a volume to kubernetes pod container like in docker?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM