[英]kubectl create secret with directory structure
I've created a secret with this command for one pair of public/private keys:我用这个命令为一对公钥/私钥创建了一个秘密:
kubectl create secret generic my-keys-secret --from-file=./public.key --from-file=./private.key
And used it in my pod configuration file:并在我的 pod 配置文件中使用它:
spec:
volumes:
- name: my-keys
secret:
secretName: my-keys-secret
volumeMounts:
- name: my-keys
readOnly: true
mountPath: "/keys"
So the pod can access keys/public.key
and keys/private.key
.所以 pod 可以访问
keys/public.key
和keys/private.key
。
But our new requirement is to support multiple pairs of public/private keys in this structure:但是我们的新要求是在这个结构中支持多对公钥/私钥:
.
└── keys
├── 1
│ ├── private.key
│ └── public.key
.
.
│
└── n
├── private.key
└── public.key
Is it possible to create the secret with kubectl create secret generic
cmd in the above structure?是否可以在上述结构中使用
kubectl create secret generic
cmd 创建秘密? (the pod should be able to access keys/n/public.key
and keys/n/private.key
) (吊舱应该能够访问
keys/n/public.key
和keys/n/private.key
)
Yes, definintely.是的,肯定的。 You need what is called a
generator
.您需要所谓的
generator
。 The best one is kustomize
.最好的一个是
kustomize
。 You can use it either as a standalone binary, or integrate it with kubectl.您可以将其用作独立的二进制文件,也可以将其与 kubectl 集成。
You will simply create a kustomization.yaml
file that will take certain resource
directories and templates as input and generate a whole bunch of manifests as output.您只需创建一个
kustomization.yaml
文件,该文件将某些resource
目录和模板作为输入,并生成一大堆清单作为输出。 For multi-level directories, you will have a kustomization.yaml
file per directory.对于多级目录,每个目录都有一个
kustomization.yaml
文件。 These will all be consumed by the program in a sequence to generate a complete set of manifests for you.这些都将被程序按顺序使用,为您生成一整套清单。 This you can directly apply to your cluster with:
这可以直接应用于您的集群:
kubectl apply -k .
This command assumes your current directory has a kustomization.yaml
file that you want to use and it will first generate all the manifests and then apply them.此命令假定您的当前目录有一个您要使用的
kustomization.yaml
文件,它将首先生成所有清单,然后应用它们。 If you only want to generate them and not apply them, you can --dry-run
your instruction and get -o yaml
output and save it to a file, like this:如果您只想生成它们而不应用它们,您可以
--dry-run
指令并获取-o yaml
输出并将其保存到文件中,如下所示:
kubectl apply -k . --dry-run=client -o yaml > my-secrets.yaml
This will put all of your generated secret manifests in my-secrets.yaml
which you can check for correctness when templating.这会将您生成的所有秘密清单放在
my-secrets.yaml
中,您可以在模板时检查其正确性。
You can read more about templatization options on the kustomize
docs here .您可以在此处阅读有关
kustomize
文档的模板化选项的更多信息。 It's very intuitive and simple to use :)它非常直观且易于使用:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.