堆栈内存溢出
  简体   繁体   English

kubectl 使用目录结构创建密钥

[英]kubectl create secret with directory structure

 原文  2022-07-13 19:11:07       kubernetes/ kubectl

问题描述

I've created a secret with this command for one pair of public/private keys:我用这个命令为一对公钥/私钥创建了一个秘密:

kubectl create secret generic my-keys-secret --from-file=./public.key --from-file=./private.key

And used it in my pod configuration file:并在我的 pod 配置文件中使用它:

spec:
  volumes:
    - name: my-keys
      secret:
      secretName: my-keys-secret

volumeMounts:
  - name: my-keys
    readOnly: true
    mountPath: "/keys"

So the pod can access keys/public.key and keys/private.key .所以 pod 可以访问keys/public.keykeys/private.key

But our new requirement is to support multiple pairs of public/private keys in this structure:但是我们的新要求是在这个结构中支持多对公钥/私钥:

.
└── keys
    ├── 1
    │   ├── private.key
    │   └── public.key
    .
    .
    │
    └── n
        ├── private.key
        └── public.key

Is it possible to create the secret with kubectl create secret generic cmd in the above structure?是否可以在上述结构中使用kubectl create secret generic cmd 创建秘密? (the pod should be able to access keys/n/public.key and keys/n/private.key ) (吊舱应该能够访问keys/n/public.keykeys/n/private.key

1 个解决方案

解决方案1
 1  2022-07-13 20:26:15

Yes, definintely.是的,肯定的。 You need what is called a generator .您需要所谓的generator The best one is kustomize .最好的一个是kustomize You can use it either as a standalone binary, or integrate it with kubectl.您可以将其用作独立的二进制文件,也可以将其与 kubectl 集成。

You will simply create a kustomization.yaml file that will take certain resource directories and templates as input and generate a whole bunch of manifests as output.您只需创建一个kustomization.yaml文件,该文件将某些resource目录和模板作为输入,并生成一大堆清单作为输出。 For multi-level directories, you will have a kustomization.yaml file per directory.对于多级目录,每个目录都有一个kustomization.yaml文件。 These will all be consumed by the program in a sequence to generate a complete set of manifests for you.这些都将被程序按顺序使用,为您生成一整套清单。 This you can directly apply to your cluster with:这可以直接应用于您的集群:

kubectl apply -k .

This command assumes your current directory has a kustomization.yaml file that you want to use and it will first generate all the manifests and then apply them.此命令假定您的当前目录有一个您要使用的kustomization.yaml文件,它将首先生成所有清单,然后应用它们。 If you only want to generate them and not apply them, you can --dry-run your instruction and get -o yaml output and save it to a file, like this:如果您只想生成它们而不应用它们,您可以--dry-run指令并获取-o yaml输出并将其保存到文件中,如下所示:

kubectl apply -k . --dry-run=client -o yaml > my-secrets.yaml

This will put all of your generated secret manifests in my-secrets.yaml which you can check for correctness when templating.这会将您生成的所有秘密清单放在my-secrets.yaml中,您可以在模板时检查其正确性。

You can read more about templatization options on the kustomize docs here .您可以在此处阅读有关kustomize文档的模板化选项的更多信息。 It's very intuitive and simple to use :)它非常直观且易于使用:)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubectl 创建多行秘密 - Kubectl create multiline secret 无法使用 kubectl 创建 Secret - Unable to create a Secret Using kubectl “kubectl create secret”会创建一个字符串密码吗? - Will "kubectl create secret" create a string password? kubectl 创建秘密通用 InternalError PermissionDenied - kubectl create secret generic InternalError PermissionDenied kubectl delete / create secret forbidden(谷歌云平台) - kubectl delete/create secret forbidden (Google cloud platform) 我可以使用 kubectl 命令使用 a.pfx 证书创建 kubernetes 密钥吗? - Can I create a kubernetes secret with the kubectl command using a .pfx certificate? kubectl 为所有命名空间创建秘密 docker-registry - kubectl create secret docker-registry for all namespaces kubectl ImagePullBackOff 由于秘密 - kubectl ImagePullBackOff due to secret 为什么kubectl描述秘密不起作用? - Why is kubectl describe secret not working? Kube.netes:使用 kubectl 修改秘密? - Kubernetes: modify a secret using kubectl?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM