我的k8.yaml是这样的
apiVersion: apps/v1
kind: Deployment
metadata:
name: <...>
namespace: <...>
spec:
template:
spec:
containers:
- name: <...>
image: <...>
volumeMounts:
- name: decoded
mountPath: /usr/src/app/decoded
volumes:
- name: decoded
secret:
secretName: base64-secret
defaultMode: 0755
base64-secretk8秘密中的变量是base64编码的。当它们使用k8 yaml配置挂载到路径时,是否有解码内容的方法?
到目前为止,我能想到的唯一方法是使用脚本来解码容器何时启动。
仅供参考:秘密类型为Generic
可以使用base64 -d命令(-d: decode)
的例子:
#secret name samplesecret
kubectl get secret samplesecret
NAME TYPE DATA AGE
samplesecret Opaque 3 4m20s
#get all the keys in the secrets (keys wont be encoded but values will be encoded):
kubectl get secret samplesecret -o jsonpath='{.data}'
{"key1":"dmFsdWU=","key2":"dmFsdWUy","key3":"dmFsdWUz"}
#now decode the desired key's value by piping it to base64 -d:
kubectl get secret samplesecret -o jsonpath='{.data.key1}' | base64 -d
value
kubectl get secret samplesecret -o jsonpath='{.data.key2}' | base64 -d
value2
kubectl get secret samplesecret -o jsonpath='{.data.key3}' | base64 -d
value3
# if you want to iterate through all the keys & display their values decoded :
kubectl get secret <secretname> -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"n"}}{{$v|base64decode}}{{"nn"}}{{end}}'
kubectl get secret samplesecret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"n"}}{{$v|base64decode}}{{"nn"}}{{end}}'
### key1
value
### key2
value2
### key3
value3