Task weight: 3%

NOTE: This task can only be solved if questions 18 or 20 have been successfully implemented and the k8s-c3-CCC cluster has a functioning worker node

Use context: kubectl config use-context k8s-c3-CCC

Do the following in a new Namespace secret . Create a Pod named secret-pod of image busybox:1.31.1 which should keep running for some time.

There is an existing Secret located at /opt/course/19/secret1.yaml , create it in the Namespace secret and mount it readonly into the Pod at /tmp/secret1 .

Create a new Secret in Namespace secret called secret2 which should contain user=user1 and pass=1234 . These entries should be available inside the Pod’s container as environment variables APP_USER and APP_PASS .

Confirm everything is working.

译文

注意:只有当问题18或20已经成功实施,并且k8s-c3-CCC集群有一个正常工作的工作节点时,才能解决这个任务

在一个新的命名空间 secret 中进行以下操作。创建一个名为 secret-pod 的Pod,其镜像为 busybox:1.31.1 ,应该保持运行一段时间。

有一个位于 /opt/course/19/secret1.yaml 的现有Secret ,在命名空间 secret 中创建它,并将其以只读方式装载到 /tmp/secret1 的Pod中。

在命名空间 secret 中创建一个新的 secret ,称为 secret2 ,它应该包含user=user1pass=1234 。这些条目应该在Pod的容器中作为环境变量 APP_USERAPP_PASS 可用。

确认一切都在工作。

解答
kubectl config use-context k8s-c3-CCC

创建一个secret,并复制文件到当前目录进行编辑

k create ns secret
cp /opt/course/19/secret1.yaml 19_secret1.yaml

vim 19_secret1.yaml

19_secret1.yaml

# 19_secret1.yaml
apiVersion: v1
data:
  halt: IyEgL2Jpbi9zaAo...
kind: Secret
metadata:
  creationTimestamp: null
  name: secret1
  namespace: secret           # change

创建secret

k -f 19_secret1.yaml create

创建第二个secret

k -n secret create secret generic secret2 --from-literal=user=user1 --from-literal=pass=1234

创建一个pod模板并进行编辑

k -n secret run secret-pod --image=busybox:1.31.1 $do -- sh -c "sleep 1d" > 19.yaml

vim 19.yaml

19.yaml

# 19.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: secret-pod
  name: secret-pod
  namespace: secret                       # add
spec:
  containers:
  - args:
    - sh
    - -c
    - sleep 1d
    image: busybox:1.31.1
    name: secret-pod
    resources: {}
    env:                                  # add
    - name: APP_USER                      # add
      valueFrom:                          # add
        secretKeyRef:                     # add
          name: secret2                   # add
          key: user                       # add
    - name: APP_PASS                      # add
      valueFrom:                          # add
        secretKeyRef:                     # add
          name: secret2                   # add
          key: pass                       # add
    volumeMounts:                         # add
    - name: secret1                       # add
      mountPath: /tmp/secret1             # add
      readOnly: true                      # add
  dnsPolicy: ClusterFirst
  restartPolicy: Always
  volumes:                                # add
  - name: secret1                         # add
    secret:                               # add
      secretName: secret1                 # add
status: {}

创建pod

k -f 19.yaml create

检查

k -n secret exec secret-pod -- env | grep APP
k -n secret exec secret-pod -- find /tmp/secret1
k -n secret exec secret-pod -- cat /tmp/secret1/halt

create-secret-0