Creating ssh secrets key file in kubernetes

前端未结

关注

 2  494

星月不相逢 2021-02-04 14:44

If i create a secret from an id_rsa file using kubectl as:

kubectl create secret generic hcom-secret --from-file=ssh-privatekey=./.ssh/id_rsa

2条回答

再見小時候 (楼主)

2021-02-04 15:15

The official Kubernetes docs for secrets cover this exact use-case.

To create the secret, use:

$ kubectl create secret generic my-secret --from-file=ssh-privatekey=/path/to/.ssh/id_rsa --from-file=ssh-publickey=/path/to/.ssh/id_rsa.pub

To mount the secret in your containers, use the following Pod config:

{
  "kind": "Pod",
  "apiVersion": "v1",
  "metadata": {
    "name": "secret-test-pod",
    "labels": {
      "name": "secret-test"
    }
  },
  "spec": {
    "volumes": [
      {
        "name": "secret-volume",
        "secret": {
          "secretName": "my-secret"
        }
      }
    ],
    "containers": [
      {
        "name": "ssh-test-container",
        "image": "mySshImage",
        "volumeMounts": [
          {
            "name": "secret-volume",
            "readOnly": true,
            "mountPath": "/etc/secret-volume"
          }
        ]
      }
    ]
  }
}

Kubernetes doesn't actually have a way to control file permissions for a secret as of now, but a recent Pull Request did add support for changing the path of secrets. This support was added with 1.3 as per this comment

Here are the permissions related Github Issues:

https://github.com/kubernetes/kubernetes/issues/4789
https://github.com/kubernetes/kubernetes/issues/28317

0 讨论(0)

查看其它2个回答