Creating ssh secrets key file in kubernetes
If i create a secret from an id_rsa file using kubectl as:
kubectl create secret generic hcom-secret --from-file=ssh-privatekey=./.ssh/id_rsa
A
-
Since kubernetes-1.4 things got simpler. Here's my take how to improve the official Kubernetes howto.
To create the secret, use:
kubectl create secret generic ssh-keys --from-file=id_rsa=/path/to/.ssh/id_rsa --from-file=id_rsa.pub=/path/to/.ssh/id_rsa.pubTo mount the secret in your containers, use the following Pod config:
apiVersion: v1 kind: Pod metadata: name: secret-test-pod labels: name: secret-test spec: volumes: - name: ssh-keys-v secret: secretName: ssh-keys defaultMode: 0600 containers: - name: ssh-test-container image: mySshImage volumeMounts: - name: ssh-keys-v readOnly: true # container will see /root/.ssh/id_rsa as usual: mountPath: "/root/.ssh"Also nitpick: the
id_rsa.pubis hardly ever used, I wouldn't bother to secretize it until required.讨论(0) -
The official Kubernetes docs for secrets cover this exact use-case.
To create the secret, use:
$ kubectl create secret generic my-secret --from-file=ssh-privatekey=/path/to/.ssh/id_rsa --from-file=ssh-publickey=/path/to/.ssh/id_rsa.pubTo mount the secret in your containers, use the following Pod config:
{ "kind": "Pod", "apiVersion": "v1", "metadata": { "name": "secret-test-pod", "labels": { "name": "secret-test" } }, "spec": { "volumes": [ { "name": "secret-volume", "secret": { "secretName": "my-secret" } } ], "containers": [ { "name": "ssh-test-container", "image": "mySshImage", "volumeMounts": [ { "name": "secret-volume", "readOnly": true, "mountPath": "/etc/secret-volume" } ] } ] } }Kubernetes doesn't actually have a way to control file permissions for a secret as of now, but a recent Pull Request did add support for changing the path of secrets. This support was added with
1.3as per this commentHere are the permissions related Github Issues:
- https://github.com/kubernetes/kubernetes/issues/4789
- https://github.com/kubernetes/kubernetes/issues/28317
讨论(0)
加载中...
- 热议问题