github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8627 from caesarxuchao/secrets-design-docs

Browse Source 
update docs/design/secrets.md to v1beta3
This commit is contained in:
Dawn Chen 2015-05-22 14:51:29 -07:00
commit 17715c7b39
1 changed files with 125 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
docs/design/secrets.md
View File

@ -389,12 +389,14 @@ To create a pod that uses an ssh key stored as a secret, we first need to create
```json ```json
{ {
"apiVersion": "v1beta2",
"kind": "Secret", "kind": "Secret",
"id": "ssh-key-secret", "apiVersion": "v1beta3",
"metadata": {
"name": "ssh-key-secret"
},
"data": { "data": {
"id-rsa.pub": "dmFsdWUtMQ0K", "id-rsa": "dmFsdWUtMg0KDQo=",
"id-rsa": "dmFsdWUtMg0KDQo=" "id-rsa.pub": "dmFsdWUtMQ0K"
} }
} }
``` ```
@ -407,38 +409,36 @@ Now we can create a pod which references the secret with the ssh key and consume
```json ```json
{ {
"id": "secret-test-pod",
"kind": "Pod", "kind": "Pod",
"apiVersion":"v1beta2", "apiVersion": "v1beta3",
"metadata": {
"name": "secret-test-pod",
"labels": { "labels": {
"name": "secret-test" "name": "secret-test"
}
}, },
"desiredState": { "spec": {
"manifest": { "volumes": [
"version": "v1beta1", {
"id": "secret-test-pod", "name": "secret-volume",
"containers": [{ "secret": {
"secretName": "ssh-key-secret"
}
}
],
"containers": [
{
"name": "ssh-test-container", "name": "ssh-test-container",
"image": "mySshImage", "image": "mySshImage",
"volumeMounts": [{ "volumeMounts": [
{
"name": "secret-volume", "name": "secret-volume",
"mountPath": "/etc/secret-volume", "readOnly": true,
"readOnly": true "mountPath": "/etc/secret-volume"
}]
}],
"volumes": [{
"name": "secret-volume",
"source": {
"secret": {
"target": {
"kind": "Secret",
"namespace": "example",
"name": "ssh-key-secret"
} }
]
} }
} ]
}]
}
} }
} }
``` ```
@ -452,105 +452,116 @@ The container is then free to use the secret data to establish an ssh connection
### Use-Case: Pods with pod / test credentials ### Use-Case: Pods with pod / test credentials
Let's compare examples where a pod consumes a secret containing prod credentials and another pod This example illustrates a pod which consumes a secret containing prod
consumes a secret with test environment credentials. credentials and another pod which consumes a secret with test environment
credentials.
The secrets: The secrets:
```json ```json
[{
"apiVersion": "v1beta2",
"kind": "Secret",
"id": "prod-db-secret",
"data": {
"username": "dmFsdWUtMQ0K",
"password": "dmFsdWUtMg0KDQo="
}
},
{ {
"apiVersion": "v1beta2", "apiVersion": "v1beta3",
"kind": "List",
"items":
[{
"kind": "Secret", "kind": "Secret",
"id": "test-db-secret", "apiVersion": "v1beta3",
"metadata": {
"name": "prod-db-secret"
},
"data": { "data": {
"username": "dmFsdWUtMQ0K", "password": "dmFsdWUtMg0KDQo=",
"password": "dmFsdWUtMg0KDQo=" "username": "dmFsdWUtMQ0K"
} }
}] },
{
"kind": "Secret",
"apiVersion": "v1beta3",
"metadata": {
"name": "test-db-secret"
},
"data": {
"password": "dmFsdWUtMg0KDQo=",
"username": "dmFsdWUtMQ0K"
}
}]
}
``` ```
The pods: The pods:
```json ```json
[{ {
"id": "prod-db-client-pod", "apiVersion": "v1beta3",
"kind": "List",
"items":
[{
"kind": "Pod", "kind": "Pod",
"apiVersion":"v1beta2", "apiVersion": "v1beta3",
"metadata": {
"name": "prod-db-client-pod",
"labels": { "labels": {
"name": "prod-db-client" "name": "prod-db-client"
}
}, },
"desiredState": { "spec": {
"manifest": { "volumes": [
"version": "v1beta1", {
"id": "prod-db-pod", "name": "secret-volume",
"containers": [{ "secret": {
"secretName": "prod-db-secret"
}
}
],
"containers": [
{
"name": "db-client-container", "name": "db-client-container",
"image": "myClientImage", "image": "myClientImage",
"volumeMounts": [{ "volumeMounts": [
{
"name": "secret-volume", "name": "secret-volume",
"mountPath": "/etc/secret-volume", "readOnly": true,
"readOnly": true "mountPath": "/etc/secret-volume"
}]
}],
"volumes": [{
"name": "secret-volume",
"source": {
"secret": {
"target": {
"kind": "Secret",
"namespace": "example",
"name": "prod-db-secret"
} }
]
} }
]
} }
}] },
} {
}
},
{
"id": "test-db-client-pod",
"kind": "Pod", "kind": "Pod",
"apiVersion":"v1beta2", "apiVersion": "v1beta3",
"metadata": {
"name": "test-db-client-pod",
"labels": { "labels": {
"name": "test-db-client" "name": "test-db-client"
}
}, },
"desiredState": { "spec": {
"manifest": { "volumes": [
"version": "v1beta1", {
"id": "test-db-pod", "name": "secret-volume",
"containers": [{ "secret": {
"secretName": "test-db-secret"
}
}
],
"containers": [
{
"name": "db-client-container", "name": "db-client-container",
"image": "myClientImage", "image": "myClientImage",
"volumeMounts": [{ "volumeMounts": [
{
"name": "secret-volume", "name": "secret-volume",
"mountPath": "/etc/secret-volume", "readOnly": true,
"readOnly": true "mountPath": "/etc/secret-volume"
}]
}],
"volumes": [{
"name": "secret-volume",
"source": {
"secret": {
"target": {
"kind": "Secret",
"namespace": "example",
"name": "test-db-secret"
} }
]
} }
]
} }
}] }]
} }
}
}]
``` ```
The specs for the two pods differ only in the value of the object referred to by the secret volume The specs for the two pods differ only in the value of the object referred to by the secret volume