github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 05:57:25 +00:00
Code Issues Projects Releases Wiki Activity

update docs/design/secrets.md to v1beta3

Browse Source
This commit is contained in:
Chao Xu 2015-05-21 11:05:25 -07:00
parent 784c0e22eb
commit b1cf9fbc5c
1 changed files with 125 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

239
docs/design/secrets.md
View File

@ -389,12 +389,14 @@ To create a pod that uses an ssh key stored as a secret, we first need to create
```json ```json
{ {
"apiVersion": "v1beta2",
"kind": "Secret", "kind": "Secret",
"id": "ssh-key-secret", "apiVersion": "v1beta3",
"metadata": {
"name": "ssh-key-secret"
},
"data": { "data": {
"id-rsa.pub": "dmFsdWUtMQ0K", "id-rsa": "dmFsdWUtMg0KDQo=",
"id-rsa": "dmFsdWUtMg0KDQo=" "id-rsa.pub": "dmFsdWUtMQ0K"
} }
} }
``` ```
@ -407,38 +409,36 @@ Now we can create a pod which references the secret with the ssh key and consume
```json ```json
{ {
"id": "secret-test-pod",
"kind": "Pod", "kind": "Pod",
"apiVersion":"v1beta2", "apiVersion": "v1beta3",
"labels": { "metadata": {
"name": "secret-test" "name": "secret-test-pod",
"labels": {
"name": "secret-test"
}
}, },
"desiredState": { "spec": {
"manifest": { "volumes": [
"version": "v1beta1", {
"id": "secret-test-pod", "name": "secret-volume",
"containers": [{ "secret": {
"secretName": "ssh-key-secret"
}
}
],
"containers": [
{
"name": "ssh-test-container", "name": "ssh-test-container",
"image": "mySshImage", "image": "mySshImage",
"volumeMounts": [{ "volumeMounts": [
"name": "secret-volume", {
"mountPath": "/etc/secret-volume", "name": "secret-volume",
"readOnly": true "readOnly": true,
}] "mountPath": "/etc/secret-volume"
}],
"volumes": [{
"name": "secret-volume",
"source": {
"secret": {
"target": {
"kind": "Secret",
"namespace": "example",
"name": "ssh-key-secret"
}
} }
} ]
}] }
} ]
} }
} }
``` ```
@ -452,105 +452,116 @@ The container is then free to use the secret data to establish an ssh connection
### Use-Case: Pods with pod / test credentials ### Use-Case: Pods with pod / test credentials
Let's compare examples where a pod consumes a secret containing prod credentials and another pod This example illustrates a pod which consumes a secret containing prod
consumes a secret with test environment credentials. credentials and another pod which consumes a secret with test environment
credentials.
The secrets: The secrets:
```json ```json
[{
"apiVersion": "v1beta2",
"kind": "Secret",
"id": "prod-db-secret",
"data": {
"username": "dmFsdWUtMQ0K",
"password": "dmFsdWUtMg0KDQo="
}
},
{ {
"apiVersion": "v1beta2", "apiVersion": "v1beta3",
"kind": "Secret", "kind": "List",
"id": "test-db-secret", "items":
"data": { [{
"username": "dmFsdWUtMQ0K", "kind": "Secret",
"password": "dmFsdWUtMg0KDQo=" "apiVersion": "v1beta3",
} "metadata": {
}] "name": "prod-db-secret"
},
"data": {
"password": "dmFsdWUtMg0KDQo=",
"username": "dmFsdWUtMQ0K"
}
},
{
"kind": "Secret",
"apiVersion": "v1beta3",
"metadata": {
"name": "test-db-secret"
},
"data": {
"password": "dmFsdWUtMg0KDQo=",
"username": "dmFsdWUtMQ0K"
}
}]
}
``` ```
The pods: The pods:
```json ```json
[{
"id": "prod-db-client-pod",
"kind": "Pod",
"apiVersion":"v1beta2",
"labels": {
"name": "prod-db-client"
},
"desiredState": {
"manifest": {
"version": "v1beta1",
"id": "prod-db-pod",
"containers": [{
"name": "db-client-container",
"image": "myClientImage",
"volumeMounts": [{
"name": "secret-volume",
"mountPath": "/etc/secret-volume",
"readOnly": true
}]
}],
"volumes": [{
"name": "secret-volume",
"source": {
"secret": {
"target": {
"kind": "Secret",
"namespace": "example",
"name": "prod-db-secret"
}
}
}
}]
}
}
},
{ {
"id": "test-db-client-pod", "apiVersion": "v1beta3",
"kind": "Pod", "kind": "List",
"apiVersion":"v1beta2", "items":
"labels": { [{
"name": "test-db-client" "kind": "Pod",
}, "apiVersion": "v1beta3",
"desiredState": { "metadata": {
"manifest": { "name": "prod-db-client-pod",
"version": "v1beta1", "labels": {
"id": "test-db-pod", "name": "prod-db-client"
"containers": [{ }
"name": "db-client-container", },
"image": "myClientImage", "spec": {
"volumeMounts": [{ "volumes": [
{
"name": "secret-volume", "name": "secret-volume",
"mountPath": "/etc/secret-volume",
"readOnly": true
}]
}],
"volumes": [{
"name": "secret-volume",
"source": {
"secret": { "secret": {
"target": { "secretName": "prod-db-secret"
"kind": "Secret",
"namespace": "example",
"name": "test-db-secret"
}
} }
} }
}] ],
"containers": [
{
"name": "db-client-container",
"image": "myClientImage",
"volumeMounts": [
{
"name": "secret-volume",
"readOnly": true,
"mountPath": "/etc/secret-volume"
}
]
}
]
} }
} },
}] {
"kind": "Pod",
"apiVersion": "v1beta3",
"metadata": {
"name": "test-db-client-pod",
"labels": {
"name": "test-db-client"
}
},
"spec": {
"volumes": [
{
"name": "secret-volume",
"secret": {
"secretName": "test-db-secret"
}
}
],
"containers": [
{
"name": "db-client-container",
"image": "myClientImage",
"volumeMounts": [
{
"name": "secret-volume",
"readOnly": true,
"mountPath": "/etc/secret-volume"
}
]
}
]
}
}]
}
``` ```
The specs for the two pods differ only in the value of the object referred to by the secret volume The specs for the two pods differ only in the value of the object referred to by the secret volume