前提条件:
- K8S集群中正确部署了virtual-kubelet(serverless Kubernetes 默认集成)
ECI支持原生的Secret,可以像原生K8S集群一样使用Secret:
# kubectl create secret generic demo --from-literal=raw=test-secret
secret/demo created
# kubectl get secret demo -o yaml
apiVersion: v1
data:
raw: dGVzdC1zZWNyZXQ=
kind: Secret
metadata:
creationTimestamp: "2020-01-20T13:14:22Z"
name: demo
namespace: default
resourceVersion: "15357979"
selfLink: /api/v1/namespaces/default/secrets/demo
uid: c645990b-3b86-11ea-aa30-3e3af7242710
type: Opaque
将以下内容保存为pod.yaml:
apiVersion: v1
kind: Pod
metadata:
name: test-secret
spec:
# ACK场景下可以通过nodeName指定调度到ECI
# nodeName: virtual-node-eci-0
containers:
- name: nginx
image: nginx:latest
volumeMounts:
- name: secret-vol
mountPath: "/cache-test"
readOnly: true
volumes:
- name: secret-vol
secret:
secretName: demo
items:
- key: raw
path: secrets/raw
使用kubectl创建ECI实例:
# kubectl create -f pod.yaml
pod/test-secret created
# kubectl exec -it test-secret bash
root@test-secret:/# ls /cache-test/
secrets
root@test-secret:/# cat /cache-test/secrets/raw
test-secret
可见,已经将Secret挂载容器内。