[zh] cleanup managing-secret-using-kubectl
zhuzhenghao
parent
d6f6e084a8
commit
5b6d59e071
|
|
@ -38,7 +38,7 @@ the username and password needed to access a database.
|
||||||
`Secret` 对象用来存储敏感数据,如 Pod 用于访问服务的凭据。例如,为访问数据库,你可能需要一个
|
`Secret` 对象用来存储敏感数据,如 Pod 用于访问服务的凭据。例如,为访问数据库,你可能需要一个
|
||||||
Secret 来存储所需的用户名及密码。
|
Secret 来存储所需的用户名及密码。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
You can create the Secret by passing the raw data in the command, or by storing
|
You can create the Secret by passing the raw data in the command, or by storing
|
||||||
the credentials in files that you pass in the command. The following commands
|
the credentials in files that you pass in the command. The following commands
|
||||||
create a Secret that stores the username `admin` and the password `S!B\*d$zDsb=`.
|
create a Secret that stores the username `admin` and the password `S!B\*d$zDsb=`.
|
||||||
|
|
@ -46,13 +46,13 @@ create a Secret that stores the username `admin` and the password `S!B\*d$zDsb=`
|
||||||
你可以通过在命令中传递原始数据,或将凭据存储文件中,然后再在命令行中创建 Secret。以下命令
|
你可以通过在命令中传递原始数据,或将凭据存储文件中,然后再在命令行中创建 Secret。以下命令
|
||||||
将创建一个存储用户名 `admin` 和密码 `S!B\*d$zDsb=` 的 Secret。
|
将创建一个存储用户名 `admin` 和密码 `S!B\*d$zDsb=` 的 Secret。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
### Use raw data
|
### Use raw data
|
||||||
-->
|
-->
|
||||||
### 使用原始数据
|
### 使用原始数据
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Run the following command:
|
Run the following command:
|
||||||
-->
|
-->
|
||||||
执行以下命令:
|
执行以下命令:
|
||||||
|
|
||||||
|
|
@ -62,21 +62,21 @@ kubectl create secret generic db-user-pass \
|
||||||
--from-literal=password='S!B\*d$zDsb='
|
--from-literal=password='S!B\*d$zDsb='
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
You must use single quotes `''` to escape special characters such as `$`, `\`,
|
You must use single quotes `''` to escape special characters such as `$`, `\`,
|
||||||
`*`, `=`, and `!` in your strings. If you don't, your shell will interpret these
|
`*`, `=`, and `!` in your strings. If you don't, your shell will interpret these
|
||||||
characters.
|
characters.
|
||||||
-->
|
-->
|
||||||
你必须使用单引号 `''` 转义字符串中的特殊字符,如 `$`、`\`、`*`、`=`和`!` 。否则,你的 shell
|
你必须使用单引号 `''` 转义字符串中的特殊字符,如 `$`、`\`、`*`、`=`和`!` 。否则,你的 shell
|
||||||
将会解析这些字符。
|
将会解析这些字符。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
### Use source files
|
### Use source files
|
||||||
-->
|
-->
|
||||||
### 使用源文件
|
### 使用源文件
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
1. Store the credentials in files:
|
1. Store the credentials in files:
|
||||||
-->
|
-->
|
||||||
1. 将凭据保存到文件:
|
1. 将凭据保存到文件:
|
||||||
|
|
||||||
|
|
@ -85,19 +85,19 @@ characters.
|
||||||
echo -n 'S!B\*d$zDsb=' > ./password.txt
|
echo -n 'S!B\*d$zDsb=' > ./password.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
The `-n` flag ensures that the generated files do not have an extra newline
|
The `-n` flag ensures that the generated files do not have an extra newline
|
||||||
character at the end of the text. This is important because when `kubectl`
|
character at the end of the text. This is important because when `kubectl`
|
||||||
reads a file and encodes the content into a base64 string, the extra
|
reads a file and encodes the content into a base64 string, the extra
|
||||||
newline character gets encoded too. You do not need to escape special
|
newline character gets encoded too. You do not need to escape special
|
||||||
characters in strings that you include in a file.
|
characters in strings that you include in a file.
|
||||||
-->
|
-->
|
||||||
`-n` 标志用来确保生成文件的文末没有多余的换行符。这很重要,因为当 `kubectl`
|
`-n` 标志用来确保生成文件的文末没有多余的换行符。这很重要,因为当 `kubectl`
|
||||||
读取文件并将内容编码为 base64 字符串时,额外的换行符也会被编码。
|
读取文件并将内容编码为 base64 字符串时,额外的换行符也会被编码。
|
||||||
你不需要对文件中包含的字符串中的特殊字符进行转义。
|
你不需要对文件中包含的字符串中的特殊字符进行转义。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
2. Pass the file paths in the `kubectl` command:
|
2. Pass the file paths in the `kubectl` command:
|
||||||
-->
|
-->
|
||||||
2. 在 `kubectl` 命令中传递文件路径:
|
2. 在 `kubectl` 命令中传递文件路径:
|
||||||
|
|
||||||
|
|
@ -107,11 +107,11 @@ characters.
|
||||||
--from-file=./password.txt
|
--from-file=./password.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
The default key name is the file name. You can optionally set the key name
|
The default key name is the file name. You can optionally set the key name
|
||||||
using `--from-file=[key=]source`. For example:
|
using `--from-file=[key=]source`. For example:
|
||||||
-->
|
-->
|
||||||
默认键名为文件名。你也可以通过 `--from-file=[key=]source` 设置键名,例如:
|
默认键名为文件名。你也可以通过 `--from-file=[key=]source` 设置键名,例如:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
kubectl create secret generic db-user-pass \
|
kubectl create secret generic db-user-pass \
|
||||||
|
|
@ -119,8 +119,8 @@ characters.
|
||||||
--from-file=password=./password.txt
|
--from-file=password=./password.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
With either method, the output is similar to:
|
With either method, the output is similar to:
|
||||||
-->
|
-->
|
||||||
无论使用哪种方法,输出都类似于:
|
无论使用哪种方法,输出都类似于:
|
||||||
|
|
||||||
|
|
@ -128,13 +128,13 @@ With either method, the output is similar to:
|
||||||
secret/db-user-pass created
|
secret/db-user-pass created
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
### Verify the Secret {#verify-the-secret}
|
### Verify the Secret {#verify-the-secret}
|
||||||
-->
|
-->
|
||||||
## 验证 Secret {#verify-the-secret}
|
## 验证 Secret {#verify-the-secret}
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Check that the Secret was created:
|
Check that the Secret was created:
|
||||||
-->
|
-->
|
||||||
检查 Secret 是否已创建:
|
检查 Secret 是否已创建:
|
||||||
|
|
||||||
|
|
@ -152,8 +152,8 @@ NAME TYPE DATA AGE
|
||||||
db-user-pass Opaque 2 51s
|
db-user-pass Opaque 2 51s
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
View the details of the Secret:
|
View the details of the Secret:
|
||||||
-->
|
-->
|
||||||
查看 Secret 的细节:
|
查看 Secret 的细节:
|
||||||
|
|
||||||
|
|
@ -161,8 +161,8 @@ View the details of the Secret:
|
||||||
kubectl describe secret db-user-pass
|
kubectl describe secret db-user-pass
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
The output is similar to:
|
The output is similar to:
|
||||||
-->
|
-->
|
||||||
输出类似于:
|
输出类似于:
|
||||||
|
|
||||||
|
|
@ -188,13 +188,13 @@ accidentally, or from being stored in a terminal log.
|
||||||
`kubectl get` 和 `kubectl describe` 命令默认不显示 `Secret` 的内容。
|
`kubectl get` 和 `kubectl describe` 命令默认不显示 `Secret` 的内容。
|
||||||
这是为了防止 `Secret` 被意外暴露或存储在终端日志中。
|
这是为了防止 `Secret` 被意外暴露或存储在终端日志中。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
### Decode the Secret {#decoding-secret}
|
### Decode the Secret {#decoding-secret}
|
||||||
-->
|
-->
|
||||||
### 解码 Secret {#decoding-secret}
|
### 解码 Secret {#decoding-secret}
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
1. View the contents of the Secret you created:
|
1. View the contents of the Secret you created:
|
||||||
-->
|
-->
|
||||||
1. 查看你所创建的 Secret 内容
|
1. 查看你所创建的 Secret 内容
|
||||||
|
|
||||||
|
|
@ -208,7 +208,7 @@ accidentally, or from being stored in a terminal log.
|
||||||
输出类似于:
|
输出类似于:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{"password":"UyFCXCpkJHpEc2I9","username":"YWRtaW4="}
|
{ "password": "UyFCXCpkJHpEc2I9", "username": "YWRtaW4=" }
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
|
|
@ -230,7 +230,7 @@ accidentally, or from being stored in a terminal log.
|
||||||
```
|
```
|
||||||
|
|
||||||
{{< caution >}}
|
{{< caution >}}
|
||||||
<!--
|
<!--
|
||||||
This is an example for documentation purposes. In practice,
|
This is an example for documentation purposes. In practice,
|
||||||
this method could cause the command with the encoded data to be stored in
|
this method could cause the command with the encoded data to be stored in
|
||||||
your shell history. Anyone with access to your computer could find the
|
your shell history. Anyone with access to your computer could find the
|
||||||
|
|
@ -246,15 +246,15 @@ accidentally, or from being stored in a terminal log.
|
||||||
kubectl get secret db-user-pass -o jsonpath='{.data.password}' | base64 --decode
|
kubectl get secret db-user-pass -o jsonpath='{.data.password}' | base64 --decode
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
## Edit a Secret {#edit-secret}
|
## Edit a Secret {#edit-secret}
|
||||||
-->
|
-->
|
||||||
## 编辑 Secret {#edit-secret}
|
## 编辑 Secret {#edit-secret}
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
You can edit an existing `Secret` object unless it is
|
You can edit an existing `Secret` object unless it is
|
||||||
[immutable](/docs/concepts/configuration/secret/#secret-immutable). To edit a
|
[immutable](/docs/concepts/configuration/secret/#secret-immutable). To edit a
|
||||||
Secret, run the following command:
|
Secret, run the following command:
|
||||||
-->
|
-->
|
||||||
你可以编辑一个现存的 `Secret` 对象,除非它是[不可改变的](/zh-cn/docs/concepts/configuration/secret/#secret-immutable)。
|
你可以编辑一个现存的 `Secret` 对象,除非它是[不可改变的](/zh-cn/docs/concepts/configuration/secret/#secret-immutable)。
|
||||||
要想编辑一个 Secret,请执行以下命令:
|
要想编辑一个 Secret,请执行以下命令:
|
||||||
|
|
@ -263,9 +263,9 @@ Secret, run the following command:
|
||||||
kubectl edit secrets <secret-name>
|
kubectl edit secrets <secret-name>
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
This opens your default editor and allows you to update the base64 encoded
|
This opens your default editor and allows you to update the base64 encoded
|
||||||
Secret values in the `data` field, such as in the following example:
|
Secret values in the `data` field, such as in the following example:
|
||||||
-->
|
-->
|
||||||
这将打开默认编辑器,并允许你更新 `data` 字段中的 base64 编码的 Secret 值,示例如下:
|
这将打开默认编辑器,并允许你更新 `data` 字段中的 base64 编码的 Secret 值,示例如下:
|
||||||
|
|
||||||
|
|
@ -294,13 +294,13 @@ metadata:
|
||||||
type: Opaque
|
type: Opaque
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
## Clean up
|
## Clean up
|
||||||
-->
|
-->
|
||||||
## 清理 {#clean-up}
|
## 清理 {#clean-up}
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
To delete a Secret, run the following command:
|
To delete a Secret, run the following command:
|
||||||
-->
|
-->
|
||||||
要想删除一个 Secret,请执行以下命令:
|
要想删除一个 Secret,请执行以下命令:
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue