1.Core Concepts - 13%

kubernetes.io > Documentation > Reference > kubectl CLI > kubectl Cheat Sheet
kubernetes.io > Documentation > Tasks > Monitoring, Logging, and Debugging > Get a Shell to a Running Container
kubernetes.io > Documentation > Tasks > Access Applications in a Cluster > Configure Access to Multiple Clusters
kubernetes.io > Documentation > Tasks > Access Applications in a Cluster > Accessing Clusters using API
kubernetes.io > Documentation > Tasks > Access Applications in a Cluster > Use Port Forwarding to Access Applications in a Cluster

1.Create a namespace called ‘mynamespace’ and a pod with image nginx called nginx on this namespace.

  1. kubectl create ns mynamespace
  2. kubectl run nginx --image=nginx --restart=Never -n mynamespace

2.Create the pod that was just described using YAML.

  1. kubectl run nginx --image=nginx --restart=Never -n mynamespace -o yaml --dry-run=client > nginx.yaml
  2. kubectl apply -f nginx.yaml

3.Create a busybox pod (using kubectl command) that runs the command “env”. Run it and see the output.

创建一个运行命令“env”的busybox pod(使用kubectl 命令),运行它并查看输出。
方式一:-it 直接可以查看输出

  1. kubectl run busybox --image=busybox --restart=Never --command -it -- env

方式二:不使用 -it

  1. kubectl run busybox --image=busybox --restart=Never --command -- env
  2. kubectl logs busybox

4.Create a busybox pod (using YAML) that runs the command “env”. Run it and see the output.

  1. kubectl run busybox --image=busybox --restart=Never --dry-run=client -o yaml --command -- env > busybox.yaml
  2. kubectl apply -f busybox.yaml

5.Get the YAML for a new namespace called ‘myns’ without creating it.

获取新命名空间myns的yaml模板,但不创建它。

  1. kubectl create ns myns --dry-run=client -o yaml

6.Get the YAML for a new ResourceQuota called ‘myrq’ with hard limits of 1 CPU, 1G memory and 2 pods without creating it.

获取一个新的ResourceQuota的yaml模板,ResourceQuota限制是1个CPU,1G内存,2个pod。

  1. kubectl create quota myrq --hard=cpu=1,memory=1G,pod=2 --dry-run=client -o yaml

7.Get pods on all namespaces.

  1. kubectl get po --all-namespaces

8.Create a pod with image nginx called nginx and expose traffic on port 80.

  1. kubectl run nginx --image=nginx --restart=Never --port=80

9.Change pod’s image to nginx:1.7.1. Observe that the container will be restarted as soon as the image gets pulled.

  1. # 将镜像修改为nginx:1.7.1
  2. kubectl set image pod/nginx nginx=nginx:1.7.1
  3. # 查看pod详细信息
  4. kubectl describe po nginx
  5. # 查看po
  6. kubectl get po nginx -w

10.Get nginx pod’s ip created in previous step, use a temp busybox image to wget its ‘/‘.

获取上一步中nginx的ip,使用临时的busybox镜像请求它的”/“路径。

  1. # 查看ip
  2. kubectl get po nginx -o wide
  3. # 创建临时pod busybox请求nginx的/路径
  4. kubectl run busybox --image=busybox --restart=Never --rm -it -- wget -O- 10.244.6.1:80

11.Get pod’s YAML.

  1. kubectl get po nginx -o yaml

12.Get pod logs.

  1. kubectl logs nginx

13.If pod crashed and restarted, get logs about the previous instance.

如果pod挂掉并且重启,获取它前一个实例的日志信息。

  1. kubectl logs nginx -p

14.Execute a simple shell on the nginx pod.

在nginx pod上执行一个简单的shell脚本。

  1. kubectl exec -it nginx -- /bin/bash

15.Create a busybox pod that echoes ‘hello world’ and then exits.

创建一个busybox pod,输出hello world后退出。

  1. kubectl run busybox --image=busybox --restart=Never -it -- echo 'hello world'
  2. # or
  3. kubectl run busybox --image=busybox --restart=Never -it -- /bin/sh -c 'echo hello world'

16.Do the same, but have the pod deleted automatically when it’s completed.

跟上一题一样,但是结束后要自动删除pod。

  1. kubectl run busybox --image=busybox --restart=Never --rm -it -- echo 'hello world'

17.Create an nginx pod and set an env value as ‘var1=val1’. Check the env value existence within the pod.

创建一个nginx的pod,设置env为’var1=var1’,检查pod里面的env是否存在。

  1. kubectl run nginx --image=nginx --restart=Never --env=var1=val1
  2. kubectl exec -it nginx -- env | grep val1

2.Multi-container Pods - 10%

1.Create a Pod with two containers, both with image busybox and command “echo hello; sleep 3600”. Connect to the second container and run ‘ls’.

创建一个带有两个容器的pod,镜像都是busybox,并且都带有”echo hello; sleep 3600”命令;连接第二个容器并运行’ls’。
思路:创建一个带有单个容器的 pod,并将其定义保存在 YAML 文件中;复制/粘贴与容器相关的值,因此您的最终 YAML 应包含以下两个容器(确保这些容器具有不同的名称)。

  1. kubectl run busybox --image=busybox --restart=Never --dry-run=client -o yaml -- /bin/sh -c 'echo hello;sleep 3600' > busybox.yaml
  1. containers:
  2. - args:
  3.    - /bin/sh
  4.    - -c
  5.    - echo hello;sleep 3600
  6.    image: busybox
  7.    name: busybox
  8.    resources: {}
  9. - args:
  10.   - /bin/sh
  11.   - -c
  12.   - echo hello;sleep 3600
  13.   image: busybox
  14.   name: busybox2
  1. kubectl apply -f busybox.yaml
  2. kubectl exec -it busybox -c busybox2 -- ls

2.Create a pod with an nginx container exposed on port 80. Add a busybox init container which downloads a page using “wget -O /work-dir/index.html http://neverssl.com/online”. Make a volume of type emptyDir and mount it in both containers. For the nginx container, mount it on “/usr/share/nginx/html” and for the initcontainer, mount it on “/work-dir”. When done, get the IP of the created pod and create a busybox pod and run “wget -O- IP”.

使用暴露在端口 80 上的 nginx 容器创建一个 pod。添加一个 busybox 初始化容器,该容器使用“wget -O /work-dir/index.html http://neverssl.com/online”下载页面。创建一个空目录的卷挂载到两个容器中。对于 nginx 容器,将其挂载到“/usr/share/nginx/html”,对于 init container,将其挂载到“/work-dir”。完成后,获取创建的 pod 的 IP 并创建一个 busybox pod 并运行“wget -O-IP”。
创建一个带有单个容器的 pod,并将其定义保存在 YAML 文件中:

  1. kubectl run web --image=nginx --restart=Never --port=80 --dry-run=client -o yaml > web.yaml

复制/粘贴与容器相关的值,因此您的最终 YAML 应包含卷和 initContainer:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   creationTimestamp: null
  5.   labels:
  6.     run: web
  7.   name: web
  8. spec:
  9.   containers:
  10.   - image: nginx
  11.     name: web
  12.     ports:
  13.     - containerPort: 80
  14.     volumeMounts:
  15.     - name: vol
  16.       mountPath: /usr/share/nginx/html
  17.   initContainers:
  18.   - image: busybox
  19.     name: busybox
  20.     args:
  21.     - /bin/sh
  22.     - -c
  23.     - wget -O /work-dir/index.html http://neverssl.com/online
  24.     volumeMounts:
  25.     - name: vol
  26.       mountPath: /work-dir
  27.   dnsPolicy: ClusterFirst
  28.   restartPolicy: Never
  29.   volumes:
  30.   - name: vol
  31.     emptyDir: {}
  32. status: {}

执行”wget -O- IP”:

  1. # 查看pod IP
  2. kubectl get po web -o wide
  3. # 执行wget
  4. kubectl run busybox-tmp --image=busybox --restart=Never --rm -it -- /bin/sh -c 'wget -O- 10.244.2.115'

3.Pod design - 20%

Labels and annotations

kubernetes.io > Documentation > Concepts > Overview > Working with Kubernetes Objects > Labels and Selectors

1.Create 3 pods with names nginx1,nginx2,nginx3. All of them should have the label app=v1.

  1. kubectl run nginx1 --image=nginx --labels=app=v1
  2. kubectl run nginx2 --image=nginx --labels=app=v1
  3. kubectl run nginx3 --image=nginx --labels=app=v1

2.Show all labels of the pods.

  1. kubectl get po --show-label

3.Change the labels of pod ‘nginx2’ to be app=v2.

  1. kubectl label po nginx2 app=v2 --overwrite

4.Get only the ‘app=v2’ pods.

  1. kubectl get po -l app=v2

5.Get the label ‘app’ for the pods (show a column with APP labels).

  1. kubectl get po -l app

6.Get only the ‘app=v2’ pods.

  1. kubectl get po -l app=v2

7.Remove the ‘app’ label from the pods we created before.

  1. kubectl delete po -l app

8.Create a pod that will be deployed to a Node that has the label ‘accelerator=nvidia-tesla-p100’.

创建一个pod,部署到带有标签’accelerator=nvidia-tesla-p100’的节点。
添加标签到一个节点:

  1. kubectl label nodes s2 accelerator=nvidia-tesla-p100
  2. kubectl get node s2 --show-labels

在 Pod YAML 上使用“nodeSelector”属性:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: cuda-test
  5. spec:
  6.   containers:
  7.     - name: cuda-test
  8.       image: "k8s.gcr.io/cuda-vector-add:v0.1"
  9.   nodeSelector: # add this
  10.     accelerator: nvidia-tesla-p100 # the selection label

9.Annotate pods nginx1, nginx2, nginx3 with “description=’my description’” value.

  1. kubectl annotate po nginx1 nginx2 nginx3 description=mydescription

10.Check the annotations for pod nginx1.

  1. kubectl annotate po nginx --list

11.Remove the annotations for these three pods.

  1. kubectl annotate po nginx{1..3} description-

Deployments

kubernetes.io > Documentation > Concepts > Workloads > Workload Resources > Deployments

1.Create a deployment with image nginx:1.18.0, called nginx, having 2 replicas, defining port 80 as the port that this container exposes (don’t create a service for this deployment).

  1. kubectl create deploy nginx --image=nginx:1.18.0 --replicas=2 --port=80

2.View the YAML of this deployment.

  1. kubectl get deploy nginx -o yaml

3.View the YAML of the replica set that was created by this deployment.

  1. kubectl get rs -l app=nginx
  2. kubectl get rs nginx-67dfd6c8f9  -o yaml

4.Get the YAML for one of the pods.

  1. kubectl get po -l app=nginx
  2. kubectl get po nginx-67dfd6c8f9-slwdh -o yaml

5.Check how the deployment rollout is going.

  1. kubectl rollout status deploy nginx

6.Update the nginx image to nginx:1.19.8.

  1. kubectl set image deploy nginx nginx=nginx:1.19.8
  2. # or
  3. kubectl edit deploy nginx

7.Check the rollout history and confirm that the replicas are OK.

  1. kubectl rollout history deploy nginx
  2. kubectl get deploy
  3. kubectl get ns
  4. kubectl get po

8.Undo the latest rollout and verify that new pods have the old image (nginx:1.18.0).

  1. kubectl rollout uodo deploy nginx
  2. kubectl describe deploy -i image

9.Do an on purpose update of the deployment with a wrong image nginx:1.91.

使用错误的图像 nginx:1.91 故意更新部署。

  1. kubectl set image deploy nginx nginx=nginx:1.91

10.Verify that something’s wrong with the rollout.

验证rollout是否有问题。

  1. kubectl rollout status deploy nginx
  2. kubectl get po

11.Return the deployment to the second revision (number 2) and verify the image is nginx:1.19.8.

将deployment返回到第二个修订版(编号 2)并验证镜像是 nginx:1.19.8。

  1. kubectl rollout undo deploy nginx --to-revision=2
  2. # 验证镜像是否正确
  3. kubectl describe deploy nginx | grep -i image
  4. # 查看rollout状态
  5. kubectl rollout status deploy nginx

12.Check the details of the fourth revision (number 4).

查看第四个版本的详情。

  1. kubectl rollout history deploy nginx --revision=4

13.Scale the deployment to 5 replicas.

  1. kubectl scale deploy nginx --replicas=5

14.Autoscale the deployment, pods between 5 and 10, targetting CPU utilization at 80%.

  1. kubectl autoscale deploy nginx --min=5 --max=10 --cpu-perent=80
  2. kubectl get hpa

15.Pause the rollout of the deployment.

暂停deployment的rollout。

  1. kubectl rollout pause deploy nginx

16.Update the image to nginx:1.19.9 and check that there’s nothing going on, since we paused the rollout.

更新镜像为1.19.9,检查是否发生任何事情,因为我们暂停了rollout。

  1. kubectl set image deploy nginx nginx=nginx:1.19.9
  2. kubectl rollout history deploy nginx

17.Resume the rollout and check that the nginx:1.19.9 image has been applied.

恢复rollout,检查镜像是否更新为nginx:1.19.9。

  1. kubectl rollout resume deploy nginx
  2. # 查看镜像版本
  3. kubectl describe deploy nginx | grep -i image

18.Delete the deployment and the horizontal pod autoscaler you created.

  1. kubectl delete deploy nginx
  2. kubectl delete hap nginx

Jobs

1.Create a job named pi with image perl that runs the command with arguments “perl -Mbignum=bpi -wle ‘print bpi(2000)’”.

  1. kubectl create job pi --image=perl -- perl -Mbignum=bpi -wle 'print bpi(2000)'

2.Wait till it’s done, get the output.

  1. kubectl get po
  2. kubectl logs pi-r8447

3.Create a job with the image busybox that executes the command ‘echo hello;sleep 30;echo world’.

  1. kubectl create job busybox --image=busybox -- /bin/sh -c 'echo hello;sleep 30;echo world'

4.Follow the logs for the pod (you’ll wait for 30 seconds).

  1. kubectl get po
  2. kubectl logs busybox-d4mgn -f

5.See the status of the job, describe it and see the logs.

  1. kubectl get jobs
  2. kubectl describe job busybox
  3. kubectl logs job/busybox

6.Delete the job.

  1. kubectl delete job busybox

7.Create a job but ensure that it will be automatically terminated by kubernetes if it takes more than 30 seconds to execute.

创建一个job,但要确保如果执行时间超过 30 秒,它将被 kubernetes 自动终止。
获取创建job的yaml模板:

  1. kubectl create job busybox --image=busybox --dry-run=client -o yaml -- /bin/sh -c 'while true;do echo hello;sleep 10;done' > job.yaml

修改yaml,Add job.spec.activeDeadlineSeconds=30:

  1. apiVersion: batch/v1
  2. kind: Job
  3. metadata:
  4.   creationTimestamp: null
  5.   name: busybox
  6. spec:
  7.   activeDeadlineSeconds: 30  # add this line
  8.   template:
  9.     metadata:
  10.       creationTimestamp: null
  11.     spec:
  12.       containers:
  13.       - command:
  14.         - /bin/sh
  15.         - -c
  16.         - while true;do echo hello;sleep 10;done
  17.         image: busybox
  18.         name: busybox
  19.         resources: {}
  20.       restartPolicy: Never
  21. status: {}

8.Create the same job, make it run 5 times, one after the other. Verify its status and delete it.

创建相同的job,使它运行5次,一个一个执行,然后查看他的状态后删除。

  1. apiVersion: batch/v1
  2. kind: Job
  3. metadata:
  4.   creationTimestamp: null
  5.   name: busybox
  6. spec:
  7.   completions: 5  # add this line
  8.   template:
  9.     metadata:
  10.       creationTimestamp: null
  11.     spec:
  12.       containers:
  13.       - command:
  14.         - /bin/sh
  15.         - -c
  16.         - while true;do echo hello;sleep 10;done
  17.         image: busybox
  18.         name: busybox
  19.         resources: {}
  20.       restartPolicy: Never
  21. status: {}

9.Create the same job, but make it run 5 parallel times.

创建相同的job,使它并行运行5次。

  1. apiVersion: batch/v1
  2. kind: Job
  3. metadata:
  4.   creationTimestamp: null
  5.   name: busybox
  6. spec:
  7.   parallelism: 5  # add this line
  8.   template:
  9.     metadata:
  10.       creationTimestamp: null
  11.     spec:
  12.       containers:
  13.       - command:
  14.         - /bin/sh
  15.         - -c
  16.         - while true;do echo hello;sleep 10;done
  17.         image: busybox
  18.         name: busybox
  19.         resources: {}
  20.       restartPolicy: Never
  21. status: {}

Cron jobs

kubernetes.io > Documentation > Tasks > Run Jobs > Running Automated Tasks with a CronJob

1.Create a cron job with image busybox that runs on a schedule of “/1 *” and writes ‘date; echo Hello from the Kubernetes cluster’ to standard output.

  1. kubectl create cronjob busybox --image=busybox --schedule="*/1 * * * *" -- /bin/sh -c 'date; echo Hello from the Kubernetes cluster'

2.Create a cron job with image busybox that runs every minute and writes ‘date; echo Hello from the Kubernetes cluster’ to standard output. The cron job should be terminated if it takes more than 17 seconds to start execution after its scheduled time (i.e. the job missed its scheduled time).

如果 cron 作业在其预定时间后开始执行的时间超过 17 秒(即作业错过了预定时间),则应终止该 cron 作业。
获取模板:

  1. kubectl create cronjob time-limited-job --image=busybox --restart=Never --dry-run=client --schedule="* * * * *" -o yaml -- /bin/sh -c 'date; echo Hello from the Kubernetes cluster' > time-limited-job.yaml

修改yaml,然后运行:

  1. apiVersion: batch/v1beta1
  2. kind: CronJob
  3. metadata:
  4.   creationTimestamp: null
  5.   name: time-limited-job
  6. spec:
  7.   startingDeadlineSeconds: 17 # add this line
  8.   jobTemplate:
  9.     metadata:
  10.       creationTimestamp: null
  11.       name: time-limited-job
  12.     spec:
  13.       template:
  14.         metadata:
  15.           creationTimestamp: null
  16.         spec:
  17.           containers:
  18.           - args:
  19.             - /bin/sh
  20.             - -c
  21.             - date; echo Hello from the Kubernetes cluster
  22.             image: busybox
  23.             name: time-limited-job
  24.             resources: {}
  25.           restartPolicy: Never
  26.   schedule: '* * * * *'
  27. status: {}

3.Create a cron job with image busybox that runs every minute and writes ‘date; echo Hello from the Kubernetes cluster’ to standard output. The cron job should be terminated if it successfully starts but takes more than 12 seconds to complete execution.

如果 cron 作业成功启动但需要超过 12 秒才能完成执行,则应终止它。

  1. apiVersion: batch/v1beta1
  2. kind: CronJob
  3. metadata:
  4.   creationTimestamp: null
  5.   name: time-limited-job
  6. spec:
  7.   jobTemplate:
  8.     metadata:
  9.       creationTimestamp: null
  10.       name: time-limited-job
  11.     spec:
  12.       activeDeadlineSeconds: 12 # add this line
  13.       template:
  14.         metadata:
  15.           creationTimestamp: null
  16.         spec:
  17.           containers:
  18.           - args:
  19.             - /bin/sh
  20.             - -c
  21.             - date; echo Hello from the Kubernetes cluster
  22.             image: busybox
  23.             name: time-limited-job
  24.             resources: {}
  25.           restartPolicy: Never
  26.   schedule: '* * * * *'
  27. status: {}

4.Configuration - 18%

ConfigMaps

kubernetes.io > Documentation > Tasks > Configure Pods and Containers > Configure a Pod to Use a ConfigMap

1.Create a configmap named config with values foo=lala,foo2=lolo.

  1. kubectl create cm config --from-literal=foo=lala --from-literal=foo2=lolo

2.Display its values.

  1. kubectl describe cm config

3.Create and display a configmap from a file.

  1. kubectl create cm configmap2 --from-file=config.txt
  2. kubectl describe cm configmap2

4.Create and display a configmap from a .env file.

  1. kubectl create cm config3 --from-env-file=game-env-file.properties
  2. kubectl describe cm config3

5.Create and display a configmap from a file, giving the key ‘special’.

  1. kubectl create cm config4 --from-file=special=game-env-file.properties
  2. kubectl describe cm config4

6.Create a configMap called ‘options’ with the value var5=val5. Create a new nginx pod that loads the value from variable ‘var5’ in an env variable called ‘option’.

官网拷贝模板然后修改:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: nginx
  5. spec:
  6.   containers:
  7.     - name: nginx
  8.       image: nginx
  9.       env:
  10.         - name: option
  11.           valueFrom:
  12.             configMapKeyRef:
  13.               name: options
  14.               key: var5
  15.   restartPolicy: Never

7.Create a configMap ‘anotherone’ with values ‘var6=val6’, ‘var7=val7’. Load this configMap as env variables into a new nginx pod.

官网拷贝模板然后修改:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: nginx
  5. spec:
  6.   containers:
  7.     - name: nginx
  8.       image: nginx
  9.       envFrom:
  10.       - configMapRef:
  11.           name: anotherone
  12.   restartPolicy: Never

8.Create a configMap ‘cmvolume’ with values ‘var8=val8’, ‘var9=val9’. Load this as a volume inside an nginx pod on path ‘/etc/lala’. Create the pod and ‘ls’ into the ‘/etc/lala’ directory.

官网拷贝模板然后修改:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: nginx
  5. spec:
  6.   containers:
  7.     - name: nginx
  8.       image: nginx
  9.       volumeMounts:
  10.       - name: config-volume
  11.         mountPath: /etc/lala
  12.   volumes:
  13.     - name: config-volume
  14.       configMap:
  15.         # Provide the name of the ConfigMap containing the files you want
  16.         # to add to the container
  17.         name: cmvolume
  18.   restartPolicy: Never

创建Pod,运行ls:

  1. kubectl apply -f nginx.yaml
  2. kubectl exec -it nginx -- ls /etc/lala

SecurityContext

kubernetes.io > Documentation > Tasks > Configure Pods and Containers > Configure a Security Context for a Pod or Container

1.Create the YAML for an nginx pod that runs with the user ID 101. No need to create the pod.

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   creationTimestamp: null
  5.   labels:
  6.     run: nginx
  7.   name: nginx
  8. spec:
  9.   securityContext: # insert this line
  10.     runAsUser: 101 # UID for the user
  11.   containers:
  12.   - image: nginx
  13.     imagePullPolicy: IfNotPresent
  14.     name: nginx
  15.     resources: {}
  16.   dnsPolicy: ClusterFirst
  17.   restartPolicy: Never
  18. status: {}

2.Create the YAML for an nginx pod that has the capabilities “NET_ADMIN”, “SYS_TIME” added to its single container.

将“NET_ADMIN”、“SYS_TIME”添加到容器。

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   creationTimestamp: null
  5.   labels:
  6.     run: nginx
  7.   name: nginx
  8. spec:
  9.   containers:
  10.   - image: nginx
  11.     imagePullPolicy: IfNotPresent
  12.     name: nginx
  13.     securityContext: # insert this line
  14.       capabilities: # and this
  15.         add: ["NET_ADMIN", "SYS_TIME"] # this as well
  16.     resources: {}
  17.   dnsPolicy: ClusterFirst
  18.   restartPolicy: Never
  19. status: {}

Requests and limits

kubernetes.io > Documentation > Tasks > Configure Pods and Containers > Assign CPU Resources to Containers and Pods

1.Create an nginx pod with requests cpu=100m,memory=256Mi and limits cpu=200m,memory=512Mi.

  1. kubectl run nginx --image=nginx --restart=Never --requests='cpu=100m,memory=256Mi' --limits='cpu=200m,memory=512Mi'

Secrets

kubernetes.io > Documentation > Concepts > Configuration > Secrets
kubernetes.io > Documentation > Tasks > Inject Data Into Applications > Distribute Credentials Securely Using Secrets

1.Create a secret called mysecret with the values password=mypass.

  1. kubectl create secret generic mysecret --from-literal=password=mypass

2.Create a secret called mysecret2 that gets key/value from a file.

  1. kubectl create secret generic mysecret2 --from-file=xxx.txt

3.Get the value of mysecret2.

  1. kubectl get secret mysecret2 -o yaml

4.Create an nginx pod that mounts the secret mysecret2 in a volume on path /etc/foo.

官网模板进行修改:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: nginx
  5. spec:
  6.   containers:
  7.   - name: nginx
  8.     image: nginx
  9.     volumeMounts:
  10.     - name: foo
  11.       mountPath: "/etc/foo"
  12.   volumes:
  13.   - name: foo
  14.     projected:
  15.       sources:
  16.       - secret:
  17.           name: mysecret2

查看目录下是否有secret信息:

  1. kubectl exec -it nginx -- ls /etc/foo

5.Delete the pod you just created and mount the variable ‘username’ from secret mysecret2 onto a new nginx pod in env variable called ‘USERNAME’.

删除刚刚创建的 pod,并将secret mysecret2 中的变量 ‘username’ 挂载到名为 ‘USERNAME’ 的 env 变量中的新 nginx pod 上。
官网模板进行修改:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: nginx
  5. spec:
  6.   containers:
  7.     - name: nginx
  8.       image: nginx
  9.       envFrom:
  10.       - secretRef:
  11.           name: mysecret2
  12.   restartPolicy: Never

ServiceAccounts

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/