解码Secret

Secret 中的信息可以通过 kubectl get secret 命令获取。例如,执行命令 kubectl get secret mysecret -o yaml 可获取前面章节中所创建的 Secret,输出信息如下:

  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4.   creationTimestamp: 2016-01-22T18:41:56Z
  5.   name: mysecret
  6.   namespace: default
  7.   resourceVersion: "164619"
  8.   uid: cfee02d6-c137-11e5-8d73-42010af00002
  9. type: Opaque
  10. data:
  11.   username: YWRtaW4=
  12.   password: MWYyZDFlMmU2N2Rm

执行命令 echo ‘MWYyZDFlMmU2N2Rm’ | base64 —decode 可解码密码字段,输出结果如下:

  1. 1f2d1e2e67df

执行命令 echo ‘YWRtaW4=’ | base64 —decode 可解码用户名字段,输出结果如下:

  1. admin

编辑Secret

执行命令 kubectl edit secrets mysecret 可以编辑已经创建的 Secret,该命令将打开一个类似于 vi 的文本编辑器,您可以直接编辑已经进行 base64 编码的字段,如下所示:

  1. # Please edit the object below. Lines beginning with a '#' will be ignored,
  2. # and an empty file will abort the edit. If an error occurs while saving this file will be
  3. # reopened with the relevant failures.
  4. #
  5. apiVersion: v1
  6. data:
  7.   username: YWRtaW4=
  8.   password: MWYyZDFlMmU2N2Rm
  9. kind: Secret
  10. metadata:
  11.   annotations:
  12.     kubectl.kubernetes.io/last-applied-configuration: { ... }
  13.   creationTimestamp: 2016-01-22T18:41:56Z
  14.   name: mysecret
  15.   namespace: default
  16.   resourceVersion: "164619"
  17.   uid: cfee02d6-c137-11e5-8d73-42010af00002
  18. type: Opaque