secretGenerator
Generate Secret resources.
Each entry in the argument list results in the creation of one Secret resource (it’s a generator of N secrets).
This works like the configMapGenerator.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: app-tls
files:
- secret/tls.cert
- secret/tls.key
type: "kubernetes.io/tls"
- name: app-tls-namespaced
# you can define a namespace to generate
# a secret in, defaults to: "default"
namespace: apps
files:
- tls.crt=catsecret/tls.cert
- tls.key=secret/tls.key
type: "kubernetes.io/tls"
- name: env_file_secret
envs:
- env.txt
type: Opaque
- name: secret-with-annotation
files:
- app-config.yaml
type: Opaque
options:
annotations:
app_config: "true"
labels:
app.kubernetes.io/name: "app2"
Secret Resources may be generated much like ConfigMaps can. This includes generating them from literals, files or environment files.
Secret Syntax
Secret type is set using the type
field.
Example
File Input
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
- name: app-tls
files:
- "tls.cert"
- "tls.key"
type: "kubernetes.io/tls"
# tls.cert
LS0tLS1CRUd...tCg==
# tls.key
LS0tLS1CRUd...0tLQo=
Build Output
apiVersion: v1
data:
tls.cert: TFMwdExTMUNSVWQuLi50Q2c9PQ==
tls.key: TFMwdExTMUNSVWQuLi4wdExRbz0=
kind: Secret
metadata:
name: app-tls-c888dfbhf8
type: kubernetes.io/tls
Important
It is important to note that the secrets are base64
encoded
当前内容版权归 kubernetes官网 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 kubernetes官网 .