有些情况下，出于管理的需要，关键的生产环境的密码等只能运维工程师知道。而不允许告诉开发工程师。Secret能很好的解决这个问题。举个例子，生产环境要用到MySQL。

编写yaml文件

playground-secret.yaml

apiVersion: v1kind: Secrettype: Opaquemetadata:  name: "playground-secret"  namespace: "playground"data:  mysql-db-name: "cGxheWdyb3VuZA=="         # echo -n "playground" | base64  结果 "cGxheWdyb3VuZA=="  mysql-username: "cm9vdA=="                # echo -n "root"       | base64  结果 "cm9vdA=="  mysql-password: "cm9vdA=="                # echo -n "root"       | base64  结果 "cm9vdA=="复制代码

创建之

kubectl apply -f playground-secret.yaml

使用

apiVersion: v1kind: Podmetadata:  name: playground-pod  namespace: "playground"  labels:    app: "playground"spec:  volumes:  - name: log    hostPath:      path: "/var/log"  containers:  - name: "app"    image: "10.211.55.6:5000/yingzhuo/playground:latest"    imagePullPolicy: Always    env:    - name: MYSQL_DB_NAME      valueFrom:        secretKeyRef:          name: "playground-secret"          key: "mysql-db-name"          optional: false    - name: MYSQL_USERNAME      valueFrom:        secretKeyRef:          name: "playground-secret"          key: "mysql-username"          optional: false    - name: MYSQL_PASSWORD      valueFrom:        secretKeyRef:          name: "playground-secret"          key: "mysql-password"          optional: false    ports:    - containerPort: 8080    volumeMounts:    - name: log      mountPath: "/var/log"  - name: "db"    image: "10.211.55.6:5000/yingzhuo/playground-mysql:latest"    imagePullPolicy: Always    ports:    - containerPort: 3306复制代码

如此这般，就在pod启动时，容器自动被注入了MYSQL_DB_NAME等环境变量。相当方便!