数据库连接信息保护

目的

使用 Secret 资源类型来存储 MySQL 数据库连接信息。

环境

  • openshift v3.11.16/kubernetes v1.11.0

步骤

创建工程

1. CLI 登录到 OCP
$ oc login https://master.example.com:8443 -u admin -p admin
2. 创建工程
$ oc new-project lab05

创建 Secret

1. 创建 Secret
# oc create secret generic mysql-connectivities --from-literal='db-user'='test_user' --from-literal='db-password'='test_pass' --from-literal='db-root-password'='redhat' --from-literal='db-name'='testdb'
2. 查看 Secret
# oc get secret mysql-connectivities -o yaml
apiVersion: v1
data:
  db-name: dGVzdGRi
  db-password: dGVzdF9wYXNz
  db-root-password: cmVkaGF0
  db-user: dGVzdF91c2Vy
kind: Secret

根据模版创建应用

1. 查看模版
# cat mysql-secure.yaml
piVersion: v1
kind: DeploymentConfig
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      name: mysql
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: registry.example.com/rhscl/mysql-57-rhel7:latest
        env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                key: db-root-password
                name: mysql-connectivities
          - name: MYSQL_USER
            valueFrom:
              secretKeyRef:
                key: db-user
                name: mysql-connectivities
          - name: MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
                key: db-password
                name: mysql-connectivities
          - name: MYSQL_DATABASE
            valueFrom:
              secretKeyRef:
                key: db-name
                name: mysql-connectivities
        ports:
          - containerPort: 3306
            name: mysql
strategy:
  type: Rolling
2. 创建应用
# oc create -f mysql-secure.yaml
3. 查看部署的应用
# oc get pods
NAME            READY     STATUS    RESTARTS   AGE
mysql-1-8kcgc   1/1       Running   0          47s

数据库访问

1. 命令行进入容器
# oc rsh mysql-1-8kcgc
sh-4.2$
2. 登录 mysql 测试
sh-4.2$ mysql -utest_user -ptest_pass
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.24 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| testdb             |
+--------------------+

results matching ""

    No results matching ""