###
# kubectl create namespace [命名空间名字] kubectl create namespace dev-es
# 查看当前命名空间 [root@alpha ~]# kubectl get namespace NAME STATUS AGE default Active 23h dev-es Active 21h ingress-nginx Active 21h kube-node-lease Active 23h kube-public Active 23h kube-system Active 23h kubernetes-dashboard Active 23h
# 创建k8s Secret kubectl create secret docker-registry pull-harbor-images --docker-server=192.168.2.139 --docker-username=admin --docker-password=‘123456‘ -n dev-es # 将secret添加到 ServiceAccount kubectl patch serviceaccount default -p ‘{"imagePullSecrets": [{"name": "pull-harbor-images"}]}‘ -n dev-es # 查看serviceAccount
[root@alpha ~]# kubectl get ServiceAccount -n dev-es NAME SECRETS AGE default 1 21h [root@alpha ~]# kubectl describe ServiceAccount default -n dev-es Name: default Namespace: dev-es Labels: <none> Annotations: <none> Image pull secrets: pull-harbor-images Mountable secrets: default-token-vvh8m Tokens: default-token-vvh8m Events: <none> # 查看secret [root@alpha ~]# kubectl get secret -n dev-es NAME TYPE DATA AGE default-token-vvh8m kubernetes.io/service-account-token 3 21h pull-harbor-images kubernetes.io/dockerconfigjson 1 21h
# 重启资源pod【kubectl rollout restart (资源 名称 命名空间)】
kubectl rollout restart deployment dev-nginx -n dev-es
# 为资源添加描述信息(相当于kubectl edit保存退出) - 重启pod
kubectl patch deployment dev-nginx -n dev-es -p ‘{"spec": {"template": {"metadata": {"annotations": {"version/config": "2021-0427-154811"}}}}}‘
# 生成创建密保字典yaml kubectl create secret tls tls-https-secret -n dev-es --cert=/root/tls/https.crt --key=/root/tls/https.key --dry-run -o yaml > /tmp/tls.yaml
# 创建密保字典 kubectl apply -f /tmp/tls.yaml
# 查看生成tls.yaml模板样式 #[root@alpha ~]# cat /tmp/tls.yaml apiVersion: v1 #此处数据创建时已通过base 64进行加密过 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tC................fjksld= tls.key: LS0tLS1CRUdJxdsklfndngdsknfkdngnfdgmf................fkdsa== kind: Secret metadata: creationTimestamp: null name: tls-https-secret namespace: dev-es type: kubernetes.io/tls
###
原文:https://www.cnblogs.com/faithH/p/14717223.html