secret

Secret 的功能类似于configmap给pod提供额外的配置信息，但是secret是一种包含少量敏感信息例如密码，令牌或秘钥的对象

Secret的名称必须是合法的DNS子域名

每个Secret的大小最多为1Mib，主要是为了避免用户创建非常大的Secret进而导致API服务器和kubelet内存耗尽，不过创建很多小的Secret也可能耗尽内存，可以使用资源配额来约束每个名字空间中的Secret个数

在通过yaml文件创建secret时，可以设置data或stringData字段，data和stringData字段都是可选的，data字段中所有的键值都必须是base64编码的字符串，如果不希望执行这种base64字符串的转换操作，也可以选择设置stringData字段，其中可以使用任何非加密的字符串作为其值。

Pod可以用三种方式的任意一种来使用Secret

作为挂载到一个或多个容器上的卷中的文件（crt文件，key文件）
作为容器的环境变量
由kubelet在为pod拉取镜像时使用（与镜像仓库的认证）

一、Secret类型：

kubernetes默认支持多种不同类型的secret，用于不同的使用场景，不同类型的secret的配置参数也不一样

Secret类型	使用场景
Opaque	用户定义的任意数据
kubernetes.io/service-account-token	ServiceAccount 令牌
kubernetes.io/dockercfg	~/.dockercfg文件的序列化形式
kuberentes.io/dockerconfigjson	~/.docker/config.json文件的序列化形式（harbor token）
kubernetes.io/ssh-auth	用于SSH身份认证的凭据
kubernetes.io/basic-auth	用于基本身份认证的凭据
kubernetes.io/tls	用于TLS环境，保存crt证书和key证书（nginx）
bootstrap.kubernetes.io/token	启动引导令牌数据

1、Opaque类型：

[root@haproxy1 case11-secret]# cat 1-secret-Opaque-data.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: mysecret-data
  namespace: myserver
type: Opaque
data:
  user: YWRtaW4K
  password: MTIzNDU2Cg==
#使用该secret
[root@haproxy1 case11-secret]# cat 3-secret-Opaque-mount.yaml 
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myserver-myapp-app1-deployment
  namespace: myserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myserver-myapp-app1
  template:
    metadata:
      labels:
        app: myserver-myapp-app1
    spec:
      containers:
      - name: myserver-myapp-app1
        image: tomcat:7.0.94-alpine
        ports:
        - containerPort: 8080
        volumeMounts:
        - mountPath: /data/myserver/auth
          name: myserver-auth-secret 
      volumes:
      - name: myserver-auth-secret
        secret:
          secretName: mysecret-data

---
apiVersion: v1
kind: Service
metadata:
  name: myserver-myapp-app1
  namespace: myserver
spec:
  ports:
  - name: http
    port: 8080
    targetPort: 8080
    nodePort: 30018
    protocol: TCP
  type: NodePort
  selector:
    app: myserver-myapp-app1

其实secret文件在宿主机上

[root@haproxy1 case11-secret]# kubectl get pods -n myserver -o wide 
NAME                                READY   STATUS    RESTARTS   AGE    IP               NODE            NOMINATED NODE   READINESS GATES
nginx-deployment-74884bcb49-qlb4t   1/1     Running   0          3d2h   10.200.169.187   172.16.92.141   <none>           <none>
[root@haproxy1 case11-secret]# 
#切换到141节点
[root@k8s-node2 ~]# find / -name 'password'
/var/lib/docker/overlay2/decf6b3c70bec605802f5824d982e12694f9aa75ecf085da17b7061cc36cfaa8/diff/var/lib/pam/password
/var/lib/docker/overlay2/1131ff1fd5fdc33c09af75345f10acc00cffff2e6b9f37402df3130606c7c00f/diff/etc/openldap/certs/password
/var/lib/docker/overlay2/18ac3e1b60586687ead24191c62597ca4a158506cbccceba53a770114c9cb0d0/diff/var/lib/pam/password
/var/lib/docker/overlay2/1cca6cd2f57a6d21aab637d8452ac1570a8434f8106d5b6f43823fafd0a0c263/diff/var/lib/pam/password
/var/lib/docker/overlay2/7358f47add11f41973fdf6c201d0f1961738ee879b56062b4e256854a6a60df1/diff/var/lib/pam/password
/var/lib/docker/overlay2/93756e042d8e6f52623036eca0a1ea732c7c31f05cdbe2771e70199efaba686e/merged/var/lib/pam/password
/var/lib/docker/overlay2/4ba8f3e91be4ef9317c60e320ee738b8b454df6fed0ed4008c4db16cdd3d17f0/merged/etc/openldap/certs/password
/var/lib/docker/overlay2/7580b8986873ffe858a426a12a1b36dd81ea97d1a6eb1bfd39bf28a0d615d7b3/merged/var/lib/pam/password
/var/lib/docker/overlay2/829c438193e680be085f965ab2eaa410e8990d6fc8d14e08c131ade7d152264b/merged/var/lib/pam/password
/var/lib/kubelet/pods/3e85f165-ec0e-4c9c-8d23-718f8a86fe39/volumes/kubernetes.io~secret/nginx-config/password
/var/lib/kubelet/pods/3e85f165-ec0e-4c9c-8d23-718f8a86fe39/volumes/kubernetes.io~secret/nginx-config/..2022_05_21_05_38_53.1146412810/password
/etc/openldap/certs/password
[root@k8s-node2 ~]# cat /var/lib/kubelet/pods/3e85f165-ec0e-4c9c-8d23-718f8a86fe39/volumes/kubernetes.io~secret/nginx-config/password
123456[root@k8s-node2 ~]# cat /var/lib/kubelet/pods/3e85f165-ec0e-4c9c-8d23-718f8a86fe39/volumes/kubernetes.io~secret/nginx-config/..2022_05_21_05_38_53.1146412810/password
123456[root@k8s-node2 ~]#

也可以通过etcd查询

[root@etcd2 ~]# etcdctl get / --keys-only --prefix |grep mysecret 
/registry/secrets/myserver/mysecret-stringdata
[root@etcd2 ~]# etcdctl  get /registry/secrets/myserver/mysecret-stringdata
/registry/secrets/myserver/mysecret-stringdata
k8s


v1Secret
         mysecret-stringdatmyserver"*$7c1bcec5-dd72-4ce3-9113-c86cad036a452

2、创建tls类型

[root@haproxy1 case11-secret]# 
[root@haproxy1 case11-secret]# kubectl create secret --help
Create a secret using specified subcommand.

Available Commands:
  docker-registry 创建一个给 Docker registry 使用的 secret
  generic         Create a secret from a local file, directory, or literal value
  tls             创建一个 TLS secret

Usage:
  kubectl create secret [flags] [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).

自签名证书

[root@haproxy1 certs-test]# openssl  req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 3560 -nodes -subj '/CN=www.ca.com'
Generating a 4096 bit RSA private key
.....................................................................................................................................................................++
........................................++
writing new private key to 'ca.key'
-----
[root@haproxy1 certs-test]# 
[root@haproxy1 certs-test]# openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj '/CN=www.mysite.com'
Generating a 4096 bit RSA private key
..................................................................................................++
....................................................................................++
writing new private key to 'server.key'
-----
[root@haproxy1 certs-test]# openssl x509 -req -sha256 -days 3650 -in server.csr -CA ca.crt  -CAkey ca.key  -set_serial 01 -out server.crt
Signature ok
subject=/CN=www.mysite.com
Getting CA Private Key
[root@haproxy1 certs-test]# ll
总用量 20
-rw-r--r-- 1 root root 1789 5月  21 20:09 ca.crt
-rw-r--r-- 1 root root 3272 5月  21 20:09 ca.key
-rw-r--r-- 1 root root 1667 5月  21 20:11 server.crt
-rw-r--r-- 1 root root 1590 5月  21 20:10 server.csr
-rw-r--r-- 1 root root 3268 5月  21 20:10 server.key

创建secret

[root@haproxy1 certs-test]# kubectl create secret tls  myserver-tls --cert=./server.crt  --key=./server.key  -n myserver 
secret/myserver-tls created
[root@haproxy1 certs-test]# kubectl get secrets  -n myserver 
NAME                  TYPE                                  DATA   AGE
default-token-2htdj   kubernetes.io/service-account-token   3      6d1h
myserver-tls          kubernetes.io/tls                     2      96s
[root@haproxy1 certs-test]# 
[root@haproxy1 certs-test]# kubectl describe secrets -n myserver myserver-tls 
Name:         myserver-tls
Namespace:    myserver
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/tls

Data
====
tls.crt:  1667 bytes
tls.key:  3268 bytes

[root@haproxy1 certs-test]# kubectl get secrets -n myserver  myserver-tls  -o yaml 
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVvakNDQW9vQ0FRRXdEUVlKS29aSWh2Y05BUUVMQlFBd0ZURVRNQkVHQTFVRUF3d0tkM2QzTG1OaExtTnYKYlRBZUZ3MHlNakExTWpFeE1qRXhORGhhRncwek1qQTFNVGd4TWpFeE5EaGFNQmt4RnpBVkJnTlZCQU1NRG5kMwpkeTV0ZVhOcGRHVXVZMjl0TUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEzby8xCmhJTjQzU0MycWVyU1dCeTRxZUNvOU5nMGJTWE1JMXNkajdBTzVlaEVhL0tQUnpPd0JzWTg3WXBpQUQ3NU5kZ3AKMnA4S1FtWDZmNUpvTDdBNXFWMzdoSzQzK0F4QVBWb1g0MGhCdk43V0h2TUZOSGJZN3FYRnFiRk5vRzNLZVB4ZApqalcvaC94b3I3d3B5eHJmMVlpSm9zaktyV3lLQ3JpR1lBemUxY2VURXU4YjdUN2Z5T0MxT0U4QWFqekFpM0RwCjZwTnUzL1BWNmpkMDN3azlJUnp1RW9BZTg4dTZmMVI2cEZGdEZ3K1JTa1R6R2RVWkRLOTlXMWNxTXpYUVlVdS8KY2Yxb1dTMmppdmtGK0dkdTlsRUM0NTdhakd1RStxQVNaNVNVOWIwcldJRGZxeGtYaCtqc21Udmg3WnZ2NkpxcAo3RXUxTVgvdUovUE9FUVMrcUpvOURDNnFEREFyM0R0TW5OczFXTjFibmp2UDhaUyt0TTN1MXd4UkhtLzU5MExCCkp1MWtYWU43cGxWcEdNZzh1WDd0ZXFZQVA4bEJoTVBIWVhnaHZZemwyNkJXMjZpcGJNM3Jhejc5elhlVk5ta0oKU1h6eU9aNmwxZEJGazJ5WHJDVllhQ1JpY1RGNDJsUlM2K05ld3lBay9vZDZkcHFDbWw2MHoxa0IrbmFTejVJRApKQTZpQVhCT2Yxemg1K21JVjdwUzZvZ0NVTUhMRnQ5NUZkdUtvYlFRSWgzcWxsZmQ1MFZIbkhZSkVjK2x4aXBYCnZhcEwrMFhFZXdxbFpJd3QzVDQ0VmdHWHh1bC83U0JQSWhTQVdVOHk1QVB3UXNmNEpuV1puK1VjMnNGUnYzanUKRWdjNWFOcWM2c3lCTHFLREZPbDI5L2d3SUdHNG1aT1J3dkRGQUpzQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQWdFQUZ1MGhzQlltR3VxOGZVb2VyWFNkSXRyNDZBMVY2QWRFdFRpZVdMZ0JUWnk4SThtVmR0MVNYUVNGCm1QaXpLdHU3ZWhuZGZnYUVIRDRlVHdyb1RGTDFIeTZNZW1uY2NhTThkcnRuVGNPclVVdlBMa252TEFyY3JMc3oKZUlqelZCdzJ2UGI4Ni8yVi9Nei9PUHdFOHZDTEhrN1p1YnNVbnZwZEhUY3lIekU1cVk1SGNtWUxINHB2a0xJcQpYV2V3WUZOMldnL2lETkc3engvSXJjd3MvOG50ZHlNWWVtdDEyV2VWVFRsa2tLekZhN3BhQ3BWSnlmL3hyWkJjCmdsTXhGdGozZDhKc29TbTdHZHlpay9NUlJKT1d5elNUSzEyNzJOVENURFFHeFU2cDFRcWdRYkw0QWRyd3FQWlgKUU9adkoxeUlUaVFFSS9hUW9FaWhYeEJleEszQ0J4V21keERpajU1dDhqakFQVDhlekxZWitQS2pXNElNYlhHYQpSeGhJY0RJVmhxck1XQzhFeW5CY3lxUndUdHNoV2M2bTlURHViMTVzcVV6VnZkVDRWZ3lER3AxRndvS250STJtCjRRU0d3UGduRlZ1d1BWM0ptaWR0bnArSldTRUd0cTErSXpFTEszZGowTk9aWnpkSnNNVWlrWmhRTS9NWGZIcDMKR1FEN2dPN0dia1lOb0w1Qm1OQUE1QTAxMTRPdGh1a21vcnNiUzk3MFh3YUxOU1hDd3BTL1V4cXNkMGdBRk9nVgpCbEw5cTl6djE3cjhBdVJmREZrbmFpTnYvdnA3VktkTFAzUTFSc0IwUVdyUkFHVCsvd3UzVFJIa3piblJYU1JsCnZWS3F4QTZNMSs1K085VGJ4ZXVmRlViZlYxNHZ6bmNLU2xKK2dBb0ljTGVtSE1aUkVMUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRGVqL1dFZzNqZElMYXAKNnRKWUhMaXA0S2owMkRSdEpjd2pXeDJQc0E3bDZFUnI4bzlITTdBR3hqenRpbUlBUHZrMTJDbmFud3BDWmZwLwprbWd2c0RtcFhmdUVyamY0REVBOVdoZmpTRUc4M3RZZTh3VTBkdGp1cGNXcHNVMmdiY3A0L0YyT05iK0gvR2l2CnZDbkxHdC9WaUltaXlNcXRiSW9LdUlaZ0RON1Z4NU1TN3h2dFB0L0k0TFU0VHdCcVBNQ0xjT25xazI3Zjg5WHEKTjNUZkNUMGhITzRTZ0I3enk3cC9WSHFrVVcwWEQ1RktSUE1aMVJrTXIzMWJWeW96TmRCaFM3OXgvV2haTGFPSworUVg0WjI3MlVRTGpudHFNYTRUNm9CSm5sSlQxdlN0WWdOK3JHUmVINk95Wk8rSHRtKy9vbXFuc1M3VXhmKzRuCjg4NFJCTDZvbWowTUxxb01NQ3ZjTzB5YzJ6VlkzVnVlTzgveGxMNjB6ZTdYREZFZWIvbjNRc0VtN1dSZGczdW0KVldrWXlEeTVmdTE2cGdBL3lVR0V3OGRoZUNHOWpPWGJvRmJicUtsc3pldHJQdjNOZDVVMmFRbEpmUEk1bnFYVgowRVdUYkplc0pWaG9KR0p4TVhqYVZGTHI0MTdESUNUK2gzcDJtb0thWHJUUFdRSDZkcExQa2dNa0RxSUJjRTUvClhPSG42WWhYdWxMcWlBSlF3Y3NXMzNrVjI0cWh0QkFpSGVxV1Y5M25SVWVjZGdrUno2WEdLbGU5cWt2N1JjUjcKQ3FWa2pDM2RQamhXQVpmRzZYL3RJRThpRklCWlR6TGtBL0JDeC9nbWRabWY1Unphd1ZHL2VPNFNCemxvMnB6cQp6SUV1b29NVTZYYjMrREFnWWJpWms1SEM4TVVBbXdJREFRQUJBb0lDQUJ0QXM0YXpkcVJWTWlqaVdUbHk0dVhpClhhNEZuMzNTQ0FvNFNRbGtQSjdJYjBCc3BrREl3b0JCM0FvV1RPUE0wa1ZXbitGbVlpSTVUSkE4aEVkNm84VHEKZmpjRUFsUjhZNDFmcjljajdQRE10Smw3bHFLUy93TlNCejg5TjgweVJIM0dJVXFkcUVObGxBZ1kyV0ZHZkN3dwptUEgyOW1LQURQTTlIeTg1eER1WFFab3E3MWVBd0hSZmw3RTZjMG1QQU9EU1JjSjBwVG9GS0tlU2ZOd216SFoyCmpXeDBoZFhDbDZhcDJJNndiZFJLRXJkdWMvb3d6dTF2dThEb2pvRlEwS0JwWHhyOU5iN2R5TTNtcW1WOWZPZnEKaVprSHhhazJMVVZuUG5teWh2OEVWLzl4WUhJYUUzaVAvQkRUZFZuY0kyZHZNT2wvWjhPVTc3dXlyZ1FGZWJiLwpCMlZHOGRBSnFoaUFnN2FvNGZDNG9KSHBPUXNtWThodWo5L1RuaEpFaFYyb0tzcHdDbGF4UFN6MUtWOEhWdmJTCnFGU3pKNk0rQmM4WnIzeXJ2Z3VRK20yY3FNallDL1VnMTdXNkROelgvTldsYlVBTnV1MVlkMnZzRTd0S0ltL1oKU3dvKzdPZ3VDWnNobDFscHo1Wno3WmM5d0xncTVZWU1wRGpLdTJEWGJyTzJPMEZiRjh6NExQNWJFZkFXNk9tbwpheGdDTkUrdXoxMDErVk9EaDhVckxvbU1McUVidTNOdngyb3gyWHpJOVN0Q0plTnJjeG5hSGdYUHNpTGhrYlFHCmd3STFvTHZaWHNWelo0K2dZdmloWHlib2M1NVhoZzJPTVJ4RTBYbjlzTEtoSUFCZDZSd05KNGp5Smc3eUVkWEcKT05kVjB0MFpUTDAreVl6WHF1RVpBb0lCQVFEOGNtdUh0N2p1bXdrc0lyTTBFZGhNQ2k3TGExbVlMMkVsVFA2dApEa1RxYVYvTHVKSS9YN2pnOHpCc0p5ajNVZEtpYmRBVW5aR0VmcEhxYWRCMGpUa2FPYnUramptMEpzTEcxS2RvClI2Q3dqL1UwTUM3RnN6WSt4MVJtdFhENldBK2RGQkhGRFB1L2RVenVzdFdsWG9EMlBiWjFrejk3M0EwdUEwYjIKMWhkK0psakliVDBCaGc1aDZSR3VvRmk5T2diQk9Ja1hTK0IxZ1BzZ2F1c2N5a0o1SGVDZzQvQVd5ZVJIbTYrMgpCRGFZNXYrbG9uNVg1Z09WMmNqK1lWK3lXWGtzQlRLRGg1dzU2NjhuOGkvQzg4RFM1SE42b0NSMnRaQTNGTDY0CkZqb3ZrdlRMSVJtL3VYMTM4UXdmVHVjRGtrV2pDcnRpb2NZdnBqQytLWnJHZktNMUFvSUJBUURoc2R6Miswb3UKWTY0aGtEWWhmVGZ4eG40R0twWklNcGtva3hoSTN0QmhIVXhheVpjY0RLaWFvRUIvMFFrWElXSGhpTGJ1QTJIQQpKbmxDMzN3cy91MU5zemd2N1VVaGJyQmgyYmkya2JkYmJsaVV2bU55K3VkU1VhYzY3NUdQTU5lV29DbEVOclFaCmJ2eTVCNEh1dW94QWJIVzlmd2dNRUFRRGUycCtqcW5mK0lCMGtvQ2JzdFgrN1B6aEVGMG9nbnl5cEtla3N6QTkKQWZzcVVhY0loeDdiWWVJMkNzbUdRSW9FZ01PM3hGVm81TnVIMUYwcmRwd2dWbVNxcnkrQzBhRGw2OGxhajFhTApvN2dzdGdzSy82Q3NTcHBHVGpZRHl5Wk1WN0d0dUVsQXVubVlEbklMcStFYTZLc3E2bGR3ZUFwQnh4SXE0QVVFClBJQWl6YlVZQXo2UEFvSUJBQzlTVDMvZ1c2VTJvTENLVEtkZEZQdWtDUU9PdXZ2QkhlZTlHQnhlaVdLYm9CNXoKR2M4UlpYbWRmSjA1ZGY5dWNocUtsUy9ZSFpnRmxkcW9QVEFyN09GU296UGtPMExlNVRJYVdNcythZ3ZPNEhzSQo4U3VVSFg0RkpYZ2ZXTzlFcEtDZ1MzaHhwNXRMSk1HMStrQ0doNHdoSTF2RTMyaWJaa2tTeWpHcERqeFNlZUFRClFoaFFCZEFxdldyTG1mYldzcjl6bHBjc1hRWUp5SWxhSVhxREc1VFNtZkh1NkdtTkxPS1RkNHVhSEpYcTcwOGcKTjZqSWNER2Q0b1Iwd2xpUFZ4eCtXT3E0OS9zUGlBVG43RFlTTlRvVEl1YUFzSFVrTWNWeGVSTE83OWROSitBUAo4MkN5SjZmZElwV1gxOHdlbGprcTROZHJWZGhHd2VwVHFEUysxbVVDZ2dFQU1IK3JEdnZTNWdNUGtURFBJUVVxCmQyOEM5OHBBL3dTNGVzcVpKbGVUQ2J0bEJBRmIwbkE1N3ZoT3craWtmbTd5L0tjSFFFQkR5aW02Vnc5MVBLb1AKVG1vYndkakh5VFppK3JQeGlISHBwK0VmY2Q4enVhcUcrTjZKQkJZay9sTXRrTFdjQ0llRXpnNVdpbUE5b0pJLwp2enhQVk1ndWI0RWxpNllDclcxMHZhZEYyMGI4RWZrdEdSbk9BWU1sc2FYUXJBYkw2NDJCNlNvNjBjNDRDWklYCnBHYjFXRTJiSHBsUnowUG9TdDRLeUg2ZFdpUGRYWkNnWGlhU2ZVY2wrNE9XZ3JIWFUvbUhUSHlEQUVDaVFOdkwKcUJwajZvVzEvN3l3M3lqZENvcVdXeTEzSWFEQkN4Y0ZTV1lFR2pXL1VuREpLM2RleFEzY3BodG1JWlI0dk04OQpxd0tDQVFCWGxhNXAxYkx5SEFCUnZOYWtSeE1YOUF2R0ZoS3ZFV2U1K3IvQmV0NDVlZ1Y3algrZ0lhaFVnU0Y0CjNUOWV0dDFjRjFxNVUyMUVJbm9va05XcmNieVM4MllUczZuaEhwUEJOTDlxTUM5MzhiNGkrTWhCODQrVXpIbW8KUDkyN0p4bWFWT1RzRkRqclV6anBqanRROW8zNTNvK1Znd3Rtc0FxUzU2ZUppeFhqd0JpaTlHbDhoSmpQZ3dXSAorVkh4Sy9rRE1xNGpWUy9ReGU2QVVEODlxR1lhT2J6UGtsZnVCWUFFZHkrR1duMkVJcmR4N0RsT0s5bks4QmtjCkNaN2k2eHFpZWdGUDNScmdsSFFBNTc0NndlTDhZelhtU3NMZUJvUFdVVGJyZGNSYXJmNU4zR1ZldmdHamNLakUKc1VCM1NZQ25EZS9jL1JvTVU1TzRpM0R6b0NHYwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
kind: Secret
metadata:
  creationTimestamp: "2022-05-24T08:04:32Z"
  name: myserver-tls
  namespace: myserver
  resourceVersion: "2659813"
  uid: dbfe8d83-bc9c-495b-8eb3-93bd61ff3584
type: kubernetes.io/tls


#上面的公钥和私钥其实都是通过base64加密的，可以进行解密查看
[root@haproxy1 certs-test]# echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVvakNDQW9vQ0FRRXdEUVlKS29aSWh2Y05BUUVMQlFBd0ZURVRNQkVHQTFVRUF3d0tkM2QzTG1OaExtTnYKYlRBZUZ3MHlNakExTWpFeE1qRXhORGhhRncwek1qQTFNVGd4TWpFeE5EaGFNQmt4RnpBVkJnTlZCQU1NRG5kMwpkeTV0ZVhOcGRHVXVZMjl0TUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEzby8xCmhJTjQzU0MycWVyU1dCeTRxZUNvOU5nMGJTWE1JMXNkajdBTzVlaEVhL0tQUnpPd0JzWTg3WXBpQUQ3NU5kZ3AKMnA4S1FtWDZmNUpvTDdBNXFWMzdoSzQzK0F4QVBWb1g0MGhCdk43V0h2TUZOSGJZN3FYRnFiRk5vRzNLZVB4ZApqalcvaC94b3I3d3B5eHJmMVlpSm9zaktyV3lLQ3JpR1lBemUxY2VURXU4YjdUN2Z5T0MxT0U4QWFqekFpM0RwCjZwTnUzL1BWNmpkMDN3azlJUnp1RW9BZTg4dTZmMVI2cEZGdEZ3K1JTa1R6R2RVWkRLOTlXMWNxTXpYUVlVdS8KY2Yxb1dTMmppdmtGK0dkdTlsRUM0NTdhakd1RStxQVNaNVNVOWIwcldJRGZxeGtYaCtqc21Udmg3WnZ2NkpxcAo3RXUxTVgvdUovUE9FUVMrcUpvOURDNnFEREFyM0R0TW5OczFXTjFibmp2UDhaUyt0TTN1MXd4UkhtLzU5MExCCkp1MWtYWU43cGxWcEdNZzh1WDd0ZXFZQVA4bEJoTVBIWVhnaHZZemwyNkJXMjZpcGJNM3Jhejc5elhlVk5ta0oKU1h6eU9aNmwxZEJGazJ5WHJDVllhQ1JpY1RGNDJsUlM2K05ld3lBay9vZDZkcHFDbWw2MHoxa0IrbmFTejVJRApKQTZpQVhCT2Yxemg1K21JVjdwUzZvZ0NVTUhMRnQ5NUZkdUtvYlFRSWgzcWxsZmQ1MFZIbkhZSkVjK2x4aXBYCnZhcEwrMFhFZXdxbFpJd3QzVDQ0VmdHWHh1bC83U0JQSWhTQVdVOHk1QVB3UXNmNEpuV1puK1VjMnNGUnYzanUKRWdjNWFOcWM2c3lCTHFLREZPbDI5L2d3SUdHNG1aT1J3dkRGQUpzQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQWdFQUZ1MGhzQlltR3VxOGZVb2VyWFNkSXRyNDZBMVY2QWRFdFRpZVdMZ0JUWnk4SThtVmR0MVNYUVNGCm1QaXpLdHU3ZWhuZGZnYUVIRDRlVHdyb1RGTDFIeTZNZW1uY2NhTThkcnRuVGNPclVVdlBMa252TEFyY3JMc3oKZUlqelZCdzJ2UGI4Ni8yVi9Nei9PUHdFOHZDTEhrN1p1YnNVbnZwZEhUY3lIekU1cVk1SGNtWUxINHB2a0xJcQpYV2V3WUZOMldnL2lETkc3engvSXJjd3MvOG50ZHlNWWVtdDEyV2VWVFRsa2tLekZhN3BhQ3BWSnlmL3hyWkJjCmdsTXhGdGozZDhKc29TbTdHZHlpay9NUlJKT1d5elNUSzEyNzJOVENURFFHeFU2cDFRcWdRYkw0QWRyd3FQWlgKUU9adkoxeUlUaVFFSS9hUW9FaWhYeEJleEszQ0J4V21keERpajU1dDhqakFQVDhlekxZWitQS2pXNElNYlhHYQpSeGhJY0RJVmhxck1XQzhFeW5CY3lxUndUdHNoV2M2bTlURHViMTVzcVV6VnZkVDRWZ3lER3AxRndvS250STJtCjRRU0d3UGduRlZ1d1BWM0ptaWR0bnArSldTRUd0cTErSXpFTEszZGowTk9aWnpkSnNNVWlrWmhRTS9NWGZIcDMKR1FEN2dPN0dia1lOb0w1Qm1OQUE1QTAxMTRPdGh1a21vcnNiUzk3MFh3YUxOU1hDd3BTL1V4cXNkMGdBRk9nVgpCbEw5cTl6djE3cjhBdVJmREZrbmFpTnYvdnA3VktkTFAzUTFSc0IwUVdyUkFHVCsvd3UzVFJIa3piblJYU1JsCnZWS3F4QTZNMSs1K085VGJ4ZXVmRlViZlYxNHZ6bmNLU2xKK2dBb0ljTGVtSE1aUkVMUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" |base64 -d
-----BEGIN CERTIFICATE-----
MIIEojCCAooCAQEwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAwwKd3d3LmNhLmNv
bTAeFw0yMjA1MjExMjExNDhaFw0zMjA1MTgxMjExNDhaMBkxFzAVBgNVBAMMDnd3
dy5teXNpdGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3o/1
hIN43SC2qerSWBy4qeCo9Ng0bSXMI1sdj7AO5ehEa/KPRzOwBsY87YpiAD75Ndgp
2p8KQmX6f5JoL7A5qV37hK43+AxAPVoX40hBvN7WHvMFNHbY7qXFqbFNoG3KePxd
jjW/h/xor7wpyxrf1YiJosjKrWyKCriGYAze1ceTEu8b7T7fyOC1OE8AajzAi3Dp
6pNu3/PV6jd03wk9IRzuEoAe88u6f1R6pFFtFw+RSkTzGdUZDK99W1cqMzXQYUu/
cf1oWS2jivkF+Gdu9lEC457ajGuE+qASZ5SU9b0rWIDfqxkXh+jsmTvh7Zvv6Jqp
7Eu1MX/uJ/POEQS+qJo9DC6qDDAr3DtMnNs1WN1bnjvP8ZS+tM3u1wxRHm/590LB
Ju1kXYN7plVpGMg8uX7teqYAP8lBhMPHYXghvYzl26BW26ipbM3raz79zXeVNmkJ
SXzyOZ6l1dBFk2yXrCVYaCRicTF42lRS6+NewyAk/od6dpqCml60z1kB+naSz5ID
JA6iAXBOf1zh5+mIV7pS6ogCUMHLFt95FduKobQQIh3qllfd50VHnHYJEc+lxipX
vapL+0XEewqlZIwt3T44VgGXxul/7SBPIhSAWU8y5APwQsf4JnWZn+Uc2sFRv3ju
Egc5aNqc6syBLqKDFOl29/gwIGG4mZORwvDFAJsCAwEAATANBgkqhkiG9w0BAQsF
AAOCAgEAFu0hsBYmGuq8fUoerXSdItr46A1V6AdEtTieWLgBTZy8I8mVdt1SXQSF
mPizKtu7ehndfgaEHD4eTwroTFL1Hy6MemnccaM8drtnTcOrUUvPLknvLArcrLsz
eIjzVBw2vPb86/2V/Mz/OPwE8vCLHk7ZubsUnvpdHTcyHzE5qY5HcmYLH4pvkLIq
XWewYFN2Wg/iDNG7zx/Ircws/8ntdyMYemt12WeVTTlkkKzFa7paCpVJyf/xrZBc
glMxFtj3d8JsoSm7Gdyik/MRRJOWyzSTK1272NTCTDQGxU6p1QqgQbL4AdrwqPZX
QOZvJ1yITiQEI/aQoEihXxBexK3CBxWmdxDij55t8jjAPT8ezLYZ+PKjW4IMbXGa
RxhIcDIVhqrMWC8EynBcyqRwTtshWc6m9TDub15sqUzVvdT4VgyDGp1FwoKntI2m
4QSGwPgnFVuwPV3Jmidtnp+JWSEGtq1+IzELK3dj0NOZZzdJsMUikZhQM/MXfHp3
GQD7gO7GbkYNoL5BmNAA5A0114OthukmorsbS970XwaLNSXCwpS/Uxqsd0gAFOgV
BlL9q9zv17r8AuRfDFknaiNv/vp7VKdLP3Q1RsB0QWrRAGT+/wu3TRHkzbnRXSRl
vVKqxA6M1+5+O9TbxeufFUbfV14vzncKSlJ+gAoIcLemHMZRELQ=
-----END CERTIFICATE-----