ConfigMap對(duì)像是一系列配置的集合,k8s會(huì)將這一集合注入到對(duì)應(yīng)的Pod對(duì)像中,并為容器成功啟動(dòng)使用。注入的方式一般有兩種,一種是掛載存儲(chǔ)卷,一種是傳遞變量。ConfigMap被引用之前必須存在,屬于名稱(chēng)空間級(jí)別,不能跨名稱(chēng)空間使用,內(nèi)容明文顯示。ConfigMap內(nèi)容修改后,對(duì)應(yīng)的pod必須重啟或者重新加載配置。
Secret類(lèi)似于ConfigMap,是用Base64加密,密文顯示,一般存放敏感數(shù)據(jù)。一般有兩種創(chuàng)建方式,一種是使用kubectl create創(chuàng)建,一種是用Secret配置文件。
ConfigMap鍵值使用幫助:kubectl explain pods.spec.containers.env
ConfigMap卷創(chuàng)建幫助: kubectl explain pods.spec.volumes
ConfigMap卷引用幫助:kubectl explain pods.spec.containers.volumeMounts
Secret幫助:kubectl explain secret
網(wǎng)站建設(shè)哪家好,找成都創(chuàng)新互聯(lián)!專(zhuān)注于網(wǎng)頁(yè)設(shè)計(jì)、網(wǎng)站建設(shè)、微信開(kāi)發(fā)、微信小程序開(kāi)發(fā)、集團(tuán)企業(yè)網(wǎng)站建設(shè)等服務(wù)項(xiàng)目。為回饋新老客戶(hù)創(chuàng)新互聯(lián)還提供了松滋免費(fèi)建站歡迎大家使用!
一,ConfigMap存儲(chǔ)卷
1.使用鍵值直接創(chuàng)建對(duì)像
[root@k8s01 yaml]# kubectl create configmap wuhan123 --from-literal=wuhan="2019軍運(yùn)會(huì)"
configmap/wuhan123
[root@k8s01 yaml]# kubectl get configmap wuhan123
NAME DATA AGE
wuhan123 1 27s
[root@k8s01 yaml]# kubectl get configmap wuhan123 -o yaml
apiVersion: v1 data: wuhan: 2019軍運(yùn)會(huì) --鍵和數(shù)據(jù) kind: ConfigMap metadata: creationTimestamp: "2019-10-26T06:30:13Z" name: wuhan123 namespace: default resourceVersion: "3790588" selfLink: /api/v1/namespaces/default/configmaps/wuhan123 uid: c7771f6f-3825-47f8-9029-4630810b6dd5
[root@k8s01 yaml]#
1.1引用ConfigMap鍵值中的單個(gè)對(duì)像:
[root@k8s01 yaml]# vim wuhan123.yaml
apiVersion: v1 kind: Pod metadata: name: wuhan123 namespace: default labels: app: web spec: containers: - name: wuhan123 image: nginx:latest imagePullPolicy: Never env: - name: abc --引用到數(shù)據(jù)后存放值 valueFrom: configMapKeyRef: name: wuhan123 --configmap名 key: wuhan --鍵 [root@k8s01 yaml]# kubectl apply -f wuhan123.yaml
pod/wuhan123 created
[root@k8s01 yaml]# kubectl exec -it wuhan123 bash
root@wuhan123:/# echo $abc --在容器中輸出鍵中的值
2019軍運(yùn)會(huì)
root@wuhan123:/# exit
exit
[root@k8s01 yaml]#
1.2引用ConfigMap中所有對(duì)像
[root@k8s01 yaml]# vim wuhan123-1.yaml
apiVersion: v1 kind: Pod metadata: name: wuhan123-1 namespace: default labels: app: web spec: containers: - name: wuhan123-1 image: nginx:latest imagePullPolicy: Never envFrom: --引用configmap所有值 - prefix: WUHAN_ --為每個(gè)變量加前綴 configMapRef: name: wuhan123 optional: false
[root@k8s01 yaml]# kubectl apply -f wuhan123-1.yaml
pod/wuhan123-1 created
[root@k8s01 yaml]# kubectl exec -it wuhan123-1 bash
root@wuhan123-1:/# echo $WUHAN_wuhan --訪(fǎng)問(wèn)變量時(shí)要加前綴
2019軍運(yùn)會(huì)
root@wuhan123-1:/# exit
exit
[root@k8s01 yaml]#
2.基于文件創(chuàng)建
[root@k8s01 yaml]# kubectl create configmap wuhan2 --from-file=/root/yaml/nginx.conf --指定掛載的文件
configmap/wuhan2 created
[root@k8s01 yaml]# kubectl get configmap wuhan2
NAME DATA AGE
wuhan2 1 18s
[root@k8s01 yaml]# kubectl get configmap wuhan2 -o yaml
apiVersion: v1
data:
nginx.conf: |+
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
error_log logs/error.log error;
pid logs/nginx.pid;
http {
server_info off;
include common/mime.types;
default_type application/octet-stream;
index index.html index.htm default.html default.htm index.json;
log_format main
'[$remote_addr $http_x_forwarded_for - $remote_user $time_local] '
'[Request: $host "$request"] $request_time sec '
'[Detail: $status $body_bytes_sent $http_referer] '
'[Upstream: $upstream_addr $upstream_status]' ' $upstream_response_time sec';
access_log logs/access.log main;
keepalive_timeout 65;
sendfile on;
client_max_body_size 10240m;
client_body_buffer_size 1024k;
resolver 114.114.114.114 8.8.8.8;
uwsgi_cache_path uwsgi_temp levels=1:2 keys_zone=IFLYTEK_UWSGI_CACHE:100m inactive=5m max_size=20g;
include common/uwsgi.conf;
include common/proxy.conf;
include common/fastcgi.conf;
include common/gzip.conf;
include sites/*.conf;
}
kind: ConfigMap
metadata:
creationTimestamp: "2019-10-26T06:36:20Z"
name: wuhan2
namespace: default
resourceVersion: "3791130"
selfLink: /api/v1/namespaces/default/configmaps/wuhan2
uid: 6305dd66-df6c-48a8-a1ad-02513ad64d6c
[root@k8s01 yaml]#
2.1引用configmap對(duì)像
[root@k8s01 yaml]# vim wuhan234.yaml
apiVersion: v1 kind: Pod metadata: name: wuhan234 namespace: default labels: app: web spec: containers: - name: wuhan234 image: nginx:latest imagePullPolicy: Never volumeMounts: - name: ngxconf mountPath: /usr/share/nginx/conf --將configmap掛載到指定目錄 readOnly: true volumes: - name: ngxconf --定義一個(gè)卷存儲(chǔ) configMap: name: wuhan2 --指定configmap名
[root@k8s01 yaml]# kubectl apply -f wuhan234.yaml
pod/wuhan234 created
[root@k8s01 yaml]# kubectl exec -it wuhan234 bash
root@wuhan234:/# head -2 /usr/share/nginx/conf/nginx.conf --查看掛載后內(nèi)容
worker_processes auto;
worker_cpu_affinity auto;
root@wuhan234:/# exit
exit
[root@k8s01 yaml]#
3.基于目錄創(chuàng)建
[root@k8s01 yaml]# kubectl create configmap wuhan3 --from-file=/root/yaml/
configmap/wuhan3 created
[root@k8s01 yaml]# kubectl get configmap wuhan3
NAME DATA AGE
wuhan3 8 5s
[root@k8s01 yaml]# kubectl get configmap wuhan3 -o yaml
3.1引用configmap對(duì)像(掛載目錄中指定文件)
[root@k8s01 yaml]# vim wuhan345.yaml
apiVersion: v1 kind: Pod metadata: name: wuhan345 namespace: default labels: app: web spec: containers: - name: wuhan345 image: nginx:latest imagePullPolicy: Never volumeMounts: - name: ngxconf mountPath: /usr/share/nginx/conf readOnly: true volumes: - name: ngxconf --定義存儲(chǔ)卷名 configMap: name: wuhan3 --引用configmap名 items: - key: nginx.yaml --引用后的文件名 path: nginx.yaml --引用前文件名 mode: 0777 --文件權(quán)限 - key: helm123.yaml --將helm.yaml文件引用后映射成helm123.yaml path: helm.yaml mode: 0600
[root@k8s01 yaml]# kubectl apply -f wuhan345.yaml
pod/wuhan345 created
[root@k8s01 yaml]# kubectl exec -it wuhan345 bash
root@wuhan345:/# ls -al /usr/share/nginx/conf/
total 0
drwxrwxrwx 3 root root 97 Oct 26 08:25 .
drwxr-xr-x 1 root root 18 Oct 26 08:25 ..
drwxr-xr-x 2 root root 44 Oct 26 08:25 ..2019_10_26_08_25_18.898777603
lrwxrwxrwx 1 root root 31 Oct 26 08:25 ..data -> ..2019_10_26_08_25_18.898777603
lrwxrwxrwx 1 root root 19 Oct 26 08:25 helm123.yaml -> ..data/helm123.yaml --文件后映射后
lrwxrwxrwx 1 root root 17 Oct 26 08:25 nginx.yaml -> ..data/nginx.yaml
root@wuhan345:/# exit
exit
[root@k8s01 yaml]#
3.2引用configmap對(duì)像(掛載目錄中指定文件,原其它文件保留)
[root@k8s01 yaml]# vim wuhan345-1.yaml
apiVersion: v1 kind: Pod metadata: name: wuhan345-1 namespace: default labels: app: web spec: containers: - name: wuhan345-1 image: nginx:latest imagePullPolicy: Never volumeMounts: - name: ngxconf mountPath: /usr/share/nginx/conf/nginx.conf subPath: nginx.conf readOnly: true - name: ngxconf mountPath: /usr/share/nginx/conf/default.conf subPath: default.conf readOnly: true volumes: - name: ngxconf configMap: name: wuhan3
[root@k8s01 yaml]# kubectl apply -f wuhan345-1.yaml
pod/wuhan345-1 created
[root@k8s01 yaml]# kubectl exec -it wuhan345-1 bash
root@wuhan345-1:/# ls -al /usr/share/nginx/conf/
total 4
drwxr-xr-x 3 root root 44 Oct 26 08:20 .
drwxr-xr-x 1 root root 18 Oct 26 08:20 ..
drwxrwxrwx 2 root root 6 Oct 26 08:20 default.conf
-rw-r--r-- 1 root root 1083 Oct 26 08:20 nginx.conf
root@wuhan345-1:/# exit
exit
[root@k8s01 yaml]#
4.基于配置文件創(chuàng)建
[root@k8s01 yaml]# vim configmap.yaml
apiVersion: v1 kind: ConfigMap metadata: name: wuhan5 namespace: default data: | --必須要使用符號(hào)|,否則沒(méi)有格式 nginx.conf: worker_processes auto; worker_cpu_affinity auto; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { server_info off; index index.html index.htm default.html default.htm index.json; access_log logs/access.log main; keepalive_timeout 65; server { server_name baidu.com; location / { root html; index index.html } } } --- apiVersion: v1 kind: Pod metadata: name: wuhan5-pod namespace: default spec: containers: - name: wuhan5-pod image: nginx:latest imagePullPolicy: Never volumeMounts: - name: ngxconf --引用別名 mountPath: /usr/share/nginx/conf --掛載的目錄 volumes: - name: ngxconf --定義一個(gè)別名 configMap: name: wuhan5 --引用configmap名
[root@k8s01 yaml]# kubectl apply -f configmap.yaml
configmap/wuhan5 created
pod/wuhan5-pod created
[root@k8s01 yaml]# kubectl exec -it wuhan5-pod bash
root@wuhan5-pod:/# head -5 /usr/share/nginx/conf/nginx.conf --顯示5行內(nèi)容
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
events {
use epoll;
root@wuhan5-pod:/# exit
exit
[root@k8s01 yaml]#
二,Secret存儲(chǔ)卷
5.利用命令方式創(chuàng)建Secret
[root@k8s01 yaml]# kubectl create secret generic mypass --from-literal=username=root --from-literal=password=System135
secret/mypass created
[root@k8s01 yaml]# kubectl get secrets mypass
NAME TYPE DATA AGE
mypass Opaque 2 23s
[root@k8s01 yaml]# kubectl get secrets mypass -o yaml
apiVersion: v1
data:
password: U3lzdGVtMTM1 --密碼已加密
username: cm9vdA== --用戶(hù)名已加密
kind: Secret
metadata:
creationTimestamp: "2019-10-26T08:32:18Z"
name: mypass
namespace: default
resourceVersion: "3801721"
selfLink: /api/v1/namespaces/default/secrets/mypass
uid: 7a432a31-fe0b-4edc-a507-9f1aa0cd1745
type: Opaque --如果是Opaque表示就是用Base64加密
[root@k8s01 yaml]# echo U3lzdGVtMTM1 | base64 -d --顯示密碼明文
System135[root@k8s01 yaml]#