Kubernets配置存储

💽ConfigMap

  ConfigMap(cm):较为特殊的存储卷,用来存储配置信息。

创建configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap
  namespace: dev
data:
  info: |
    username:rkun18
    password:123456
#创建cm
[root@master ~]# kubectl create -f configmap.yaml
configmap/configmap created
#查看信息
[root@master ~]# kubectl describe cm -n dev
Name:         configmap
Namespace:    dev
Labels:       <none>
Annotations:  <none>

Data
====
info:
----
username:rkun18
password:123456

Events:  <none>

创建pod-configmap.yaml,将cm挂载到Pod里的容器中去

apiVersion: v1
kind: Pod
metadata:
  name: pod-configmap
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    volumeMounts: # 将configmap挂载到目录
    - name: config
      mountPath: /configmap/config
  volumes: # 引用configmap
  - name: config
    configMap:
      name: configmap
#创建Pod
[root@master ~]# kubectl create -f pod-configmap.yaml
pod/pod-configmap created
#查看Pod信息
[root@master ~]# kubectl get pod -n dev -o wide
NAME            READY   STATUS    RESTARTS   AGE   IP           NODE    NOMINATED NODE   READINESS GATES
pod-configmap   1/1     Running   0          34s   10.244.1.6   node1   <none>           <none>
#进入Pod
[root@master ~]# kubectl get pod -n dev -o wide
NAME            READY   STATUS    RESTARTS   AGE   IP           NODE    NOMINATED NODE   READINESS GATES
pod-configmap   1/1     Running   0          34s   10.244.1.6   node1   <none>           <none>
[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# cd /configmap/config/
# ls
info
# more info
username:rkun18
password:123456
# exit
#映射成功 key > 文件 value > 文件中内容
#如果更新configmap值,容器中的值也会改变

💾Secret

  Secret:主要用于存储敏感信息。例如密码,密钥,证书等。

  • 使用base64对数据编码

    [root@master ~]# echo -n 'rkun18' | base64
    cmt1bjE4
    [root@master ~]# echo -n '123456' | base64
    MTIzNDU2
    
    
  • 创建secret.yaml

    apiVersion: v1
    kind: Secret
    metadata:
      name: secret
      namespace: dev
    type: Opaque
    data:
      username: cmt1bjE4
      password: MTIzNDU2
    
    #创建secret
    [root@master ~]# kubectl create -f secret.yaml
    secret/secret created
    #查看信息
    [root@master ~]# kubectl describe secret secret -n dev
    Name:         secret
    Namespace:    dev
    Labels:       <none>
    Annotations:  <none>
    
    Type:  Opaque
    
    Data
    ====
    password:  6 bytes
    username:  6 bytes
    
    
  • 创建pod-secret.yaml,将secret挂载上去

    apiVersion: v1
    kind: Pod
    metadata:
      name: pod-secret
      namespace: dev
    spec:
      containers:
      - name: nginx
        image: nginx:1.17.1
        volumeMounts: # 将secret挂载到目录
        - name: config
          mountPath: /secret/config
      volumes:
      - name: config
        secret:
          secretName: secret
    
    #创建Pod
    [root@master ~]# kubectl create -f pod-secret.yaml
    pod/pod-secret created
    [root@master ~]# kubectl get pod pod-secret -n dev
    NAME         READY   STATUS    RESTARTS   AGE
    pod-secret   1/1     Running   0          3m2s
    #进入容器 查看secret信息 发现已经自动解码了
    [root@master ~]# kubectl exec -it pod-secret /bin/sh -n dev
    # cd /secret/config
    # ls
    password  username
    # cat password
    123456# cat username
    rkun18# exit
    
    
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐