1.ConfigMap

一般用于去存储 Pod 中应用所需的一些配置信息,或者环境变量,将配置于 Pod 分开,避免应为修改配置导致还需要重新构建 镜像与容器。

1.1创建ConfigMap(cm)

使用 kubectl create configmap -h 查看示例,构建 configmap 对象


Examples:
	
  # Create a new config map named my-config based on folder bar
  # 将文件夹中的所有文件都作为配置文件加载到cm中
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new config map named my-config with specified keys instead of file basenames on disk
  kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
  
  # Create a new config map named my-config with key1=config1 and key2=config2
  kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
  
  # Create a new config map named my-config from the key=value pairs in the file
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new config map named my-config from an env file
  kubectl create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env

1.1.1从目录中加载所有配置文件

kubectl create configmap my-config --from-file=path/to/bar

#创建test目录
[root@master configmap]# mkdir -pv test

#进入目录后创建两个配置文件
[root@master configmap]# cd test/
[root@master test]# ls
db.properties  redis.properties
[root@master test]# cat db.properties 
username=root
password=admin
[root@master test]# cat redis.properties 
host=127.0.0.1
port=6379

#回到上一级目录
cd ..

[root@master configmap]# kubectl create cm test-dir-config --from-file=test/
configmap/test-dir-config created

#创建
[root@master configmap]# kubectl create cm test-dir-config --from-file=test/
configmap/test-dir-config created

[root@master configmap]# kubectl get  cm
NAME               DATA   AGE
kube-root-ca.crt   1      5d23h
test-dir-config    2      5s

[root@master configmap]# kubectl describe cm test-dir-config
Name:         test-dir-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
redis.properties:
----
host=127.0.0.1
port=6379

db.properties:
----
username=root
password=admin


BinaryData
====

Events:  <none>

1.1.2从指定文件中加载配置文件

kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt

[root@master configmap]# vim application.yaml
spring:
spring:
  application:
    name: test-app
server:
  port: 8080
  
[root@master configmap]# kubectl create cm spring-boot-test-yaml --from-file=./application.yaml

[root@master configmap]# kubectl get cm
NAME                    DATA   AGE
spring-boot-test-yaml   1      5s

[root@master configmap]# kubectl describe cm spring-boot-test-yaml 
Name:         spring-boot-test-yaml
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
application.yaml:
----
spring:
  application:
    name: test-app
server:
  port: 8080
  


BinaryData
====

Events:  <none>

1.2在pod中引用cm

1.2.1引用键值对格式

创建configmap-env-demo.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: demoapp-config
  namespace: dev
data:
  demoapp.port: "8080"
  demoapp.host: 0.0.0.0
---
apiVersion: v1
kind: Pod
metadata:
  name: configmap-env-demo
  namespace: dev
spec:
  containers:
  - name: demoapp
    image: nginx:1.17.1
    env:
    - name: TEST-PORT #指定向哪个变量赋值
      valueFrom:
        configMapKeyRef: #指明从configmap中指定
          name: demoapp-config #指明引用的是哪个configmap
          key: demoapp.port #指明键名
          optional: false #false表示为必选,上面必须要定义这个键值对
    - name: HOST
      valueFrom:
        configMapKeyRef:
          name: demoapp-config
          key: demoapp.host
          optional: true #true表示可选,上面可以没有定义这个键值对
[root@master configmap]# kubectl apply -f configmap-env-demo.yaml

[root@master configmap]# kubectl get cm -n dev
NAME               DATA   AGE
demoapp-config     2      62s

[root@master configmap]# kubectl describe -n dev cm demoapp-config 
Name:         demoapp-config
Namespace:    dev
Labels:       <none>
Annotations:  <none>

Data
====
demoapp.host:
----
0.0.0.0
demoapp.port:
----
8080

BinaryData
====

Events:  <none>

#查看pod的环境变量
[root@master configmap]# kubectl exec -it configmap-env-demo -n dev --  printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=configmap-env-demo
TERM=xterm
#可以看到引用的值
TEST-PORT=8080
HOST=0.0.0.0

1.2.2引用文件(基于存储卷的方式)

[root@master configmap]# mkdir nginx-conf.d
[root@master configmap]# ls
application.yaml  configmap-env-demo.yaml  configmap-volume-demo.yaml  nginx-conf.d  test
[root@master configmap]# cd nginx-conf.d/
[root@master nginx-conf.d]# ls
[root@master nginx-conf.d]# vim myserver.conf
server{
  listen 8080;
  server_name www.ik8s.io;
  include /etc/nginx/conf.d/myserver-*.cfg;
  location / {
    root /usr/share/nginx/html;
}
}

[root@master nginx-conf.d]# vim myserver-status.cfg 
location /nginx-status {
  stub_status on;
  access_log off;
}


[root@master configmap]# kubectl -n dev create configmap nginx-confs-files --from-file=./nginx-conf.d
configmap/nginx-confs-files created
[root@master configmap]# kubectl get cm -n dev
NAME                DATA   AGE
nginx-confs-files   2      6s


创建configmap-volume-demo.yaml

apiVersion: v1
kind: Pod
metadata:
  name: configmap-volume-demo
  namespace: dev
spec:
  containers:
  - name: nginx-server
    image: nginx:alpine
    volumeMounts:
    - name: ngxconfs
      mountPath: /etc/nginx/conf.d/
      readOnly: true
  volumes:
  - name: ngxconfs
    configMap:
      name: nginx-confs-files #指定引用的cm名称
      optional: false

测试

[root@master configmap]# kubectl apply  -f configmap-volume-demo.yaml 
pod/configmap-volume-demo created

[root@master configmap]# kubectl get pods -n dev -o wide
NAME                                 READY   STATUS    RESTARTS   AGE     IP            NODE    NOMINATED NODE   READINESS GATES
configmap-volume-demo                1/1     Running   0          31s     10.244.2.80   node2   <none>           <none>

[root@master configmap]# curl 10.244.2.80:8080/nginx-status
Active connections: 1 
server accepts handled requests
 1 1 1 
Reading: 0 Writing: 1 Waiting: 0

[root@master configmap]# kubectl -n dev exec -it configmap-volume-demo -- /bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls
myserver-status.cfg  myserver.conf

1.2.3引用cm中的一个配置文件

方法一:

创建configmap-volume-item1-demo.yaml

apiVersion: v1
kind: Pod
metadata:
  name: configmap-volume-demo2
  namespace: dev
spec:
  containers:
  - name: nginx-server
    image: nginx:alpine
    volumeMounts:
    - name: ngxconfs
      mountPath: /etc/nginx/conf.d/myserver-status.cfg
      subPath: myserver-status.cfg #要挂载的文件,说明其中的一个
      readOnly: true
  volumes:
  - name: ngxconfs
    configMap:
      name: nginx-confs-files

查看

[root@master configmap]# kubectl -n dev exec -it configmap-volume-demo2 -- bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls
default.conf         myserver-status.cfg

方法二

apiVersion: v1
kind: Pod
metadata:
  name: configmap-volume-demo3
  namespace: dev
spec:
  containers:
  - name: nginx-server
    image: nginx:alpine
    volumeMounts:
    - name: ngxconfs
      mountPath: /etc/nginx/conf.d #映射的目录
      readOnly: true
  volumes:
  - name: ngxconfs
    configMap:
      name: nginx-confs-files
      items:
      - key: "myserver-status.cfg"
        path: "myserver-status.cfg"
[root@master configmap]# kubectl -n dev exec -it configmap-volume-demo3 -- bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls
myserver-status.cfg

2.secret

通过base64编码配置文件。

主要分成三种secret

[root@master secret]# kubectl create secret -h
Create a secret with specified type.

 A docker-registry type secret is for accessing a container registry.

 A generic type secret indicate an Opaque secret type.

 A tls type secret holds TLS certificate and its associated key.

Available Commands:
	#docker仓库类型
  docker-registry   Create a secret for use with a Docker registry
  #通用类型
  generic           Create a secret from a local file, directory, or literal value
  #TLS类型
  tls               Create a TLS secret

Usage:
  kubectl create secret (docker-registry | generic | tls) [options]

2.1创建

[root@master secret]# kubectl create secret generic orig-secret --from-literal=username=admin --from-literal=password=ds@123
secret/orig-secret created

[root@master secret]# kubectl describe secret orig-secret 
Name:         orig-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:  6 bytes
username:  5 bytes

最常用的是docker-registry

#创建
[root@master secret]# kubectl create secret docker-registry harbor-secret --docker-username=admin --docker-password=yunweiyanjiuseng --docker-email=yunwei@yanjiuseng.com
secret/harbor-secret created

#查看
[root@master secret]# kubectl get secrets 
NAME            TYPE                             DATA   AGE
harbor-secret   kubernetes.io/dockerconfigjson   1      19s
orig-secret     Opaque                           2      8m37s
[root@master secret]# kubectl describe se
secrets          serviceaccounts  services         
[root@master secret]# kubectl describe secrets harbor-secret
Name:         harbor-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/dockerconfigjson

Data
====
.dockerconfigjson:  166 bytes

#编辑
[root@master secret]# kubectl edit secrets harbor-secret 
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  .dockerconfigjson:  # 这就编码后的eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoieXVud2VpeWFuaml
1c2VuZyIsImVtYWlsIjoieXVud2VpQHlhbmppdXNlbmcuY29tIiwiYXV0aCI6IllXUnRhVzQ2ZVhWdWQyVnBlV0Z1YW1sMWMyVnVadz09In19fQ==
kind: Secret
metadata:
  creationTimestamp: "2024-01-15T07:50:09Z"
  name: harbor-secret
  namespace: default
  resourceVersion: "842499"
  uid: 4a946043-9e37-4d04-a199-e48b19440893
type: kubernetes.io/dockerconfigjson


#base64解码查看
[root@master secret]# echo 'eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoieXVud2VpeWFuaml1c2VuZyIsImVtYWlsIjoieXVud2VpQHlhbmppdXNlbmcuY29tIiwiYXV0aCI6IllXUnRhVzQ2ZVhWdWQyVnBlV0Z1YW1sMWMyVnVadz09In19fQ==' | base64 --decode
{"auths":{"https://index.docker.io/v1/":{"username":"admin","password":"yunweiyanjiuseng","email":"yunwei@yanjiuseng.com","auth":"YWRtaW46eXVud2VpeWFuaml1c2VuZw=="}}}
#在配置文件中引用
定义在pod中
pod.spec.imagePullSecrets

apiVersion: v1
kind: Pod
metadata:
  name: configmap-volume-demo3
  namespace: dev
spce:
  imagePullSecrets: 
  - name: harbor-secret
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐