视频来源:B站《(2022版)最新、最全、最详细的Kubernetes(K8s)教程,从K8s安装到实战一套搞定》

一边学习一边整理老师的课程内容及试验笔记,并与大家分享,侵权即删,谢谢支持!

附上汇总贴:(2022版)一套教程搞定k8s安装到实战 | 汇总_COCOgsta的博客-CSDN博客

Secret用来保存敏感信息的,比如密码、令牌或者key、Redis、MySQL密码。

Secret介绍地址:kubernetes.io/docs/concep…

$ * \ 特殊字符单引号无需转义

ImagePullSecret:Pod拉取私有镜像仓库时使用的账号密码,里面的帐号信息,会传递给kubelet,然后kubelet就可以拉去有密码的仓库里面的镜像。

创建一个docker registry的secret

[root@k8s-master-lb ~]# kubectl create secret docker-registry docker-secret2 --docker-server=hub.docker.com --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
secret/docker-secret2 created
复制代码

test-env-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: dapi-test-pod
spec:
  nodeName: k8s-node01
  imagePullSecrets:
    - name: docker-secret2
  containers:
    - name: test-container
      image: busybox:1.28
      imagePullPolicy: IfNotPresent
      command: [ "/bin/sh", "-c", "sleep 3600" ]
      volumeMounts:
      - name: config-volume
        mountPath: /mnt
      envFrom:
      - configMapRef:
          name: special-config
      env:
        # Define the environment variable
        # - name: SPECIAL_LEVEL_KEY
        #   valueFrom:
        #     configMapKeyRef:
        #       # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
        #       name: special-config
        #       # Specify the key associated with the value
        #       key: special.how
        - name: test
          value: test-value
        - name: mysqlHostAddress
          value: 10.10.10.10
        - name: mysqlPort
          value: "3306" # only string
  restartPolicy: Never
  volumes:
    - name: config-volume
      configMap:
        name: special-config
复制代码

subPath解决目录覆盖的问题

apiVersion: v1
kind: Pod
metadata:
  name: dapi-test-pod
spec:
  nodeName: k8s-node01
  imagePullSecrets:
    - name: docker-secret2
  containers:
    - name: test-container
      image: busybox:1.28
      imagePullPolicy: IfNotPresent
      command: [ "/bin/sh", "-c", "sleep 3600" ]
      volumeMounts:
      - mountPath: /etc/nginx/nginx.conf
        name: config-volume
        subPath: etc/nginx/nginx.conf
      envFrom:
      - configMapRef:
          name: special-config
      env:
        # Define the environment variable
        # - name: SPECIAL_LEVEL_KEY
        #   valueFrom:
        #     configMapKeyRef:
        #       # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
        #       name: special-config
        #       # Specify the key associated with the value
        #       key: special.how
        - name: test
          value: test-value
        - name: mysqlHostAddress
          value: 10.10.10.10
        - name: mysqlPort
          value: "3306" # only string
  restartPolicy: Never
  volumes:
    - configMap:
        defaultMode: 420
        items:
        - key: nginx.conf
          path: etc/nginx/nginx.conf
        name: nginx-conf
      name: config-volume
复制代码

ConfigMap和Secret如果是以subPath的形式挂载的,那么Pod是不会感知到ConfigMap和Secret的更新的。

如果Pod的变量来自于ConfigMap和Secret中定义的内容,那么ConfigMap和Secret更新后,也不会更新Pod中的变量。

解决办法

apiVersion: v1
kind: Pod
metadata:
  name: dapi-test-pod
spec:
  nodeName: k8s-node01
  imagePullSecrets:
    - name: docker-secret2
  containers:
    - name: test-container
      image: busybox:1.28
      imagePullPolicy: IfNotPresent
      command: [ "/bin/sh", "-c", "sleep 3600" ]
      volumeMounts:
      - mountPath: /etc/nginx/nginx.conf
        name: config-volume
        subPath: etc/nginx/nginx.conf
      - mountPath: /mnt/
        name: config-volume-non-subpath
      envFrom:
      - configMapRef:
          name: special-config
      env:
        # Define the environment variable
        # - name: SPECIAL_LEVEL_KEY
        #   valueFrom:
        #     configMapKeyRef:
        #       # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
        #       name: special-config
        #       # Specify the key associated with the value
        #       key: special.how
        - name: test
          value: test-value
        - name: mysqlHostAddress
          value: 10.10.10.10
        - name: mysqlPort
          value: "3306" # only string
  restartPolicy: Never
  volumes:
    - configMap:
        defaultMode: 420
        items:
        - key: nginx.conf
          path: etc/nginx/nginx.conf
        name: nginx-conf
      name: config-volume
    - configMap:
        defaultMode: 420
        name: nginx-conf
      name: config-volume-non-subpath
复制代码

postStart:容器启动之前执行的命令

preStop:容器停止之前执行的命令

热更新ConfigMap或Secret:

kubectl create cm nginx-conf --from-file=nginx.conf --dry-run -oyaml | kubectl replace -f-
复制代码

immutable:在ConfigMap和Secret的最后加上如下内容,则不再可以edit该ConfigMap或Secret

# kubernetes # docker # 容器
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes