标签:kubectl name demo 配置管理 mypod K8S root localhost
文章目录
一、Secret
加密数据并存放在Etcd中,让Pod的容器以挂载Volume方式访问
应用场景:凭据
https://kubernetes.io/docs/concepts/configuration/secret/
方式一:
[root@localhost demo]# echo -n 'admin' > ./username.txt
[root@localhost demo]# echo -n '1f2d1e2e67df' > ./password.txt
[root@localhost demo]# kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
secret/db-user-pass created
[root@localhost demo]# kubectl get secret
NAME TYPE DATA AGE
db-user-pass Opaque 2 61s
[root@localhost demo]# kubectl describe secret db-user-pass
Name: db-user-pass
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password.txt: 12 bytes
username.txt: 5 bytes
方式二:
[root@localhost demo]# echo -n 'admin' | base64
YWRtaW4=
[root@localhost demo]# echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm
[root@localhost demo]# vim secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
[root@localhost demo]# kubectl create -f secret.yaml
secret/mysecret created
[root@localhost demo]# kubectl get secret
NAME TYPE DATA AGE
mysecret Opaque 2 50s
第一种:使用secret中的变量导入到pod中
复制configmap.yaml和secret-simple.yaml
[root@localhost demo]# kubectl get secret mysecret -o yaml
apiVersion: v1
data:
password: MWYyZDFlMmU2N2Rm
username: YWRtaW4=
kind: Secret
metadata:
creationTimestamp: 2020-02-19T03:54:50Z
name: mysecret
namespace: default
resourceVersion: "973651"
selfLink: /api/v1/namespaces/default/secrets/mysecret
uid: 93d69e01-52cb-11ea-895a-000c297a15fb
type: Opaque
//key: username赋值给SECRET_USERNAME
//key: password 赋值给SECRET_PASSWORD
[root@localhost demo]# vim secret-var.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
[root@localhost demo]# kubectl apply -f secret-var.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 38s
[root@localhost demo]# kubectl exec -it mypod bash
root@mypod:/# echo $SECRET_USERNAME
admin
root@mypod:/# echo $SECRET_PASSWORD
1f2d1e2e67df
第二种:以volume的形式挂载到pod的某个目录下
[root@localhost demo]# vim secret-vol.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: db-user-pass
[root@localhost demo]# kubectl delete -f secret-var.yaml
pod "mypod" deleted
[root@localhost demo]# kubectl create -f secret-vol.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 94s
//容器看见里面的文件被挂载
[root@localhost demo]# kubectl exec -it mypod bash
root@mypod:/# ls /etc/foo
password username
root@mypod:/# cd /etc/foo
root@mypod:/etc/foo# cat password
1f2d1e2e67df
root@mypod:/etc/foo# cat username
admin
二、ConfigMap
与Secret类似,区别在于ConfigMap保存的是不需要加密配置的信息
应用场景:应用配置
创建方式一:kubectl
[root@localhost demo]# vim redis.properties
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
//创建configmap资源
[root@localhost demo]# kubectl create configmap redis-config --from-file=redis.properties
configmap/redis-config created
//查看资源
[root@localhost demo]# kubectl get configmap
NAME DATA AGE
redis-config 1 32s
//也可以用缩写查看
[root@localhost demo]# kubectl get cm
NAME DATA AGE
redis-config 1 78s
[root@localhost demo]# kubectl describe cm redis-config
Name: redis-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
redis.properties:
----
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
Events: <none>
//创建mypod资源查看文件导入
[root@localhost demo]# vim cm.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: [ "/bin/sh","-c","cat /etc/config/redis.properties" ]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: redis-config
restartPolicy: Never
//删除掉之前创建重名的mypod
[root@localhost demo]# kubectl delete pod mypod
pod "mypod" deleted
[root@localhost demo]# kubectl apply -f cm.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 Completed 0 7m59s
//查看里面的配置信息
[root@localhost demo]# kubectl logs mypod
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
第二种变量参数形式
//创建configmap资源
[root@localhost demo]# vim myconfig.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
namespace: default
data:
special.level: info
special.type: hello
[root@localhost demo]# kubectl apply -f myconfig.yaml
configmap/myconfig created
//创建mypod使用configmap资源输出变量参数
[root@localhost demo]# vim config-var.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: [ "/bin/sh", "-c", "echo $(LEVEL) $(TYPE)" ]
env:
- name: LEVEL
valueFrom:
configMapKeyRef:
name: myconfig
key: special.level
- name: TYPE
valueFrom:
configMapKeyRef:
name: myconfig
key: special.type
restartPolicy: Never
//清除已有的mypod资源
[root@localhost demo]# kubectl delete pod mypod
pod "mypod" deleted
//创建mypod资源
[root@localhost demo]# kubectl apply -f config-var.yaml
pod/mypod created
//查看变量的输出
[root@localhost demo]# kubectl logs mypod
info hello
标签:kubectl,name,demo,配置管理,mypod,K8S,root,localhost 来源: https://blog.csdn.net/Gengchenchen/article/details/117197203
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。