Kubernetes-Configmap配制映射、Secret用法及示例

1、ConfigMap

几乎所有应用程序都会涉及到配置问题,configmap的作用就是方便管理应用配置

创建configmap可以从目录,文件或者字符,格式:
kubectl create configmap

从目录创建configmap:game-config

目录中的每一个文件名:内容,在这个configmap下是一对k:v

创建

mkdir configmap
wget https://k8s.io/docs/tasks/configure-pod-container/configmap/kubectl/game.properties -O configmap/game.properties
wget https://k8s.io/docs/tasks/configure-pod-container/configmap/kubectl/ui.properties -O configmap/ui.properties
kubectl create configmap game-config --from-file=configmap/

查看

kubectl describe configmaps game-config
kubectl get configmaps game-config -o yaml
apiVersion: v1
data:
game.properties: |
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
ui.properties: |
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice
kind: ConfigMap
metadata:
creationTimestamp: 2016-02-18T18:52:05Z
name: game-config
namespace: default
resourceVersion: “516”
selfLink: /api/v1/namespaces/default/configmaps/game-config
uid: b4952dc3-d670-11e5-8cd0-68f728db1985

从文件创建configmap

使用–from-file创建congfigmap:一次创建可以传入多个文件
kubectl create configmap game-config-2 --from-file=configmap/game.properties --from-file=configmap/ui.properties
使用–from-env-file创建configmap:文件中的每一行作为一个k:v保存在configmap中,例如lives=3,使用多个文件只有最后一个文件生效
kubectl create configmap game-config-env-file --from-env-file=configmap/game-env-file.properties
通过–from-file创建congfigmap,自定义key:
kubectl create configmap game-config-3 --from-file=game-special-key=configmap/game.properties

通过命令行字符串创建configmap:
使用–from-literal创建configmap:通过命令行字符串传入k:v
kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm

ConfigMap在容器内的使用

1、作为pod中的环境变量使用,-name可以使用多次,从多个configmap中引入作为环境变量
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ “/bin/sh”, “-c”, “env” ]
env:
# Define the environment variable
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
# The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
name: special-config
# Specify the key associated with the value
key: special.how
restartPolicy: Never

2、作为数据卷挂在到pod制定路径:
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ “/bin/sh”,"-c",“cat /etc/config/keys” ]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: special-config
items:
- key: special.level
path: keys
restartPolicy: Never

2、Secret

secret对象用来保存敏感信息,比如密码,OAuth,ssh密钥,token等信息。Secret可以作为环境变量使用,也可以作为数据卷在容器内使用,kubelet会定期检查secret是否是最新的,secret的大小限制为1MB.

1、自动创建secret

Create files needed for rest of example.
$ echo -n ‘admin’ > ./username.txt
$ echo -n ‘1f2d1e2e67df’ > ./password.txt
$ kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
secret “db-user-pass” created

查看创建结果

$ kubectl get secrets
NAME TYPE DATA AGE
db-user-pass Opaque 2 51s

$ kubectl describe secrets/db-user-pass
Name: db-user-pass
Namespace: default
Labels:
Annotations:

Type: Opaque
Data

password.txt: 12 bytes
username.txt: 5 bytes

2、手动创建secret

$ echo -n ‘admin’ | base64
YWRtaW4=
$ echo -n ‘1f2d1e2e67df’ | base64
MWYyZDFlMmU2N2Rm

$ vim secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm

$ kubectl create -f ./secret.yaml
secret "mysecret” created

$ kubectl get secret mysecret -o yaml
apiVersion: v1
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
kind: Secret
metadata:
creationTimestamp: 2016-01-22T18:41:56Z
name: mysecret
namespace: default
resourceVersion: “164619”
selfLink: /api/v1/namespaces/default/secrets/mysecret
uid: cfee02d6-c137-11e5-8d73-42010af00002
type: Opaque

decode

$ echo ‘MWYyZDFlMmU2N2Rm’ | base64 --decode
1f2d1e2e67df

3、这是在卷中安装密钥的pod的示例:

apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:

  • name: mypod
    image: redis
    volumeMounts:
    • name: foo
      mountPath: “/etc/foo”
      readOnly: true
      volumes:
  • name: foo
    secret:
    secretName: mysecret

向特定路径映射secret:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:

  • name: mypod
    image: redis
    volumeMounts:
    • name: foo
      mountPath: “/etc/foo”
      readOnly: true
      volumes:
  • name: foo
    secret:
    secretName: mysecret
    items:
    • key: username
      path: my-group/my-username

secret文件权限:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:

  • name: mypod
    image: redis
    volumeMounts:
    • name: foo
      mountPath: “/etc/foo”
      volumes:
  • name: foo
    secret:
    secretName: mysecret
    defaultMode: 256

你可能感兴趣的:(kubernetes)