kubernetes 中pv、pvc、configmap和secret

configmap和secret
PV和PVC是借助于StorageClass来分配磁盘的

如何给Pod传配置信息：

两种方式：
1.把configmap关联到一个pod上，传递给pod内部的一个变量，注入的方式给容器传配置信息
2.配置卷，将配置文件映射到外面的路径

configmap在k8s上扮演了K8s的配置中心的功能
Pod启动时候讲configmap打包为存储卷，挂载到配置文件的路径下
configmap是明文的信息

secret是密文传递的，功能和configmap一样的

配置容器化应用的方式：
1，自定义命令行参数
    command
    args

2,把配置文件直接add进镜像，不推荐

3，环境变量(类似docker)
    1，Cloud native的应用创徐一般可以直接通过环境变量加载配置
    2，通过entrypoint脚本来预处理变量为配置文件中的配置信息

4.存储卷

pod资源环境变量的传递方式
一个configmap是一群pod的配置集合
保存的方式key，vallue
 

查看帮助:
kubectl create configmap --help

开始创建配置文件：
[root@master volumes]# kubectl create configmap nginx-config --from-literal=nginx_port=80 --from-literal=server_name=myapp.node1.com
configmap/nginx-config created

查看创建配置文件信息
kubectl get cm
[root@master volumes]# kubectl get cm
NAME           DATA      AGE
nginx-config   2         1m

查看配置的具体信息：
[root@master volumes]# kubectl get cm
NAME           DATA      AGE
nginx-config   2         1m
[root@master volumes]# kubectl describe cm nginx-config
Name:         nginx-config
Namespace:    default
Labels:       
Annotations:  

Data
====
nginx_port:   #key
----
80            #value
server_name:   #key
----
myapp.node1.com  #value  
Events:  

这个configmap就可以被Pod启动的时候调用了


创建一个nginx配置
vim www.conf
kubectl create configmap nginx-www --from-file=www=./www.conf
或者
kubectl create configmap nginx-www --from-file=./www.conf

[root@master configmap]# kubectl get cm
NAME           DATA      AGE
nginx-config   2         18h
nginx-www      1         8s

[root@master configmap]# kubectl get cm nginx-www -o yaml
apiVersion: v1
data:
  www.conf: |
    server {
        server_name jesse.com
        listen 80;
        root /data/web/html/;
    }
kind: ConfigMap
metadata:
  creationTimestamp: 2018-09-12T03:20:39Z
  name: nginx-www
  namespace: default
  resourceVersion: "225540"
  selfLink: /api/v1/namespaces/default/configmaps/nginx-www
  uid: d2765aca-b63a-11e8-a432-000c29f33006


[root@master configmap]# kubectl describe cm nginx-www
Name:         nginx-www
Namespace:    default
Labels:       
Annotations:  

Data
====
www.conf:
----
server {
    server_name jesse.com
    listen 80;
    root /data/web/html/;
}

Events:  

创建yaml文件：

 

[root@master configmap]# cat pod-configmap.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    node1/create-by: "cluster admin"  #备注
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports: 
    - name: http
      containerPort: 80
    env:
    - name: NGINX_SERVER_PORT
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: nginx_port
    - name: NGINX_SERVER_NAME
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: server_name

[root@master configmap]# kubectl apply -f pod-configmap.yaml 
pod/pod-cm-1 created
[root@master configmap]# kubectl get pods
NAME       READY     STATUS    RESTARTS   AGE
pod-cm-1   1/1       Running   0          7s
[root@master configmap]# kubectl get cm
NAME           DATA      AGE
nginx-config   2         20h
nginx-www      1         2h


进入容器中查看是否在环境变量中生成成功：
kubectl exec -it pod-cm-1 /bin/sh

/ # printenv
MYAPP_SVC_PORT_80_TCP_ADDR=10.98.57.156
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT=443
MYAPP_SVC_PORT_80_TCP_PORT=80
HOSTNAME=pod-cm-1   #生成数据
SHLVL=1
MYAPP_SVC_PORT_80_TCP_PROTO=tcp
HOME=/root
NGINX_SERVER_PORT=80  #生成端口
NGINX_SERVER_NAME=myapp.node1.com    #自己定义的主机名
MYAPP_SVC_PORT_80_TCP=tcp://10.98.57.156:80
TERM=xterm
NGINX_VERSION=1.12.2
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
MYAPP_SVC_SERVICE_HOST=10.98.57.156
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT_HTTPS=443
PWD=/
KUBERNETES_SERVICE_HOST=10.96.0.1
MYAPP_SVC_SERVICE_PORT=80
MYAPP_SVC_PORT=tcp://10.98.57.156:80

通过上面已经说明，环境信息已经注入
如果我更改掉配置，看看是否会生效

[root@master configmap]# kubectl edit cm nginx-config
configmap/nginx-config edited

apiVersion: v1
data:
  nginx_port: "8080"   #更改后的端口
  server_name: myapp.node1.com
kind: ConfigMap
metadata:
  creationTimestamp: 2018-09-11T09:19:50Z
  name: nginx-config
  namespace: default
  resourceVersion: "218073"
  selfLink: /api/v1/namespaces/default/configmaps/nginx-config
  uid: d5a14836-b5a3-11e8-a432-000c29f33006


[root@master configmap]# kubectl describe cm nginx-config
Name:         nginx-config
Namespace:    default
Labels:       
Annotations:  

Data
====
nginx_port:
----
8080
server_name:
----
myapp.node1.com
Events:  

再次查看系统变量发现没有改变
NGINX_SERVER_PORT=80



##############################
也就是说，当我们使用系统变量时，只在系统的启动时才会有效
##############################

如果我们使用存储卷的方式是可以随时改变的

[root@master configmap]# cat pod-configmap-2.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-2
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    node1/create-by: "cluster admin"  #备注
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports: 
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginxconf
      mountPath: /etc/nginx/config.d/
      readOnly: true   #不允许容器改变我们的内容
  volumes:
  - name: nginxconf
    configMap:
      name: nginx-config

[root@master configmap]# kubectl apply -f pod-configmap-2.yaml 
pod/pod-cm-2 created
[root@master configmap]# kubectl get pods
NAME       READY     STATUS    RESTARTS   AGE
pod-cm-2   1/1       Running   0          10s


[root@master configmap]# kubectl get pods
NAME       READY     STATUS    RESTARTS   AGE
pod-cm-2   1/1       Running   0          1m

kubectl exec -it pod-cm-2 /bin/sh

进入容器查看状态：说明是生效的
 # cd /etc/nginx/config.d/
/etc/nginx/config.d # ls
nginx_port   server_name
/etc/nginx/config.d # cat nginx_port 
/etc/nginx/config.d # cat server_name 
myapp.node1.com/etc/nginx/config.d # 


下面我改一下动态的配置
kubectl edit cm nginx-config

apiVersion: v1
data:
  nginx_port: "8088"
  server_name: myapp.node1.com
kind: ConfigMap
metadata:
  creationTimestamp: 2018-09-11T09:19:50Z
  name: nginx-config
  namespace: default
  resourceVersion: "237943"
  selfLink: /api/v1/namespaces/default/configmaps/nginx-config
  uid: d5a14836-b5a3-11e8-a432-000c29f33006

将8080端口更改为8088

我们在容器中查看
/etc/nginx/config.d # cat nginx_port 
8088/etc/nginx/config.d # 已经改过来了，同步需要几秒钟
生效的
过程同步到apiserver->pod中

/etc/nginx/config.d # ls -l
total 0
lrwxrwxrwx    1 root     root            17 Sep 12 13:59 nginx_port -> ..data/nginx_port
lrwxrwxrwx    1 root     root            18 Sep 12 13:59 server_name -> ..data/server_name


####################################
利用configmap和nginx建站
[root@master configmap]# cat pod-configmap-3.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-2
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    node1/create-by: "cluster admin"  #备注
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports: 
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginxconf
      mountPath: /etc/nginx/conf.d/
      readOnly: true   #不允许容器改变我们的内容
  volumes:
  - name: nginxconf
    configMap:
      name: nginx-www


[root@master configmap]# kubectl get pods
NAME       READY     STATUS    RESTARTS   AGE
pod-cm-2   1/1       Running   0          19s

[root@master configmap]# kubectl exec -it pod-cm-2 /bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls
www.conf
/etc/nginx/conf.d # cat www.conf 
server {
    server_name jesse.com
    listen 80;
    root /data/web/html/;
}

查看nginx的配置
nginx -T
mkdir /data/web/html -p
vi /data/web/html/index.html    Test Nginx

[root@master configmap]# kubectl get pods -o wide
NAME       READY     STATUS    RESTARTS   AGE       IP            NODE      NOMINATED NODE
pod-cm-2   1/1       Running   0          7m        10.244.2.62   node2     

在node1上测试，添加jesse.com 10.244.2.62 到解析文件
[root@node1 ~]# curl jesse.com
Test! Nginx



[root@master configmap]# kubectl edit cm nginx-www
更改端口8080
apiVersion: v1
data:
  www.conf: |
    server {
        server_name jesse.com
        listen 8080;
        root /data/web/html/;
    }
kind: ConfigMap

在容器内部查看是否生效：
/etc/nginx/conf.d # cat www.conf 
server {
    server_name jesse.com
    listen 8080;
    root /data/web/html/;
}


在容器内查看端口：
/etc/nginx/conf.d # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      

重载一下nginx配置文件
nginx -s reload

###################################
存储卷挂载部分内容
kubectl explain pods.spec.volumes.configMap.items
###################################

secret的使用方式
[root@master ~]# kubectl create secret generic mysql-root-password --from-literal=password=MyP@ss123
secret/mysql-root-password created
[root@master ~]# kubectl get secret
NAME                    TYPE                                  DATA      AGE
default-token-4xzt8     kubernetes.io/service-account-token   3         3d
mysql-root-password     Opaque                                1         13s
tomcat-ingress-secret   kubernetes.io/tls                     2         8h

[root@master ~]# kubectl get secret
NAME                    TYPE                                  DATA      AGE
default-token-4xzt8     kubernetes.io/service-account-token   3         3d
mysql-root-password     Opaque                                1         13s
tomcat-ingress-secret   kubernetes.io/tls                     2         8h
[root@master ~]# kubectl describe secret mysql-root-password
Name:         mysql-root-password
Namespace:    default
Labels:       
Annotations:  

Type:  Opaque

Data
====
password:  9 bytes

[root@master ~]# kubectl get secret mysql-root-password
NAME                  TYPE      DATA      AGE
mysql-root-password   Opaque    1         1m
[root@master ~]# kubectl get secret mysql-root-password -o yaml
apiVersion: v1
data:
  password: TXlQQHNzMTIz
kind: Secret
metadata:
  creationTimestamp: 2018-08-17T10:52:26Z
  name: mysql-root-password
  namespace: default
  resourceVersion: "395369"
  selfLink: /api/v1/namespaces/default/secrets/mysql-root-password
  uid: a12239c1-a20b-11e8-9cac-005056a52314
type: Opaque



#解码

[root@master ~]# echo TXlQQHNzMTIz |base64 -d
MyP@ss123
通过环境量获取
[root@master configmap]# vim pod-secret-1.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-secret-1
  namespace: default
  labels: 
    app: myapp
    tier: frontend
  annotations:
    zpx.com/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http 
      containerPort: 80
    env:
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysql-root-password
          key: password

[root@master configmap]# kubectl apply -f pod-secret-1.yaml 
pod/pod-secret-1 created
[root@master configmap]# kubectl get pods
NAME                             READY     STATUS    RESTARTS   AGE
filebeat-ds-7nncx                1/1       Running   0          1d
filebeat-ds-st7f6                1/1       Running   0          1d
myapp-deploy-67f6f6b4dc-tl8z7    1/1       Running   0          1d
myapp-deploy-67f6f6b4dc-vsxnc    1/1       Running   0          1d
myapp-deploy-67f6f6b4dc-x5hw6    1/1       Running   0          1d
pod-cm-2                         1/1       Running   0          55m
pod-cm-3                         1/1       Running   0          45m
pod-demo                         2/2       Running   0          4h
pod-secret-1                     1/1       Running   0          20s
pod-vol-hostpath                 1/1       Running   0          3h
pod-vol-nfs                      1/1       Running   0          3h
pod-vol-pvc                      1/1       Running   0          2h
poststart-pod                    1/1       Running   48         2d
redis-5b5d6fbbbd-t4zl7           1/1       Running   0          1d
tomcat-deploy-588c79d48d-s5hcr   1/1       Running   0          8h
tomcat-deploy-588c79d48d-sd76q   1/1       Running   0          8h
tomcat-deploy-588c79d48d-sxhh6   1/1       Running   0          8h
[root@master configmap]# kubectl exec pod-secret-1 -- printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=pod-secret-1
MYSQL_ROOT_PASSWORD=MyP@ss123
REDIS_PORT_6379_TCP=tcp://10.97.97.97:6379
MYAPP_SERVICE_PORT_HTTP=80
TOMCAT_SERVICE_PORT_AJP=8009
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
TOMCAT_PORT_8080_TCP_PORT=8080
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_PORT_443_TCP_PROTO=tcp
REDIS_SERVICE_HOST=10.97.97.97
TOMCAT_PORT_8009_TCP_PROTO=tcp
REDIS_PORT=tcp://10.97.97.97:6379
TOMCAT_PORT_8009_TCP=tcp://10.99.116.34:8009
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
MYAPP_SERVICE_HOST=10.107.175.175
MYAPP_PORT_80_TCP_PROTO=tcp
MYAPP_PORT_80_TCP_ADDR=10.107.175.175
TOMCAT_PORT_8080_TCP_PROTO=tcp
MYAPP_PORT_80_TCP_PORT=80
TOMCAT_PORT_8080_TCP_ADDR=10.99.116.34
KUBERNETES_SERVICE_PORT=443
REDIS_PORT_6379_TCP_PROTO=tcp
REDIS_PORT_6379_TCP_PORT=6379
MYAPP_SERVICE_PORT=80
TOMCAT_SERVICE_PORT=8080
TOMCAT_SERVICE_PORT_HTTP=8080
TOMCAT_PORT_8009_TCP_ADDR=10.99.116.34
MYAPP_PORT_80_TCP=tcp://10.107.175.175:80
TOMCAT_SERVICE_HOST=10.99.116.34
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
REDIS_SERVICE_PORT=6379
KUBERNETES_SERVICE_PORT_HTTPS=443
REDIS_PORT_6379_TCP_ADDR=10.97.97.97
MYAPP_PORT=tcp://10.107.175.175:80
TOMCAT_PORT=tcp://10.99.116.34:8080
TOMCAT_PORT_8080_TCP=tcp://10.99.116.34:8080
TOMCAT_PORT_8009_TCP_PORT=8009
MYAPP_SVC_PORT_80_TCP_PROTO=tcp
MYAPP_SVC_PORT=tcp://10.98.57.156:80
MYAPP_SVC_PORT_80_TCP_ADDR=10.98.57.156
MYAPP_SVC_SERVICE_HOST=10.98.57.156
MYAPP_SVC_SERVICE_PORT=80
MYAPP_SVC_PORT_80_TCP=tcp://10.98.57.156:80
MYAPP_SVC_PORT_80_TCP_PORT=80
NGINX_VERSION=1.12.2
HOME=/root