k8s 1.25学习6 - ConfigMap & Secret

ConfigMap存放配置信息

基于目录创建ConfigMap
mkdir configmap
cd configmap
mkdir conf
cd conf
vi game.conf
color.good=purple
color.bad=yellow

vi game2.conf
enemy.types=aliens,monsters
player.maximum-lives=5  

cd ..

#基于目录创建ConfigMap,cm名称中不能有大写字母
kubectl create cm cmfromdir --from-file=conf/
kubectl get cm 
kubectl describe cm cmfromdir
kubectl get cm -oyaml
基于文件创建ConfigMap
vi redis.conf
appendonly yes


kubectl create cm redis-conf --from-file=conf/redis.conf
#cm自定义文件名称
kubectl create cm redis-info --from-file=redis-conf=conf/redis.conf
kubectl get cm redis-info -oyaml


#多个文件
kubectl create cm redis-config --from-file=redis-conf=conf/redis.conf --from-file=game-conf=conf/game.conf
kubectl get cm redis-config -oyaml
kubectl describe cm redis-config
创建环境变量
kubectl create cm game-env --from-env-file=conf/game.conf
kubectl get cm game-env -oyaml

#key-value对创建
kubectl create cm test-env --from-literal=debug.level=info --from-literal=role=readonly
kubectl get cm test-env -oyaml
yaml配置文件
vi game-demo.yaml
apiVersion: v1
data:
  game.conf: |
    color.good=purple
    color.bad=yellow
  game2.conf: |
    enemy.types=aliens,monsters
    player.maximum-lives=5
kind: ConfigMap
metadata:
  name: game-demo


kubectl apply -f game-demo.yaml

读取ConfigMap中的值

#生成deploy模板
kubectl create deploy demo-cm --image=nginx:1.15.12-alpine --dry-run=client -oyaml > demo-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demo-cm
  name: demo-cm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-cm
  template:
    metadata:
      labels:
        app: demo-cm
    spec:
      containers:
      - image: nginx:1.15.12-alpine
        name: nginx
        env:
        - name: profile
          value: prod
        - name: debug.level
          valueFrom:
            configMapKeyRef:
              name: test-env
              key: debug.level
              
              
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec -it demo-cm-8d9697695-lvmjp -- sh
env
exit              
将所有ConfigMap的数据定义为容器环境变量
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demo-cm
  name: demo-cm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-cm
  template:
    metadata:
      labels:
        app: demo-cm
    spec:
      containers:
      - image: nginx:1.15.12-alpine
        name: nginx
		envFrom: 
        - configMapRef:
            name: test-env	
            
            
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec demo-cm-7b66b7b666-7q648 -- env


#给变量名增加前缀
		envFrom: 
        - configMapRef:
            name: test-env
          prefix: from_CM_	
以文件的形式挂载ConfigMap
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demo-cm
  name: demo-cm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-cm
  template:
    metadata:
      labels:
        app: demo-cm
    spec:
      containers:
      - image: nginx:1.15.12-alpine
        name: nginx
        volumeMounts: 
          - name: my-config
            mountPath: "/etc/config"		  
      volumes: 
        - name: my-config
          configMap: 
            name: redis-conf		
            
            
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec -it demo-cm-5459dd6b4f-lqjl7 -- sh
ls /etc/config
exit
自定义挂载名称
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demo-cm
  name: demo-cm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-cm
  template:
    metadata:
      labels:
        app: demo-cm
    spec:
      containers:
      - image: nginx:1.15.12-alpine
        name: nginx
        volumeMounts: 
          - name: my-config
            mountPath: "/etc/config"		  
      volumes: 
        - name: my-config
          configMap: 
            name: redis-conf
            items: 
              - key: redis.conf
                path: redis-conf.conf    #容器中挂载文件的名称
                
                
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec -it demo-cm-5694c76f4b-dbd8z -- sh
ls /etc/config
exit

Sercet

在创建时,比ConfigMap多了一个类型

kubectl create secret generic db-user-pass \
    --from-literal=username=admin \
    --from-literal=password='S!B\*d$zDsb='
kubectl get secret
kubectl get secret db-user-pass -oyaml
#解析base64
echo "YWRtaW4=" | base64 -d		
从文件中创建Secret
echo -n 'admin' > ./username.txt
echo -n 'S!B\*d$zDsb=' > ./password.txt
kubectl create secret generic db-user-pass \
    --from-file=./username.txt \
    --from-file=./password.txt
yaml配置方式创建
#如果使用data属性,需要使用base64加密后的密文;使用stringData则可以使用明文	
apiVersion: v1
kind: Secret
metadata:
  name: db-user-pass1
type: Opaque
stringData:
  password: pswadmin
  username: admin
  
  
kubectl apply -f secret-demo.yaml
kubectl get secret db-user-pass1 -oyaml  
使用Secret登录私有仓库
使用Secret登录私有仓库
kubectl create secret docker-registry myregistry --docker-username=intmall --docker-password=admin [email protected] --docker-server=registry.aliyuncs.com
kubectl get secret
kubectl get secret myregistry -oyaml

拉取镜像

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demo-cm
  name: demo-cm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-cm
  template:
    metadata:
      labels:
        app: demo-cm
    spec:
      imagePullSecrets: 
        - name: myregistry  #指定Secret
      containers:
        - image: registry.aliyuncs.com/nginx:1.15.12-xxxx
https证书存入Secret
kubectl -n prod create secret tls nginx-test-tls --key=tls.key --cert=tls.crt

在Ingress中使用

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  ingressClassName: nginx
  rules:
  - host: nginx.test.com
    http:
      paths:
      - backend:
          service:
            name: nginx  #Service名称
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
  tls: 
    - nginx-test-tls 

使用SubPath解决挂载覆盖目录的问题

kubectl get pod
kubectl exec demo-cm-5694c76f4b-dbd8z -- cat /etc/nginx/nginx.conf > nginx.conf
kubectl create cm nginx-conf --from-file=nginx.conf
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: demo-cm
  name: demo-cm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-cm
  template:
    metadata:
      labels:
        app: demo-cm
    spec:
      containers:
      - image: nginx:1.15.12-alpine
        name: nginx
        volumeMounts: 
          - name: my-config
            mountPath: "/etc/nginx/nginx.conf"  #指定完整路径
            subPath: nginx.conf			
      volumes: 
        - name: my-config
          configMap: 
            name: nginx-conf
更新ConfigMap
更新ConfigMap
#直接更新
kubectl apply -f game-demo.yaml

#如果使用了from-file创建的,先修改配置文件
kubectl create cm nginx-conf --from-file=nginx.conf --dry-run=client -oyaml | kubectl replace -f - 

使用时注意

提前创建ConfigMap和Secret
引用Key必须存在
envFrom、valueFrom无法热更新环境变量
ConfigMap和Secret最好不要太大

你可能感兴趣的:(k8s,kubernetes,学习,java)