mkdir configmap
cd configmap
mkdir conf
cd conf
vi game.conf
color.good=purple
color.bad=yellow
vi game2.conf
enemy.types=aliens,monsters
player.maximum-lives=5
cd ..
#基于目录创建ConfigMap,cm名称中不能有大写字母
kubectl create cm cmfromdir --from-file=conf/
kubectl get cm
kubectl describe cm cmfromdir
kubectl get cm -oyaml
vi redis.conf
appendonly yes
kubectl create cm redis-conf --from-file=conf/redis.conf
#cm自定义文件名称
kubectl create cm redis-info --from-file=redis-conf=conf/redis.conf
kubectl get cm redis-info -oyaml
#多个文件
kubectl create cm redis-config --from-file=redis-conf=conf/redis.conf --from-file=game-conf=conf/game.conf
kubectl get cm redis-config -oyaml
kubectl describe cm redis-config
kubectl create cm game-env --from-env-file=conf/game.conf
kubectl get cm game-env -oyaml
#key-value对创建
kubectl create cm test-env --from-literal=debug.level=info --from-literal=role=readonly
kubectl get cm test-env -oyaml
vi game-demo.yaml
apiVersion: v1
data:
game.conf: |
color.good=purple
color.bad=yellow
game2.conf: |
enemy.types=aliens,monsters
player.maximum-lives=5
kind: ConfigMap
metadata:
name: game-demo
kubectl apply -f game-demo.yaml
#生成deploy模板
kubectl create deploy demo-cm --image=nginx:1.15.12-alpine --dry-run=client -oyaml > demo-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-cm
name: demo-cm
spec:
replicas: 1
selector:
matchLabels:
app: demo-cm
template:
metadata:
labels:
app: demo-cm
spec:
containers:
- image: nginx:1.15.12-alpine
name: nginx
env:
- name: profile
value: prod
- name: debug.level
valueFrom:
configMapKeyRef:
name: test-env
key: debug.level
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec -it demo-cm-8d9697695-lvmjp -- sh
env
exit
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-cm
name: demo-cm
spec:
replicas: 1
selector:
matchLabels:
app: demo-cm
template:
metadata:
labels:
app: demo-cm
spec:
containers:
- image: nginx:1.15.12-alpine
name: nginx
envFrom:
- configMapRef:
name: test-env
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec demo-cm-7b66b7b666-7q648 -- env
#给变量名增加前缀
envFrom:
- configMapRef:
name: test-env
prefix: from_CM_
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-cm
name: demo-cm
spec:
replicas: 1
selector:
matchLabels:
app: demo-cm
template:
metadata:
labels:
app: demo-cm
spec:
containers:
- image: nginx:1.15.12-alpine
name: nginx
volumeMounts:
- name: my-config
mountPath: "/etc/config"
volumes:
- name: my-config
configMap:
name: redis-conf
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec -it demo-cm-5459dd6b4f-lqjl7 -- sh
ls /etc/config
exit
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-cm
name: demo-cm
spec:
replicas: 1
selector:
matchLabels:
app: demo-cm
template:
metadata:
labels:
app: demo-cm
spec:
containers:
- image: nginx:1.15.12-alpine
name: nginx
volumeMounts:
- name: my-config
mountPath: "/etc/config"
volumes:
- name: my-config
configMap:
name: redis-conf
items:
- key: redis.conf
path: redis-conf.conf #容器中挂载文件的名称
kubectl apply -f demo-cm.yaml
kubectl get pods
kubectl exec -it demo-cm-5694c76f4b-dbd8z -- sh
ls /etc/config
exit
在创建时,比ConfigMap多了一个类型
kubectl create secret generic db-user-pass \
--from-literal=username=admin \
--from-literal=password='S!B\*d$zDsb='
kubectl get secret
kubectl get secret db-user-pass -oyaml
#解析base64
echo "YWRtaW4=" | base64 -d
echo -n 'admin' > ./username.txt
echo -n 'S!B\*d$zDsb=' > ./password.txt
kubectl create secret generic db-user-pass \
--from-file=./username.txt \
--from-file=./password.txt
#如果使用data属性,需要使用base64加密后的密文;使用stringData则可以使用明文
apiVersion: v1
kind: Secret
metadata:
name: db-user-pass1
type: Opaque
stringData:
password: pswadmin
username: admin
kubectl apply -f secret-demo.yaml
kubectl get secret db-user-pass1 -oyaml
使用Secret登录私有仓库
kubectl create secret docker-registry myregistry --docker-username=intmall --docker-password=admin [email protected] --docker-server=registry.aliyuncs.com
kubectl get secret
kubectl get secret myregistry -oyaml
拉取镜像
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-cm
name: demo-cm
spec:
replicas: 1
selector:
matchLabels:
app: demo-cm
template:
metadata:
labels:
app: demo-cm
spec:
imagePullSecrets:
- name: myregistry #指定Secret
containers:
- image: registry.aliyuncs.com/nginx:1.15.12-xxxx
kubectl -n prod create secret tls nginx-test-tls --key=tls.key --cert=tls.crt
在Ingress中使用
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
spec:
ingressClassName: nginx
rules:
- host: nginx.test.com
http:
paths:
- backend:
service:
name: nginx #Service名称
port:
number: 80
path: /
pathType: ImplementationSpecific
tls:
- nginx-test-tls
kubectl get pod
kubectl exec demo-cm-5694c76f4b-dbd8z -- cat /etc/nginx/nginx.conf > nginx.conf
kubectl create cm nginx-conf --from-file=nginx.conf
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demo-cm
name: demo-cm
spec:
replicas: 1
selector:
matchLabels:
app: demo-cm
template:
metadata:
labels:
app: demo-cm
spec:
containers:
- image: nginx:1.15.12-alpine
name: nginx
volumeMounts:
- name: my-config
mountPath: "/etc/nginx/nginx.conf" #指定完整路径
subPath: nginx.conf
volumes:
- name: my-config
configMap:
name: nginx-conf
更新ConfigMap
#直接更新
kubectl apply -f game-demo.yaml
#如果使用了from-file创建的,先修改配置文件
kubectl create cm nginx-conf --from-file=nginx.conf --dry-run=client -oyaml | kubectl replace -f -
提前创建ConfigMap和Secret
引用Key必须存在
envFrom、valueFrom无法热更新环境变量
ConfigMap和Secret最好不要太大