K8s ❉ 配置存储-ConfigMap / secret

ConfigMap

ConfigMap是一种比较特殊的存储卷,它的主要作用是用来存储配置信息的。每个configmap都映射成了一个目录,此时如果更新configmap的内容, 容器中的值也会动态更新。

key--->文件 :value---->文件中的内容

1 资源信息示例

# 创建configmap.yaml,内容如下
apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap
  namespace: dev
data:
  info: |
    username:admin
    password:123456


2 实验演示

# ConfigMap使用此配置文件创建configmap
# 创建configmap
[root@k8s-master01 ~]# kubectl create -f configmap.yaml
configmap/configmap created
# 查看configmap详情
[root@k8s-master01 ~]# kubectl describe cm configmap -n dev
Name:         configmap
Namespace:    dev
Labels:      
Annotations: 
Data
====
info:
----
username:admin
password:123456
Events: 


# 接下来创建一个pod-configmap.yaml,将上面创建的configmap挂载进去
apiVersion: v1
kind: Pod
metadata:
  name: pod-configmap
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
  volumeMounts: # 将configmap挂载到目录
  - name: config
    mountPath: /configmap/config
  volumes: # 引用configmap
  - name: config
    configMap:
      name: configmap

# 创建pod
[root@k8s-master01 ~]# kubectl create -f pod-configmap.yaml
pod/pod-configmap created
# 查看pod
[root@k8s-master01 ~]# kubectl get pod pod-configmap -n dev
NAME          READY STATUS     RESTARTS AGE
pod-configmap 1/1   Running    0        6s
#进⼊容器
[root@k8s-master01 ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# cd /configmap/config/
# ls
info
# more info
username:admin
password:123456
# 可以看到映射已经成功

二 Secret

1 介绍

        在kubernetes中,还存在一种和ConfigMap类似的对象,称为Secret对象。它主要用于存储敏感信息,例如密码、秘钥、证书等等。

2 资源文件示例

# 首先使用base64对数据进行编码
[root@k8s-master01 ~]# echo -n 'admin' | base64 #准备username
YWRtaW4=
[root@k8s-master01 ~]# echo -n '123456' | base64 #准备password
MTIzNDU2


# 接下来编写secret.yaml,并创建Secret
apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: dev
type: Opaque
data:
  username: YWRtaW4=
  password: MTIzNDU2

# 创建secret
[root@k8s-master01 ~]# kubectl create -f secret.yaml
secret/secret created
# 查看secret详情
[root@k8s-master01 ~]# kubectl describe secret secret -n dev
Name:         secret
Namespace:    dev
Labels:       
Annotations:  
Type: Opaque
Data
====
password: 6 bytes
username: 5 bytes

3 示例

# 创建pod-secret.yaml,将上面创建的secret挂载进去
apiVersion: v1
kind: Pod
metadata:
  name: pod-secret
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
  volumeMounts: # 将secret挂载到目录
  - name: config
    mountPath: /secret/config
  volumes:
  - name: config
    secret:
      secretName: secret



# 创建pod
[root@k8s-master01 ~]# kubectl create -f pod-secret.yaml
pod/pod-secret created
# 查看pod
[root@k8s-master01 ~]# kubectl get pod pod-secret -n dev
NAME       READY     STATUS     RESTARTS  AGE
pod-secret 1/1       Running    0         2m28s


# 进入容器,查看secret信息,发现已经自动解码了
[root@k8s-master01 ~]# kubectl exec -it pod-secret /bin/sh -n dev
/ # ls /secret/config/
password username
/ # more /secret/config/username
admin
/ # more /secret/config/password
123456
# 至此,已经实现了利用secret实现了信息的编码。

你可能感兴趣的:(云计算,kubernetes,容器)