Linux学习-Kubernetes之Secret和ConfigMap
Posted 丢爸
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux学习-Kubernetes之Secret和ConfigMap相关的知识,希望对你有一定的参考价值。
Secret
将加密数据存储在etcd,Pod容器可以通过挂载Volume方式或通过变量方式访问
#通过yaml创建Secret
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: bG90dXM= #以bash64方式加密username
password: MTIzNDU2 #以bash64方式加密password
[root@k8s-master k8syaml]# kubectl apply -f secret.yaml
#通过变量形式使用Secret中信息
apiVersion: v1
kind: Pod
metadata:
name: mypodvarsecret
spec:
containers:
- name: nginx
image: nginx
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
[root@k8s-master k8syaml]# kubectl exec -it mypodvarsecret bash
root@mypodvarsecret:/# echo $SECRET_USERNAME
lotus
root@mypodvarsecret:/# echo $SECRET_PASSWORD
123456
#以存储卷方式挂载Secret
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: foo
mountPath: "/etc/foo"
volumes:
- name: foo
secret:
secretName: mysecret
#进入容器查看变量情况
[root@k8s-master k8syaml]# kubectl exec -it mypod bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@mypod:/# ls /etc/foo
password username
root@mypod:/# cat /etc/foo/password
123456
ConfigMap
存储不加密数据到etcd,让Pod以变量或者Volume挂载到容器中,一般用于配置文件
#创建一个redis配置文件
[root@k8s-master k8syaml]# cat redis.properties
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
#创建configmap
[root@k8s-master k8syaml]# kubectl create configmap redis-config --from-file=redis.properties
configmap/redis-config created
[root@k8s-master k8syaml]# kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 108d
redis-config 1 7s
#查看详细信息
[root@k8s-master k8syaml]# kubectl describe configmap redis-config
Name: redis-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
redis.properties:
----
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
BinaryData
====
Events: <none>
#以volume方式挂载
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh","-c","cat /etc/config/redis.properties"]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: redis-config
restartPolicy: Never
[root@k8s-master k8syaml]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 Completed 0 24s
[root@k8s-master k8syaml]# kubectl logs mypod
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
#以变量形式挂载
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
namespace: default
data:
special.level: info
special.type: hello
[root@k8s-master k8syaml]# kubectl apply -f configmap_var.yaml
configmap/myconfig created
[root@k8s-master k8syaml]# kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 108d
myconfig 2 13s
redis-config 1 21m
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name : busybox
image: busybox
command: ["/bin/sh","-c","echo $(LEVEL) $(TYPE)"]
env:
- name: LEVEL
valueFrom:
configMapKeyRef:
name: myconfig
key: special.level
- name: TYPE
valueFrom:
configMapKeyRef:
name: myconfig
key: special.type
restartPolicy: Never
[root@k8s-master k8syaml]# kubectl apply -f configmap_pod_var.yaml
pod/mypod created
[root@k8s-master k8syaml]# kubectl logs mypod
info hello
以上是关于Linux学习-Kubernetes之Secret和ConfigMap的主要内容,如果未能解决你的问题,请参考以下文章