k8s-ConfigMap&Secret
2021-11-22 本文已影响0人
小李飞刀_lql
ConfigMap
概述
001 创建ConfigMap后,数据实际会存储在K8s中Etcd,然后通过创建Pod时引用该数据
002 应用场景:应用程序配置
003 Pod使用configmap数据有两种方式:
• 变量注入
• 数据卷挂载
配置
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
abc: "123"
cde: "456"
redis.properties: |
port: 6379
host: 192.168.31.10
----------------------------------------------------
apiVersion: v1
kind: Pod
metadata:
name: app-config-demo
spec:
containers:
- name: demo
image: nginx
env:
- name: XYZ
value: "666"
- name: ABCD
valueFrom:
configMapKeyRef:
name: app-config
key: abc
- name: CDEF
valueFrom:
configMapKeyRef:
name: app-config
key: cde
volumeMounts:
- name: config
mountPath: "/config"
readOnly: true
volumes:
- name: config
configMap:
name: app-config
items:
- key: "redis.properties"
path: "redis.properties"
-------------------------------------------------------------------
验证
[root@k8smaster configmap]# kubectl apply -f configmap.yaml
configmap/app-config created
[root@k8smaster configmap]# kubectl get configmap
NAME DATA AGE
app-config 3 9s
[root@k8smaster configmap]# kubectl apply -f configmappod.yaml
pod/app-config-demo created
[root@k8smaster configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
app-config-demo 1/1 Running 0 3m14s
[root@k8smaster configmap]# kubectl exec -it app-config-demo bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@app-config-demo:/# echo $XYZ
666
root@app-config-demo:/# echo $ABCD
123
root@app-config-demo:/# echo $CDEF
456
root@app-config-demo:/# ls /config
redis.properties
root@app-config-demo:/# cat /config/redis.properties
port: 6379
host: 192.168.31.10
Secret
概述
001 与ConfigMap类似,区别在于Secret主要存储敏感数据,所有的数据要经过base64编码
--------------------------------------------------------------------------
[root@k8smaster configmap]# echo -n 'admin' | base64
YWRtaW4=
[root@k8smaster configmap]# echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm
类型
001 docker-registry(kubernetes.io/dockerconfigjson):存储镜像仓库认证信息
002 generic(Opaque):存储密码、密钥等
003 tls(kubernetes.io/tls):存储TLS证书
配置
apiVersion: v1
kind: Secret
metadata:
name: db-user-pass
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
--------------------------------------------------------------------
apiVersion: v1
kind: Pod
metadata:
name: secret-demo-pod
spec:
containers:
- name: demo
image: nginx
env:
- name: USER
valueFrom:
secretKeyRef:
name: db-user-pass
key: username
- name: PASS
valueFrom:
secretKeyRef:
name: db-user-pass
key: password
volumeMounts:
- name: config
mountPath: "/config"
readOnly: true
volumes:
- name: config
secret:
secretName: db-user-pass
items:
- key: username
path: my-username
------------------------------------------------------------------------------
验证
[root@k8smaster configmap]# kubectl apply -f secret.yaml
secret/db-user-pass created
[root@k8smaster configmap]# kubectl apply -f secretpod.yaml
pod/secret-demo-pod created
[root@k8smaster configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
secret-demo-pod 1/1 Running 0 40s
[root@k8smaster configmap]# kubectl exec -it secret-demo-pod bash
root@secret-demo-pod:/# echo $USER
admin
root@secret-demo-pod:/# echo $PASS
1f2d1e2e67df
root@secret-demo-pod:/# ls /config
my-username
root@secret-demo-pod:/# cat /config/my-username
admin
