文章目录
configmap 详解
configmap的作用是什么?
答: pod 中的配置文件分离开来
如何将配置文件中key 转换成configmap 呢?
[root@k8s-01 chapter08]# cat ui.properties
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice
[root@k8s-01 chapter08]# cat game.properties
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
创建configmap
kubectl create configmap game-config --from-file=game.properties --from-file=ui.properties
查看创建后信息
[root@k8s-01 chapter08]# kubectl describe configmap game-config
Name: game-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
game.properties:
----
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
ui.properties:
----
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice
Events: <none>
[root@k8s-01 chapter08]# kubectl get configmap
NAME DATA AGE
game-config 2 3m18s
[root@k8s-01 chapter08]# kubectl get configmap game-config -o yaml
apiVersion: v1
data:
game.properties: |-
enemies=aliens
lives=3
enemies.cheat=true
enemies.cheat.level=noGoodRotten
secret.code.passphrase=UUDDLRLRBABAS
secret.code.allowed=true
secret.code.lives=30
ui.properties: |-
color.good=purple
color.bad=yellow
allow.textmode=true
how.nice.to.look=fairlyNice
kind: ConfigMap
metadata:
creationTimestamp: "2023-08-25T04:17:47Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:game.properties: {}
f:ui.properties: {}
manager: kubectl
operation: Update
time: "2023-08-25T04:17:47Z"
name: game-config
namespace: default
resourceVersion: "739950"
selfLink: /api/v1/namespaces/default/configmaps/game-config
uid: c0dac33b-5f6c-4647-a18e-dc3432093fca
创建键值
[root@k8s-01 chapter08]# kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm
configmap/special-config created
[root@k8s-01 chapter08]# kubectl get configmap
NAME DATA AGE
game-config 2 13m
special-config 2 14s
[root@k8s-01 chapter08]# kubectl describe special-config
error: the server doesn't have a resource type "special-config"
[root@k8s-01 chapter08]# kubectl describe configmap special-config
Name: special-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
special.how:
----
very
special.type:
----
charm
Events: <none>
[root@k8s-01 chapter08]# kubectl get configmap -o=yaml
apiVersion: v1
items:
- apiVersion: v1
data:
special.how: very
kind: ConfigMap
metadata:
creationTimestamp: "2023-08-25T04:33:07Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:special.how: {}
manager: kubectl
operation: Update
time: "2023-08-25T04:33:07Z"
name: special-config
namespace: default
resourceVersion: "742522"
selfLink: /api/v1/namespaces/default/configmaps/special-config
uid: 75ae4409-5d05-4cff-ae0e-2181f06295d1
kind: List
metadata:
resourceVersion: ""
selfLink: ""
pod中如何引用刚刚创建好的key 呢?
下面的pod是引用了刚刚创建的configmap
[root@k8s-01 chapter08]# cat pod-single-configmap-env-variable.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: busybox
command: [ "/bin/sh", "-c", "env" ]
env:
# Define the environment variable
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
# The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
name: special-config
# Specify the key associated with the value
key: special.how
restartPolicy: Never
SPECIAL_LEVEL_KEY=very
NGINX_SERVICE_PORT=80
NGINX_PORT=tcp://10.104.210.165:80
MY_SERVICE_PORT_80_TCP_ADDR=10.104.130.24
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
MY_SERVICE_PORT_80_TCP_PORT=80
HELLO_PORT=tcp://10.109.229.1:80
KUBERNETES_SERVICE_HOST=10.96.0.1
HELLO_SERVICE_PORT=80
PWD=/
MY_SERVICE_PORT_80_TCP_PROTO=tcp
NGINX_PORT_80_TCP_ADDR=10.104.210.165
FRONTEND_SERVICE_HOST=10.109.68.171
NGINX_PORT_80_TCP_PORT=80
NGINX_PORT_80_TCP_PROTO=tcp
[root@k8s-01 chapter08]# kubectl logs dapi-test-pod
多个key 被引用
[root@k8s-01 chapter08]# cat configmaps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: special-config
namespace: default
data:
special.how: very
---
apiVersion: v1
kind: ConfigMap
metadata:
name: env-config
namespace: default
data:
log_level: INFO[root@k8s-01 chapter08]# cat pod-multiple-configmap-env-variable.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: busybox
command: [ "/bin/sh", "-c", "env" ]
env:
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
name: special-config
key: special.how
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: env-config
key: log_level
restartPolicy: Never[root@k8s-01 chapter08]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dapi-test-pod 0/1 Completed 0 33s
[root@k8s-01 chapter08]# kubectl logs dapi-test-pod
HELLO_PORT_80_TCP_ADDR=10.109.229.1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
LOG_LEVEL=INFO
FRONTEND_SERVICE_PORT=80
MY_SERVICE_PORT_80_TCP=tcp://10.104.130.24:80
REDIS_MASTER_SERVICE_HOST=10.106.204.32
FRONTEND_PORT=tcp://10.109.68.171:80
HELLO_PORT_80_TCP_PORT=80
HOSTNAME=dapi-test-pod
HELLO_PORT_80_TCP_PROTO=tcp
SHLVL=1
HOME=/root
NGINX_PORT_80_TCP=tcp://10.104.210.165:80
FRONTEND_PORT_80_TCP_ADDR=10.109.68.171
REDIS_MASTER_SERVICE_PORT=6379
REDIS_MASTER_PORT=tcp://10.106.204.32:6379
REDIS_MASTER_PORT_6379_TCP_ADDR=10.106.204.32
HELLO_PORT_80_TCP=tcp://10.109.229.1:80
FRONTEND_PORT_80_TCP_PORT=80
EXAMPLE_SERVICE_PORT_8080_TCP_ADDR=10.100.94.120
FRONTEND_PORT_80_TCP_PROTO=tcp
EXAMPLE_SERVICE_SERVICE_HOST=10.100.94.120
REDIS_MASTER_PORT_6379_TCP_PORT=6379
EXAMPLE_SERVICE_PORT_8080_TCP_PORT=8080
REDIS_MASTER_PORT_6379_TCP_PROTO=tcp
MY_SERVICE_SERVICE_HOST=10.104.130.24
EXAMPLE_SERVICE_PORT_8080_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
EXAMPLE_SERVICE_SERVICE_PORT=8080
EXAMPLE_SERVICE_PORT=tcp://10.100.94.120:8080
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NGINX_SERVICE_HOST=10.104.210.165
FRONTEND_PORT_80_TCP=tcp://10.109.68.171:80
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
MY_SERVICE_SERVICE_PORT=80
MY_SERVICE_PORT=tcp://10.104.130.24:80
REDIS_MASTER_PORT_6379_TCP=tcp://10.106.204.32:6379
EXAMPLE_SERVICE_PORT_8080_TCP=tcp://10.100.94.120:8080
HELLO_SERVICE_HOST=10.109.229.1
SPECIAL_LEVEL_KEY=very
NGINX_SERVICE_PORT=80
NGINX_PORT=tcp://10.104.210.165:80
MY_SERVICE_PORT_80_TCP_ADDR=10.104.130.24
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
HELLO_PORT=tcp://10.109.229.1:80
KUBERNETES_SERVICE_HOST=10.96.0.1
MY_SERVICE_PORT_80_TCP_PORT=80
HELLO_SERVICE_PORT=80
PWD=/
MY_SERVICE_PORT_80_TCP_PROTO=tcp
NGINX_PORT_80_TCP_ADDR=10.104.210.165
FRONTEND_SERVICE_HOST=10.109.68.171
NGINX_PORT_80_TCP_PORT=80
NGINX_PORT_80_TCP_PROTO=tcp
在configmaps中定义所有的键值对作为容器的环境变量
[root@k8s-01 chapter08]# cat pod-configmap-envFrom.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: busybox
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- configMapRef:
name: special-config
restartPolicy: Never[root@k8s-01 chapter08]# cat configmap-multikeys.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: special-config
namespace: default
data:
SPECIAL_LEVEL: very
SPECIAL_TYPE: charm[root@k8s-01 chapter08]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dapi-test-pod 0/1 Completed 0 2m1s
[root@k8s-01 chapter08]# kubectl logs dapi-test-pod |grep very
SPECIAL_LEVEL=very
[root@k8s-01 chapter08]# kubectl logs dapi-test-pod |grep charm
SPECIAL_TYPE=charm
在pod命令中使用configmap定义的环境变量
configmap 使用案例
configmap结合nginx使用
[root@k8s-01 chapter08]# cat nginx_deployment.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
events {
worker_connections 10240;
}
http {
log_format main
'remote_addr:$remote_addr\t'
'time_local:$time_local\t'
'method:$request_method\t'
'uri:$request_uri\t'
'host:$host\t'
'status:$status\t'
'bytes_sent:$body_bytes_sent\t'
'referer:$http_referer\t'
'useragent:$http_user_agent\t'
'forwardedfor:$http_x_forwarded_for\t'
'request_time:$request_time';
access_log /var/log/nginx/access.log main;
server {
listen 80;
server_name _;
location / {
root html;
index index.html index.htm;
}
}
include /etc/nginx/virtualhost/virtualhost.conf;
}
virtualhost.conf: |
upstream app {
server localhost:8080;
keepalive 1024;
}
server {
listen 80 default_server;
root /usr/local/app;
access_log /var/log/nginx/app.access_log main;
error_log /var/log/nginx/app.error_log;
location / {
proxy_pass http://www.baidu.com;
proxy_http_version 1.1;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx # mount nginx-conf volumn to /etc/nginx
readOnly: true
name: nginx-conf
- mountPath: /var/log/nginx
name: log
volumes:
- name: nginx-conf
configMap:
name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx
items:
- key: nginx.conf
path: nginx.conf
- key: virtualhost.conf
path: virtualhost/virtualhost.conf # dig directory
- name: log
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
selector:
app: nginx
这个实验如果修改nginx 的upstream 中的跳转地址,需要手动进去pod 里面重启nginx
secret
创建密钥
从文件获取内容创建密钥
创建文件
# echo --n 'admin' > ./username.txt
# echo --n '1f2dl32e67df' >./password.txt
创建密钥
# kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
手工创建密钥
- 把信息转换成base64编码
echo --n 'admin' | base64
echo --n '1f2dl32e67df' | base64
创建密钥
# kubectl create --f secret-example.yaml
使用密钥
密钥作为卷进行挂载
配置文件参考secret-volume.yaml文件
密钥文件作为指定路径的映射
配置文件参考secret-special-path.yaml
将秘钥作为环境变量
配置文件参考secret-env-pod.yaml
[root@k8s-01 chapter08]# cat secret-example.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: 4oCTbiDigJhhZG1pbuKAmQo=
password: 4oCTbiDigJgxZjJkbDMyZTY3ZGbigJkK
[root@k8s-01 chapter08]# cat secret-volume.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret[root@k8s-01 chapter08]# cat secret-special-path.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod1
spec:
containers:
- name: mypoad
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
items:
- key: username
path: my-group/my-username
[root@k8s-01 chapter08]# cat secret-env-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
上面几种方式均可以引入定义好的密文
k8s从私有库拉取镜像案例
创建密钥
第一种方法
登陆docker,并创建密钥
# kubectl create secret generic regcred --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson
第二种方法
在命令行中创建密钥
# kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
[root@k8s-01 chapter08]# cat my-private-reg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: mike0405/nginx:latest
imagePullSecrets:
- name: regcred
参考文档
https://edu.csdn.net/learn/27763/375906?spm=1002.2001.3001.4157