一、理论
configmap能存放什么文件?
文档、变量
configmap对pod中的容器而言有什么作用?
简化了pod的配置,pod内容器文件的更换变得异常方便,通过configmap可快速更换。
configmap中文件存储上限 1MB
configmap与pod需在统一命名空间,否则pod无法使用cm
secret保存账号,密码、证书等需要加密储存的信息,secret会加密存储。
二、实践
bash
环境准备,上传镜像到101、102、103中,101上传资源清单。
-- configmap简单存储 --
1、创建测试目录
[root@k8s-master ~]# mkdir /conf
[root@k8s-master ~]# cd /conf/
2、生成测试文件
[root@k8s-master conf]# echo "111" > file01.conf
[root@k8s-master conf]# echo "222" > file02.conf
[root@k8s-master conf]# cat file01.conf
111
[root@k8s-master conf]# cat file02.conf
222
3、创建configmap存储测试文件
[root@k8s-master conf]# ku create configmap game-config-1 --from-file=/conf/
configmap/game-config-1 created
PS:类型为configmap 名称为game-config-1 --from-file后指定文件位置,基于目录创建
4、查看
查看有哪些configmap
[root@k8s-master conf]# ku get cm
NAME DATA AGE
game-config-1 2 3m10s
kube-root-ca.crt 1 11d
查看指定的configmap
[root@k8s-master conf]# ku get cm game-config-1
NAME DATA AGE
game-config-1 2 3m42s
以yaml方式查看configmap具体内容
[root@k8s-master conf]# ku get cm game-config-1 -o yaml
apiVersion: v1
data:
file01.conf: |
111
file02.conf: |
222
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T00:52:18Z"
name: game-config-1
namespace: default
resourceVersion: "8382"
uid: 4a8f3d84-2d16-4933-8786-c587dc4c456a
5、更改测试文件内容
[root@k8s-master conf]# vim file01.conf
111
11
1
[root@k8s-master conf]# vim file02.conf
222
22
2
6、重新创建configmap及查看
[root@k8s-master conf]# ku delete configmap game-config-1
configmap "game-config-1" deleted
[root@k8s-master conf]# ku create configmap game-config-1 --from-file=/conf/
configmap/game-config-1 created
[root@k8s-master conf]# ku get cm game-config-1 -o yaml
apiVersion: v1
data:
file01.conf: |
111
11
1
file02.conf: |
222
22
2
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T00:58:26Z"
name: game-config-1
namespace: default
resourceVersion: "8897"
uid: 0c6b4877-238f-4236-aa2c-4fa2b330f7f2
7、其他创建方式
基于文件创建
[root@k8s-master conf]# ku create configmap game-config-2 --from-file=/conf/file01.conf
configmap/game-config-2 created
基于多个文件创建
[root@k8s-master conf]# ku create configmap game-config-3 --from-file=/conf/file01.conf --from-file=/conf/file02.conf
configmap/game-config-3 created
基于单/多个文件创建,为文件设置键值(等同于别名)
[root@k8s-master conf]# ku create configmap game-config-4 --from-file=file-key01=/conf/file01.conf --from-file=file-key02=/conf/file02.conf
configmap/game-config-4 created
[root@k8s-master conf]# ku get cm game-config-4 -o yaml
apiVersion: v1
data:
file-key01: | # 名称变为指定的file-key
111
11
1
file-key02: | # 名称变为指定的file-key
222
22
2
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T01:07:37Z"
name: game-config-4
namespace: default
resourceVersion: "9671"
uid: 36f367a7-1567-4107-b3d5-9c5b466c0bb2
-- configmap存储变量 --
1、创建测试文件
[root@k8s-master conf]# vim game-env-file.cfg
name1=a
name2=b
name3=c
2、创建
[root@k8s-master conf]# ku create cm game-config-env-file --from-env-file=/conf/game-env-file.cfg
configmap/game-config-env-file created
PS --from-env-file后面跟存储变量的配置文件
3、查看
[root@k8s-master conf]# ku get cm game-config-env-file -o yaml
apiVersion: v1
data:
name1: a
name2: b
name3: c
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T01:15:55Z"
name: game-config-env-file
namespace: default
resourceVersion: "10364"
uid: b752e524-6419-4def-a311-ea214be35174
4、其他方式创建
基于字符值方式创建
[root@k8s-master conf]# ku create cm spec-config-1 --from-literal=user01=zhangsan --from-literal=spce.user02=lisi
configmap/spec-config-1 created
查看
[root@k8s-master conf]# ku get cm spec-config-1 -o yaml
apiVersion: v1
data:
spce.user02: lisi # 字符值
user01: zhangsan # 变量
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T01:21:21Z"
name: spec-config-1
namespace: default
resourceVersion: "10820"
uid: d518d3f0-98ab-43f5-b89d-070726f6305c
-- configmap供pod使用 --
1、创建pod需要使用的变量
[root@k8s-master conf]# ku create cm spec-config-2 --from-literal=name1=zhangsan --from-literal=name2=lisi
configmap/spec-config-2 created
[root@k8s-master conf]# ku get cm spec-config-2 -o yaml
apiVersion: v1
data:
name1: zhangsan
name2: lisi
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T01:39:53Z"
name: spec-config-2
namespace: default
resourceVersion: "12406"
uid: 65dd9835-fbfe-4fd6-8afe-3a55880a13e7
2、编写pod配置文件及创建(可自定义变量名称)
[root@k8s-master ~]# vim env-valuefrom.yaml
apiVersion: v1
kind: Pod
metadata:
name: env-valuefrom
spec:
containers:
- name: env-valuefrom
image: busybox:v1
command: [ "/bin/sh","-c","env" ] # 启动容器后会执行env命令,执行完退出
env:
- name: my-name01 # 键(值来源于name01)
valueFrom:
configMapKeyRef:
key: name1 # 值
name: spec-config-2
- name: my-name02 # 键(值来源于name02)
valueFrom:
configMapKeyRef:
key: name2 # 值
name: spec-config-2
restartPolicy: Never
[root@k8s-master ~]# ku create -f env-valuefrom.yaml
pod/env-valuefrom created
3、查看
[root@k8s-master ~]# ku logs env-valuefrom
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT=443
HOSTNAME=env-valuefrom
SHLVL=1
HOME=/root
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
my-name01=zhangsan
my-name02=lisi
PS:my-name01和my-name02它们的值来自于name01和name02
4、编写pod配置文件及创建(不可自定义变量名称)
[root@k8s-master ~]# vim env-envfrom.yaml
apiVersion: v1
kind: Pod
metadata:
name: env-envfrom
spec:
containers:
- name: env-envfrom
image: busybox:v1
command: [ "/bin/sh","-c","env" ]
envFrom:
- configMapRef:
name: spec-config-2
restartPolicy: Never
[root@k8s-master ~]# ku create -f env-envfrom.yaml
pod/env-envfrom created
查看
[root@k8s-master ~]# ku logs env-envfrom
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
name1=zhangsan # 与原来相同
HOSTNAME=env-envfrom
name2=lisi # 与原来相同
SHLVL=1
HOME=/root
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
-- 以文件方式挂载configmap(未更改文件名称) --
1、创建configmap
[root@k8s-master ~]# ku create cm spec-config02 --from-file=app1.conf=/conf/file01.conf --from-file=app2.conf=/conf/file02.conf
configmap/spec-config02 created
2、创建pod
[root@k8s-master ~]# vim dapi-test1-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test1-pod
spec:
containers:
- name: dapi-test1-pod
image: nginx:1.7.9
ports:
- containerPort: 80
volumeMounts:
- name: config-volume # 通过卷名找卷
mountPath: /etc/conf # 容器内挂载
volumes: # 与containers平级,创建volumes后,
- name: config-volume # 卷名
configMap:
name: spec-config02
items:
[root@k8s-master ~]# ku apply -f dapi-test1-pod.yaml
pod/dapi-test1-pod created
3、进入容器查看挂载情况
[root@k8s-master ~]# ku apply -f dapi-test1-pod.yaml
pod/dapi-test1-pod created
[root@k8s-master ~]# ku get pod
NAME READY STATUS RESTARTS AGE
dapi-test1-pod 1/1 Running 0 12s
env-envfrom 0/1 Completed 0 9m59s
env-valuefrom 0/1 Completed 0 19m
[root@k8s-master ~]# ku exec -it dapi-test1-pod -- bash
root@dapi-test1-pod:/# cd /etc/conf/
root@dapi-test1-pod:/etc/conf# ls
app1.conf app2.conf
root@dapi-test1-pod:/etc/conf# cat app1.conf
111
11
1
root@dapi-test1-pod:/etc/conf# cat app2.conf
222
22
2
-- 以文件方式挂载configmap(更改文件名称) --
1、创建pod(更改文件名称)
[root@k8s-master ~]# vim dapi-test2-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test2-pod
spec:
containers:
- name: dapi-test2-pod
image: nginx:1.7.9
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/conf
volumes:
- name: config-volume
configMap:
name: spec-config02
items:
- key: app1.conf
path: app1.cfg
- key: app2.conf
path: app2.cfg
[root@k8s-master ~]# ku apply -f dapi-test2-pod.yaml
pod/dapi-test2-pod created
[root@k8s-master ~]# ku get pod
NAME READY STATUS RESTARTS AGE
dapi-test1-pod 1/1 Running 0 7m38s
dapi-test2-pod 0/1 ContainerCreating 0 2s
env-envfrom 0/1 Completed 0 17m
env-valuefrom 0/1 Completed 0 26m
2、查看
[root@k8s-master ~]# ku exec -it dapi-test2-pod -- bash
root@dapi-test2-pod:/# cd /etc/conf
root@dapi-test2-pod:/etc/conf# ls
app1.cfg app2.cfg
root@dapi-test2-pod:/etc/conf# ls -l
total 0
lrwxrwxrwx 1 root root 15 Jul 8 02:15 app1.cfg -> ..data/app1.cfg
lrwxrwxrwx 1 root root 15 Jul 8 02:15 app2.cfg -> ..data/app2.cfg
root@dapi-test2-pod:/etc/conf# cd ..data # ..data是隐藏目录,在当前目录。
root@dapi-test2-pod:/etc/conf/..data# pwd
/etc/conf/..data
root@dapi-test2-pod:/etc/conf/..data# ls
app1.cfg app2.cfg
root@dapi-test2-pod:/etc/conf/..data# ls -l
total 8
-rw-r--r-- 1 root root 9 Jul 8 02:15 app1.cfg
-rw-r--r-- 1 root root 9 Jul 8 02:15 app2.cfg
-- 以文件方式挂载configmap(更改文件权限) --
1、创建pod
[root@k8s-master ~]# vim dapi-test3-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test3-pod
spec:
containers:
- name: dapi-test3-pod
image: nginx:1.7.9
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/conf
volumes:
- name: config-volume
configMap:
name: spec-config02
items:
- key: app1.conf # 源文件(cm中的)
path: app1.cfg # 重命名为app1.cfg
mode: 0644 # app1.cfg权限为644
- key: app2.conf # 源文件(cm中的)
path: app2.cfg # 重命名为app2.cfg
# app2.cfg未指定权限,使用卷的默认权限。
defaultMode: 0666 # 卷默认权限666
[root@k8s-master ~]# ku apply -f dapi-test3-pod.yaml
pod/dapi-test3-pod created
2、查看
[root@k8s-master ~]# ku get pod
NAME READY STATUS RESTARTS AGE
dapi-test1-pod 1/1 Running 0 31m
dapi-test2-pod 1/1 Running 0 24m
dapi-test3-pod 1/1 Running 0 11s
env-envfrom 0/1 Completed 0 41m
env-valuefrom 0/1 Completed 0 50m
[root@k8s-master ~]# ku exec -it dapi-test3-pod -- bash
root@dapi-test3-pod:/# cd /etc/conf
root@dapi-test3-pod:/etc/conf# ls
app1.cfg app2.cfg
root@dapi-test3-pod:/etc/conf# ls -a
. .. ..2025_07_08_02_38_51.4059820484 ..data app1.cfg app2.cfg
root@dapi-test3-pod:/etc/conf# ls -l
total 0
lrwxrwxrwx 1 root root 15 Jul 8 02:38 app1.cfg -> ..data/app1.cfg
lrwxrwxrwx 1 root root 15 Jul 8 02:38 app2.cfg -> ..data/app2.cfg
root@dapi-test3-pod:/etc/conf# cd ..data
root@dapi-test3-pod:/etc/conf/..data# ls
app1.cfg app2.cfg
root@dapi-test3-pod:/etc/conf/..data# ls -l
total 8
-rw-r--r-- 1 root root 9 Jul 8 02:38 app1.cfg
-rw-rw-rw- 1 root root 9 Jul 8 02:38 app2.cfg
-- 使用cm为nginx配置nginx.conf --
1、创建cm
[root@k8s-master ~]# ku create cm nginx-config --from-file=nginx.conf=nginx.conf
configmap/nginx-config created
[root@k8s-master ~]# ku get cm nginx-config -o yaml
apiVersion: v1
data:
nginx.conf: |
user nginx;
#This is my ngin-config
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main ' - [] "" '
' "" '
'"" ""';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
kind: ConfigMap
metadata:
creationTimestamp: "2025-07-08T02:44:22Z"
name: nginx-config
namespace: default
resourceVersion: "17886"
uid: 432125b0-5d58-4c37-ae15-f2d0456aa6ac
2、创建pod
uid: 432125b0-5d58-4c37-ae15-f2d0456aa6ac
[root@k8s-master ~]#
[root@k8s-master ~]# ls
dapi-test1-pod.yaml dapi-test4-pod.yaml env-valuefrom.yaml nginx.conf
dapi-test2-pod.yaml db-user-secret.yaml images secret-pod.yaml
dapi-test3-pod.yaml env-envfrom.yaml init-config.yaml zabbix-mysql.yaml
[root@k8s-master ~]# vim dapi-test4-pod.yaml
[root@k8s-master ~]# vim dapi-test4-pod.yaml
[root@k8s-master ~]#
[root@k8s-master ~]# vim dapi-test4-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test4-pod
spec:
containers:
- name: dapi-test4-pod
image: nginx:1.7.9
ports:
- containerPort: 80
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-config
configMap:
name: nginx-config
items:
- key: nginx.conf
path: nginx.conf
PS:subPath: nginx.conf # 不加此行,会导致/etc/nginx下所有内容都被覆盖,只有nginx.conf这个文件,会导致pod启动失败。加了此行,会使nginx.conf以子路径的方式挂载进去,不会影响别的文件。
[root@k8s-master ~]# ku get pod
NAME READY STATUS RESTARTS AGE
dapi-test1-pod 1/1 Running 0 47m
dapi-test2-pod 1/1 Running 0 39m
dapi-test3-pod 1/1 Running 0 15m
dapi-test4-pod 1/1 Running 0 3s
env-envfrom 0/1 Completed 0 57m
env-valuefrom 0/1 Completed 0 66m
[root@k8s-master ~]# ku exec -it dapi-test4-pod -- bash
root@dapi-test4-pod:/# cd /etc/nginx
root@dapi-test4-pod:/etc/nginx# ls
conf.d koi-utf mime.types scgi_params win-utf
fastcgi_params koi-win nginx.conf uwsgi_params
root@dapi-test4-pod:/etc/nginx# cat nginx.conf
user nginx;
#This is my ngin-config
-- secret简单使用 --
1、编写测试文件
[root@k8s-master ~]# echo -n "admin" > username.txt
[root@k8s-master ~]# echo -n "pwd123" > password.txt
2、创建secret
[root@k8s-master ~]# ku create secret generic db-user-pass --from-file=username.txt --from-file=password.txt
secret/db-user-pass created
3、查看
[root@k8s-master ~]# ku get secret
NAME TYPE DATA AGE
db-user-pass Opaque 2 18s
default-token-bjg92 kubernetes.io/service-account-token 3 11d
类型为opaque(透明的)。
[root@k8s-master ~]# ku get secret db-user-pass -o yaml
apiVersion: v1
data:
password.txt: cHdkMTIz
username.txt: YWRtaW4=
kind: Secret
metadata:
creationTimestamp: "2025-07-08T03:03:12Z"
name: db-user-pass
namespace: default
resourceVersion: "19481"
uid: c5d008fa-2cde-4f37-b6ff-4de786c5a4d6
type: Opaque
tips:这种"加密"是重编码的方式,使用base64进行重编码
[root@k8s-master ~]# echo -n "pwd123" | base64
cHdkMTIz
[root@k8s-master ~]# echo -n "cHdkMTIz" | base64 --decode
pwd123