html
node
mysql
linux
kubectl create configmap NAME --from-literal=key1=value1 --from-literal=key2=value2
[root@k8s-master ~]# kubectl create configmap nginx-config --from-literal=nginx_port=80 --from-literal=server_name=www.ilinux.cn #建立cm資源nginx-config,並指定兩個鍵值 configmap/nginx-config created [root@k8s-master ~]# kubectl get cm #查看cm資源 NAME DATA AGE nginx-config 2 4s [root@k8s-master ~]# kubectl describe cm/nginx-config #查看cm資源nginx-config的詳細信息 Name: nginx-config Namespace: default Labels: <none> Annotations: <none> Data ==== nginx_port: ---- 80 server_name: ---- www.ilinux.cn Events: <none>
nginx
web
kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
[root@k8s-master ~]# mkdir configmap && cd configmap #建立一個測試目錄 [root@k8s-master configmap]# vim www.conf #編輯文件內容用做cm的value server { server_name www.ilinux.cn; listen 80; root /data/web/html/; } [root@k8s-master configmap]# kubectl create configmap nginx-www --from-file=www.conf=./www.conf #使用上面建立的文件來建立cm資源對象 configmap/nginx-www created [root@k8s-master configmap]# kubectl get cm #查看cm資源對象 NAME DATA AGE nginx-config 2 7m1s nginx-www 1 5s [root@k8s-master configmap]# kubectl get cm nginx-www -o yaml #查看cm資源對象nginx-www的現象信息 apiVersion: v1 data: www.conf: | server { server_name www.ilinux.cn; listen 80; root /data/web/html/; } kind: ConfigMap ......
三、命令行基於目錄建立 --from-file:redis
sql
kubectl create configmap <configmap_name> --from-file=<path-to-directory>
這裏假設/data/configs/nginx/conf.d/這個目錄下有許多的nginx的配置文件,下面這條命令則將這個目錄下的全部配置文件在建立ConfigMap資源時,會分別存儲爲對應的鍵值數據。 # kubectl create configmap nginx-config-files --from-file=/data/configs/nginx/conf.d/
docker
編程
[root@k8s-master ~]# kubectl explain cm KIND: ConfigMap VERSION: v1 FIELDS: apiVersion <string> kind <string> metadata <Object> binaryData <map[string]string> data <map[string]string>
[root@k8s-master configmap]# vim configmap-demo.yaml apiVersion: v1 kind: ConfigMap metadata: name: configmap-demo namespace: default data: log_level: INFO log_file: /var/log/test.log [root@k8s-master configmap]# kubectl apply -f configmap-demo.yaml configmap/configmap-demo created [root@k8s-master configmap]# kubectl get cm NAME DATA AGE configmap-demo 2 6s nginx-config 2 23m nginx-www 1 16m [root@k8s-master configmap]# kubectl get cm/configmap-demo -o yaml apiVersion: v1 data: log_file: /var/log/test.log log_level: INFO kind: ConfigMap metadata: ....
[root@k8s-master configmap]# vim pod-configmap-1.yaml apiVersion: v1 kind: Pod metadata: name: pod-cm-1 namespace: default labels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 ports: - name: http containerPort: 80 env: - name: NGINX_SERVER_PORT valueFrom: #下面這一段表示變量NGINX_SERVER_PORT的值來自於configmap資源nginx-config的key(nginx_port)的值 configMapKeyRef: name: nginx-config #configmap資源名稱 key: nginx_port #configmap資源裏面的key名 - name: NGINX_SERVER_NAME valueFrom: configMapKeyRef: name: nginx-config key: server_name [root@k8s-master configmap]# kubectl apply -f pod-configmap-1.yaml #建立Pod pod/pod-cm-1 created [root@k8s-master configmap]# kubectl get pods #查看pod NAME READY STATUS RESTARTS AGE pod-cm-1 1/1 Running 0 4s [root@k8s-master configmap]# kubectl exec -it pod-cm-1 -- printenv |grep NGINX #鏈接pod資源pod-cm-1並執行命令printenv打印環境變量。過濾是否有上面定義的兩個環境變量 NGINX_SERVER_PORT=80 NGINX_SERVER_NAME=www.ilinux.cn #測試,修改端口,能夠發現使用環境變量的注入pod中的端口不會根據配置的變動而改變 [root@k8s-master configmap]# kubectl edit cm/nginx-config #編輯cm資源nginx-config將nginx_port值改成8080 ...... apiVersion: v1 data: nginx_port: "8080" ...... [root@k8s-master configmap]# kubectl exec -it pod-cm-1 -- printenv |grep NGINX NGINX_SERVER_PORT=80 NGINX_SERVER_NAME=www.ilinux.cn
二、存儲卷方式掛載ConfigMap
[root@k8s-master configmap]# vim pod-configmap-2.yaml apiVersion: v1 kind: Pod metadata: name: pod-cm-2 namespace: default labels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 ports: - name: http containerPort: 80 volumeMounts: - name: nginxconf mountPath: /etc/nginx/config.d/ readOnly: true volumes: #建立一個存儲卷 - name: nginxconf #存儲卷名稱 configMap: #使用configMap類型 name: nginx-config #指定configmap資源名稱 [root@k8s-master configmap]# kubectl apply -f pod-configmap-2.yaml #建立Pod pod/pod-cm-2 created [root@k8s-master configmap]# kubectl get pods #查看pod NAME READY STATUS RESTARTS AGE pod-cm-1 1/1 Running 0 10m pod-cm-2 1/1 Running 0 4s [root@k8s-master configmap]# kubectl exec -it pod-cm-2 -- /bin/sh #鏈接pod資源pod-cm-2,並進入到掛載目錄查看。 / # ls /etc/nginx/config.d/ nginx_port server_name / # cd /etc/nginx/config.d/ /etc/nginx/config.d # cat nginx_port 8080 /etc/nginx/config.d # cat server_name www.ilinux.cn #測試,修改端口,能夠發現使用volume的方式掛載configmap到容器中,支持動態更新。 [root@k8s-master configmap]# kubectl edit cm/nginx-config #編輯cm資源nginx-config將nginx_port值改成8088 apiVersion: v1 data: nginx_port: "8088" [root@k8s-master configmap]# kubectl exec -it pod-cm-2 -- /bin/sh /etc/nginx/config.d # cat nginx_port 8088 /etc/nginx/config.d #
[root@k8s-master configmap]# vim pod-configmap-3.yaml apiVersion: v1 kind: Pod metadata: name: pod-cm-3 namespace: default labels: app: nginx spec: containers: - name: nginx image: nginx:1.12 ports: - name: http containerPort: 80 volumeMounts: - name: nginxwww mountPath: /etc/nginx/conf.d/ readOnly: true volumes: - name: nginxwww configMap: name: nginx-www
[root@k8s-master configmap]# kubectl apply -f pod-configmap-3.yaml pod/pod-cm-3 created [root@k8s-master configmap]# kubectl get pods -o wide #查看pod NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-cm-3 1/1 Running 0 5s 10.244.1.92 k8s-node1 <none> <none>
[root@k8s-master configmap]# kubectl exec -it pod-cm-3 -- /bin/sh #進入到pod中 # ls /etc/nginx/conf.d www.conf # cat /etc/nginx/conf.d/www.conf #查看生成的www.conf配置文件 server { server_name www.ilinux.cn; listen 80; root /data/web/html/; } # nginx -T #查看當前nginx加載的配置文件 ...... server { server_name www.ilinux.cn; listen 80; root /data/web/html/; } # mkdir -p /data/web/html #建立數據目錄 # echo "<h1>ConfigMap Pod Test</h1>" >> /data/web/html/index.html #建立測試文件 #這裏拿kubernetes集羣節點測試 [root@k8s-master ~]# vim /etc/hosts #編輯hosts文件將上面的pod和對應的域名進行解析 10.244.1.92 www.ilinux.cn [root@k8s-master ~]# curl www.ilinux.cn #訪問測試 <h1>ConfigMap Pod Test</h1>
kubernetes.io/service-account-token:`Service Account的認證信息,可在建立
Service Account`時由Kubernetes自動建立。
kubernetes.io/dockerconfigjson:用來存儲Docker鏡像倉庫的認證信息,類型標識符爲docker-regiestry
。
kubernetes.io/tls:用於爲SSL
通訊模式存儲證書和私鑰文件,命令式建立時類型標識爲tls
。
一、命令直接建立 --from-literal:
kubectl create secret generic NAME --from-literal=key1=value1 --from-literal=key2=value2
[root@k8s-master ~]# kubectl create secret generic mysql-auth --from-literal=username=root --from-literal=password=MyP@sswd #建立secret資源mysql-auth,並指定兩個鍵值 secret/mysql-auth created [root@k8s-master ~]# kubectl get secret #查看secret資源 NAME TYPE DATA AGE default-token-blm9l kubernetes.io/service-account-token 3 3d mysql-auth Opaque 2 17s [root@k8s-master ~]# kubectl describe secret/mysql-auth #查看secret資源mysql-auth的詳細信息 Name: mysql-auth Namespace: default Labels: <none> Annotations: <none> Type: Opaque Data ==== password: 8 bytes username: 4 bytes
kubectl create secret generic my-secret --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
[root@k8s-master ~]# mkdir secret && cd secret [root@k8s-master secret]# echo -n admin > ./username [root@k8s-master secret]# echo -n 123456 > ./password [root@k8s-master secret]# [root@k8s-master secret]# kubectl create secret generic mysecret --from-file=username=./username --from-file=password=./password secret/mysecret created [root@k8s-master secret]# kubectl get secret NAME TYPE DATA AGE default-token-blm9l kubernetes.io/service-account-token 3 3d mysecret Opaque 2 6s mysql-auth Opaque 2 5m23s [root@k8s-master secret]# kubectl get secret/mysecret -o yaml apiVersion: v1 data: password: MTIzNDU2 #這裏能夠看到secret存儲的值都是base64編碼格式 username: YWRtaW4= kind: Secret metadata ......
data <map[string]string> #"key:value"格式的數據,一般是敏感信息,數據格式須要以Base64格式編碼的字符串,所以須要事先完成編碼 stringData <map[string]string> #以明文格式(非Base64編碼)定義的「key:value"數據;無須事先對數據進行Base64編碼,而是在建立爲Secret對象時自動進行編碼並保存於data字段中。 type <string> #僅是爲了便於編程方式處理Secret數據而提供的類型標識。
[root@k8s-master secret]# vim secret-demo.yaml apiVersion: v1 kind: Secret metadata: name: secret-demo namespace: default stringData: username: redis password: redisP@ss type: Opaque [root@k8s-master secret]# kubectl apply -f secret-demo.yaml secret/secret-demo created [root@k8s-master secret]# kubectl get secret NAME TYPE DATA AGE default-token-blm9l kubernetes.io/service-account-token 3 3d1h mysecret Opaque 2 28m mysql-auth Opaque 2 33m secret-demo Opaque 2 5s [root@k8s-master secret]# kubectl get secret/secret-demo -o yaml apiVersion: v1 data: password: cmVkaXNQQHNz username: cmVkaXM= kind: Secret metadata: ......
存儲卷方式示例:
這裏假設須要爲Nginx
測試建立SSL
[root@k8s-master secret]# openssl genrsa -out nginx.key 2048 [root@k8s-master secret]# openssl req -new -x509 -key nginx.key -out nginx.crt -subj /C=CN/ST=ShenZhen/L=ShenZhen/O=DevOps/CN=www.ilinux.cn
[root@k8s-master secret]# kubectl create secret tls nginx-ssl --key=./nginx.key --cert=./nginx.crt secret/nginx-ssl created [root@k8s-master secret]# kubectl get secret nginx-ssl NAME TYPE DATA AGE nginx-ssl kubernetes.io/tls 2 14s
3)編輯資源清單
[root@k8s-master secret]# vim pod-secret-demo.yaml apiVersion: v1 kind: Pod metadata: name: secret-volume-demo namespace: default spec: containers: - name: web-server image: nginx:1.12 volumeMounts: - name: nginxcert mountPath: /etc/nginx/ssl/ readOnly: true volumes: - name: nginxcert secret: secretName: nginx-ssl
[root@k8s-master secret]# kubectl apply -f pod-secret-demo.yaml pod/secret-volume-demo created [root@k8s-master secret]# kubectl exec -it secret-volume-demo -- /bin/sh # ls /etc/nginx/ssl tls.crt tls.key