zoukankan      html  css  js  c++  java
  • Kubernetes ---- 存储卷(ConfigMap、secret)

    特殊类型的存储卷:


    configMap:
      以变量注入的方式给Pod中的容器注入变量修改配置;
      以存储卷的方式挂载到Pod中,配置文件存储在指定位置给Pod提供配置;
      是明文存储数据的;

    secret:
      与ConfigMap功能一致,但当中的内容是以base64编码方式存储的;

    Pod中的容器引用环境变量:
    ConfigMap:
      pods.containers.spec.env.envFrom.configMapKeyRef <Object>
      ConfigMap中保存的数据都为键值模式,属于名称空间中的资源

    命令行方式创建configmap

    # 查看ConfigMap的定义语法
    $ kubectl explain cm
    
    $ kubectl create configmap --help
    Usage:
      kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run] [options]
    $ kubectl create configmap nginx-cofnig --from-literal=nginx_port=80 --from-literal=server_name=myapp.kfree.com
    $ kubectl get cm
    NAME       DATA   AGE
    nginx-config   2     2s
    $ kubectl describe cm nginx-config
    Name: nginx-config
    Namespace: default
    Labels: <none>
    Annotations: <none>
    
    Data
    ====
    nginx_port:
    ----
    80
    server_name:
    ----
    myapp.kfree.com
    Events: <none>

    文件方式创建configmap

    $ vim www.conf
      server {
        server_name myapp.kfree.com;
        listen    80;
        root    /data/web/html/;
      }
    $ kubectl create configmap nginx-www --from-file=./www.conf
    $ kubectl get cm
    NAME     DATA     AGE
    nginx-www   1      41s
    $ kubectl describe cm nginx-www
    Name: nginx-www
    Namespace: default
    Labels: <none>
    Annotations: <none>
    
    Data
    ====
    www.conf(键):
    ----
    (值)
    server {
      server_name myapp.kfree.com;
      listen 80;
      root /data/web/html/;
    }
    
    Events: <none>

    将定义好的configmap注入到Pod,定义Pod,只在创建时有效,后续更改无法实时更新。

    $ vim pod-cm-1.yaml
      apiVersion: v1
      kind: Pod
      metadata:
        name: pod-cm-1
        namespace: default
      spec:
        containers:
        - name: myapp
          image: ikubernetes/myapp:v1
          imagePullPolicy: IfNotPresent
          ports:
          - name: http
            containerPort: 80
          env:
          - name: NGINX_SERVER_PORT
            valueFrom:
              configMapKeyRef:
                name: nginx-config
                key: nginx_port
          - name: NGINX_SERVER_NAME
            valueFrom:
              configMapKeyRef:
              name: nginx-config
              key: server_name
    $ kubectl apply -f pod-cm-1.yaml
    $ kubectl exec pod-cm-1 -- env 
    ....
    NGINX_SERVER_PORT=80
    NGINX_SERVER_NAME=myapp.kfree.com
    ....

    将手动撰写的configmap转成文件放入pod(实则就是将创建好的configmap挂载到Pod中)

    键名: 文件名
    键值: 文件内容

    $ vim pod-cm-2.yaml
      apiVersion: v1
      kind: Pod
      metadata:
        name: pod-cm-2
        namespace: default
      spec:
        containers:
        - name: pod-cm-2
          image: ikubernetes/myapp:v1
          imagePullPolicy: IfNotPresent
          ports:
          - name: http
            containerPort: 80
          volumeMounts:
          - name: nginxconf
            mountPath: /etc/nginx/conf.d/
            readonly: true
        volumes:
        - name: nginxconf
          configMap:
            name: nginx-www
    $ kubectl apply -f pod-cm-2.yaml
    $ kubectl exec pod-cm-2 -- ls /etc/nginx/conf.d/
    www.conf
    $ kubectl exec -it pod-cm-2 -- /bin/sh
    # / mkdir -p /data/web/html/
    # / echo "hello cm nginx" > /data/web/html/index.html
    # / exit
    $ kubectl get pods -o wide
    NAME   READY STATUS RESTARTS AGE   IP   NODE NOMINATED NODE READINESS GATES
    pod-cm-2 1/1 Running 0      25m 10.244.2.144 node2 <none> <none>
    # vim /etc/hosts
    10.244.2.144 myapp.kfree.com
    # curl myapp.kfree.com
    hello cm nginx

    动态修改cm信息验证Pod可动态根据cm中的内容变化

    $ kubectl edit cm nginx-www
    ....
    nginx_port: 8080
    ....
    $ kubectl exec pod-cm-2 -- nginx -s reload
    $ curl myapp.kfree.com:8080
    hello cm nginx

    secret:

    $ kubectl create secret --help
    Usage:
      kubectl create secret [flags] [options]
    
    Available Commands:   docker
    -registry Create a secret for use with a Docker registry(docker仓库的认证信息)   generic Create a secret from a local file, directory or literal value(通用的,保存一些密码数据等.)   tls Create a TLS secret(私钥和对应证书) $ kubectl create secret generic mysql-root-password --from-literal=password=Mypass123 $ kubectl get secret NAME           TYPE                   DATA   AGE default-token-ppzsj kubernetes.io/service-account-token  3   21d mysql-root-password Opaque                    1   4s $ kubectl describe secret mysql-root-password Name: mysql-root-password Namespace: default Labels: <none> Annotations: <none> Type: Opaque Data ====(被加密了) password: 9 bytes # 将secret的配置注入到Pod中 $ vim pod-secret-1.yaml   apiVersion: v1   kind: Pod   metadata:    name: pod-secret-1    namespace: default   spec:    containers:    - name: pod-secret-1    image: ikubernetes/myapp:v1     imagePullPolicy: IfNotPresent    ports:    - name: http    containerPort: 80    env:    - name: MYSQL_ROOT_PASSWORD    valueFrom:    secretKeyRef:    name: mysql-root-password    key: password $ kubectl exec pod-secret-1 -- env .... MYSQL_ROOT_PASSWORD=Mypass1234 ....
  • 相关阅读:
    iOS中的HTTPS
    HTTPS抓包之Charles
    组件化开发的一些思考
    Xcode 调试技巧
    iOS崩溃日志分析
    iOS依赖库管理工具之Carthage
    13.类的关系总结
    12.组合(Composition)
    11.聚合(Aggregation)
    10.关联(Association)
  • 原文地址:https://www.cnblogs.com/k-free-bolg/p/13161487.html
Copyright © 2011-2022 走看看