特殊类型的存储卷:
configMap:
以变量注入的方式给Pod中的容器注入变量修改配置;
以存储卷的方式挂载到Pod中,配置文件存储在指定位置给Pod提供配置;
是明文存储数据的;
secret:
与ConfigMap功能一致,但当中的内容是以base64编码方式存储的;
Pod中的容器引用环境变量:
ConfigMap:
pods.containers.spec.env.envFrom.configMapKeyRef <Object>
ConfigMap中保存的数据都为键值模式,属于名称空间中的资源
命令行方式创建configmap
# 查看ConfigMap的定义语法 $ kubectl explain cm $ kubectl create configmap --help Usage: kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run] [options] $ kubectl create configmap nginx-cofnig --from-literal=nginx_port=80 --from-literal=server_name=myapp.kfree.com $ kubectl get cm NAME DATA AGE nginx-config 2 2s $ kubectl describe cm nginx-config Name: nginx-config Namespace: default Labels: <none> Annotations: <none> Data ==== nginx_port: ---- 80 server_name: ---- myapp.kfree.com Events: <none>
文件方式创建configmap
$ vim www.conf server { server_name myapp.kfree.com; listen 80; root /data/web/html/; } $ kubectl create configmap nginx-www --from-file=./www.conf $ kubectl get cm NAME DATA AGE nginx-www 1 41s $ kubectl describe cm nginx-www Name: nginx-www Namespace: default Labels: <none> Annotations: <none> Data ==== www.conf(键): ---- (值) server { server_name myapp.kfree.com; listen 80; root /data/web/html/; } Events: <none>
将定义好的configmap注入到Pod,定义Pod,只在创建时有效,后续更改无法实时更新。
$ vim pod-cm-1.yaml apiVersion: v1 kind: Pod metadata: name: pod-cm-1 namespace: default spec: containers: - name: myapp image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 env: - name: NGINX_SERVER_PORT valueFrom: configMapKeyRef: name: nginx-config key: nginx_port - name: NGINX_SERVER_NAME valueFrom: configMapKeyRef: name: nginx-config key: server_name $ kubectl apply -f pod-cm-1.yaml $ kubectl exec pod-cm-1 -- env .... NGINX_SERVER_PORT=80 NGINX_SERVER_NAME=myapp.kfree.com ....
将手动撰写的configmap转成文件放入pod(实则就是将创建好的configmap挂载到Pod中)
键名: 文件名
键值: 文件内容
$ vim pod-cm-2.yaml apiVersion: v1 kind: Pod metadata: name: pod-cm-2 namespace: default spec: containers: - name: pod-cm-2 image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 volumeMounts: - name: nginxconf mountPath: /etc/nginx/conf.d/ readonly: true volumes: - name: nginxconf configMap: name: nginx-www $ kubectl apply -f pod-cm-2.yaml $ kubectl exec pod-cm-2 -- ls /etc/nginx/conf.d/ www.conf $ kubectl exec -it pod-cm-2 -- /bin/sh # / mkdir -p /data/web/html/ # / echo "hello cm nginx" > /data/web/html/index.html # / exit $ kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod-cm-2 1/1 Running 0 25m 10.244.2.144 node2 <none> <none> # vim /etc/hosts 10.244.2.144 myapp.kfree.com # curl myapp.kfree.com hello cm nginx
动态修改cm信息验证Pod可动态根据cm中的内容变化
$ kubectl edit cm nginx-www .... nginx_port: 8080 .... $ kubectl exec pod-cm-2 -- nginx -s reload $ curl myapp.kfree.com:8080 hello cm nginx
secret:
$ kubectl create secret --help Usage: kubectl create secret [flags] [options]
Available Commands: docker-registry Create a secret for use with a Docker registry(docker仓库的认证信息) generic Create a secret from a local file, directory or literal value(通用的,保存一些密码数据等.) tls Create a TLS secret(私钥和对应证书) $ kubectl create secret generic mysql-root-password --from-literal=password=Mypass123 $ kubectl get secret NAME TYPE DATA AGE default-token-ppzsj kubernetes.io/service-account-token 3 21d mysql-root-password Opaque 1 4s $ kubectl describe secret mysql-root-password Name: mysql-root-password Namespace: default Labels: <none> Annotations: <none> Type: Opaque Data ====(被加密了) password: 9 bytes # 将secret的配置注入到Pod中 $ vim pod-secret-1.yaml apiVersion: v1 kind: Pod metadata: name: pod-secret-1 namespace: default spec: containers: - name: pod-secret-1 image: ikubernetes/myapp:v1 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 env: - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-root-password key: password $ kubectl exec pod-secret-1 -- env .... MYSQL_ROOT_PASSWORD=Mypass1234 ....