k8s学习笔记-ConfigMap和Secret

k8s学习笔记-ConfigMap和Secret

ConfigMap：方便将配置文件与镜像（image）分离，以保障容器化应用程序的可移植性。

mysql：username：张三 username：李四

Secret：对象允许存储和管理敏感信息，比如密码，OAuth令牌和ssh秘钥。将此数据放入在secret里面。然后通过pod读取这样会更加安全灵活。

配置configMap

apiVersion: v1kind: ConfigMapmetadata: name:test-configdata: username: zhangsan password: yuanke username: lisi

[root@master demo]# vi configMap.yaml apiVersion: v1 kind: ConfigMap metadata: name: test-config data: username: zhangsan password: yuanke username: lisi[root@master demo]# kubectl create -f configMap.yamlconfigmap/test-config created[root@master demo]# vi configMap.yaml[root@master demo]# kubectl get configMapsNAME DATA AGEtest-config 2 45s[root@master demo]# kubectl describe configmaps test-configName: test-configNamespace: defaultLabels: Annotations: Data====password:----yuankeusername:----lisiEvents:

使用configMap

vi test-configMap-env-pod

apiVersion: v1kind: Podmetadata: name: test-configmap-env-podspec: containers: - name: test-container image: radial/busyboxplus imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","sleep 1000000"] envFrom: - configMapRef: name: test-config

[root@master demo]# kubectl create -f test-configMap-env-podpod/test-configmap-env-pod created[root@master demo]# kubectl get podNAME READY STATUS RESTARTS AGEtest-configmap-env-pod 1/1 Running 0 42s[root@master demo]# kubectl exec -it test-configmap-env-pod -- envPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=test-configmap-env-podTERM=xtermusername=lisipassword=yuanke

环境变量的另一种方式

apiVersion: v1kind: Podmetadata: name: test-configmap-env-podspec: containers: - name: test-container image: radial/busyboxplus imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","echo ${MYSQLUSER} ${MYSQLPASSWD};sleep 1000000"] env: - name: MYSQLUSER valueFrom: configMapKeyRef: name: test-config key: username - name: MYSQLPASSWD valueFrom: configMapKeyRef: name: test-config key: password

[root@master demo]# kubectl delete -f test-configMap-env-podpod "test-configmap-env-pod" deleted[root@master demo]# kubectl create -f test-configMap-env-podpod/test-configmap-env-pod created[root@master demo]# kubectl get podNAME READY STATUS RESTARTS AGEpc-job-xtn4s 0/1 Completed 0 13dtest-configmap-env-pod 1/1 Running 0 5s[root@master demo]# kubectl exec -it test-configmap-env-pod -- envPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=test-configmap-env-podTERM=xtermMYSQLUSER=lisiMYSQLPASSWD=yuanke

手动创建SECRET

可以先以 json 或 yaml 格式在文件中创建一个 secret 对象，然后创建该对象。

每一项必须是 base64 编码：

$ echo -n "admin" | base64YWRtaW4=$ echo -n "1f2d1e2e67df" | base64MWYyZDFlMmU2N2Rm

解密

echo 'YWRtaW4=' | base64 --decode返回admin

vi secret-env.yaml

apiVersion: v1kind: Secretmetadata: name: mysecret-envtype: Opaquedata: username: YWRtaW4= password: MWYyZDFlMmU2N2Rm

kubectl get secrets

[root@master demo]# kubectl create -f secret-env.yamlsecret/mysecret-env created[root@master demo]# kubectl get secretsNAME TYPE DATA AGEdefault-token-mp2h9 kubernetes.io/service-account-token 3 21dmysecret-env Opaque 2 10stls-secret kubernetes.io/tls 2 23h

vi secret-pod-env1.yaml

apiVersion: v1kind: Podmetadata: name: envfrom-secretspec: containers: - name: test-nginx image: nginx envFrom: - secretRef: name: mysecret-env

kubectl create -f secret-pod-env1.yaml

kubectl exec -it envfrom-secret -- env

另一种引入方式

apiVersion: v1kind: Podmetadata: name: test-configmap-env-podspec: containers: - name: test-container image: radial/busyboxplus imagePullPolicy: IfNotPresent command: ["/bin/sh","-c","echo ${MYSQLUSER} ${MYSQLPASSWD};sleep 1000000"] env: - name: MYSQLUSER valueFrom: secretKeyRef: name: mysecret-env key: username - name: MYSQLPASSWD valueFrom: secretKeyRef: name: mysecret-env key: password

[root@master demo]# kubectl create -f test-secret-env-podpod/test-configmap-env-pod created[root@master demo]# kubectl get podNAME READY STATUS RESTARTS AGEdeployment-example-868795bc5b-g2x7n 1/1 Running 0 5h29mtest-configmap-env-pod 1/1 Running 0 4s[root@master demo]# kubectl exec -it test-configmap-env-pod -- envPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=test-configmap-env-podTERM=xtermMYSQLPASSWD=1f2d1e2e67dfMYSQLUSER=admin

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。