kubernetes之Secret和Configmap
创建和查询Secret
literal 播报 编辑 讨论 上传视频
literal是一个英语单词,形容词,意思是文字的;逐字的;无夸张的。 [1]
通过--from-literal创建以及查看
[machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret1 --from-literal=uername=mcw --from-literal=password=123456 secret/mcwsecret1 created [machangwei@mcwk8s-master ~]$ kubectl get secret #查看这里查看到的第一个应该是k8s自己的token用的 NAME TYPE DATA AGE default-token-9qbhw kubernetes.io/service-account-token 3 30d mcwsecret1 Opaque 2 16s [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl describe secret mcwsecret1 #查看详情 Name: mcwsecret1 Namespace: default Labels: <none> Annotations: <none> Type: Opaque Data ==== password: 6 bytes uername: 3 bytes [machangwei@mcwk8s-master ~]$ kubectl edit secret mcwsecret1 # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: password: MTIzNDU2 #可以看到用户和密码是加密后的内容 uername: bWN3 kind: Secret metadata: creationTimestamp: "2022-02-20T06:35:16Z" name: mcwsecret1 namespace: default resourceVersion: "61473" uid: f826a036-0e99-4369-9e48-9862601c96c9 type: Opaque ~ [machangwei@mcwk8s-master ~]$ echo -n bWN3|base64 --decode #虽然加密过的但是可以使用base64反编码获取到 mcw[machangwei@mcwk8s-master ~]$ echo MTIzNDU2|base64 --decode 123456[machangwei@mcwk8s-master ~]$
通过--from-file
[machangwei@mcwk8s-master ~]$ echo -n mcw>./username #-n不换行,这是怕写进换行符受到影响吗,难道 [machangwei@mcwk8s-master ~]$ echo -n 123456 >./password [machangwei@mcwk8s-master ~]$ cat username mcw[machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ cat password 123456[machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret2 --from-file=./uername --from-file=./password error: error reading ./uername: no such file or directory [machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret2 --from-file=./username --from-file=./password secret/mcwsecret2 created [machangwei@mcwk8s-master ~]$ kubectl get secret NAME TYPE DATA AGE default-token-9qbhw kubernetes.io/service-account-token 3 30d mcwsecret1 Opaque 2 12m mcwsecret2 Opaque 2 13s [machangwei@mcwk8s-master ~]$ 当文件中写入多行数据时, [machangwei@mcwk8s-master ~]$ cat username mcw mcw2 [machangwei@mcwk8s-master ~]$ cat password 123456 654321 [machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret3 --from-file=./username --from-file=./password secret/mcwsecret3 created [machangwei@mcwk8s-master ~]$ kubectl get secret NAME TYPE DATA AGE default-token-9qbhw kubernetes.io/service-account-token 3 30d mcwsecret1 Opaque 2 16m mcwsecret2 Opaque 2 4m5s mcwsecret3 Opaque 2 5s [machangwei@mcwk8s-master ~]$ kubectl edit secret mcwsecret3 # # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: password: MTIzNDU2CjY1NDMyMQo= username: bWN3Cm1jdzIK kind: Secret metadata: creationTimestamp: "2022-02-20T06:51:12Z" name: mcwsecret3 namespace: default resourceVersion: "62806" uid: fcbc860b-e9d4-407c-a586-c5630c17875d type: Opaque [machangwei@mcwk8s-master ~]$ echo bWN3Cm1jdzIK|base64 --decode #可以看到,data还是只有两个,一个文件代表一个data。而且换行和第二行都属于同个data的值 mcw mcw2 [machangwei@mcwk8s-master ~]$
通过--from-env-file,一个文件多个键值对
[machangwei@mcwk8s-master ~]$ cat << EOF >env.txt > uername=mcw > password=123456 > EOF [machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret4 --from-env-file=env.txt secret/mcwsecret4 created [machangwei@mcwk8s-master ~]$ kubectl get secret mcwsecret4 NAME TYPE DATA AGE mcwsecret4 Opaque 2 61s [machangwei@mcwk8s-master ~]$ #可以看到有两个信息条目数据
通过YAML配置文件
[machangwei@mcwk8s-master ~]$ echo -n mcw | base64 bWN3 [machangwei@mcwk8s-master ~]$ echo -n 123456 | base64 MTIzNDU2 [machangwei@mcwk8s-master ~]$ 先给需要加密的值base64加密,然后放入到配置文件中 [machangwei@mcwk8s-master ~]$ vim mcwcecret.yml [machangwei@mcwk8s-master ~]$ cat mcwcecret.yml apiVersion: v1 kind: Secret metadata: name: mcwsecret5 data: username: bWN3 password: MTIzNDU2 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwcecret.yml secret/mcwsecret5 created [machangwei@mcwk8s-master ~]$ kubectl get secret mcwsecret5 NAME TYPE DATA AGE mcwsecret5 Opaque 2 19s
在Pod中使用Secret
Volume方式
[machangwei@mcwk8s-master ~]$ echo -n mcw | base64 bWN3 [machangwei@mcwk8s-master ~]$ echo -n 123456 | base64 MTIzNDU2 [machangwei@mcwk8s-master ~]$ cat mcwcecret.yml apiVersion: v1 kind: Secret metadata: name: mysecret data: username: bWN3 password: MTIzNDU2 [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwcecret.yml secret/mysecret created [machangwei@mcwk8s-master ~]$ kubectl get secret NAME TYPE DATA AGE default-token-9qbhw kubernetes.io/service-account-token 3 30d mysecret Opaque 2 10s [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ cat mypod.yml apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: busybox args: - /bin/sh - -c - sleep 10; touch /tmp/healthy; sleep 30000 volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true volumes: - name: foo secret: secretName: mysecret [machangwei@mcwk8s-master ~]$ kubectl apply -f mypod.yml pod/mypod created [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mypod 1/1 Running 0 45s [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES mypod 1/1 Running 0 67s 10.244.2.21 mcwk8s-node2 <none> <none> [machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh #busybox的进入,可以用sh,但是bash进不去。主节点进入和docker进入类似,就是把开头命令换掉 kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # ls /etc/foo/ password username / # cat /etc/foo/username mcw/ # / # cat /etc/foo/password 123456/ # [machangwei@mcwk8s-master ~]$ 这里ctrl d退出,没啥影响
将mcwcecret.yml密码的值修改,使用base64编码编码后的值,然后重新用这个文件部署。这样secret修改了,那么使用这个volume的容器内部密码也被修改了。后面的configmap的volume方式也支持动态修改
修改添加自定义容器中存放文件的路径。使用items
[machangwei@mcwk8s-master ~]$ cat mypod.yml apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: busybox args: - /bin/sh - -c - sleep 10; touch /tmp/healthy; sleep 30000 volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true volumes: - name: foo secret: secretName: mysecret items: - key: username path: my-group/my-username - key: password path: my-group/my-password [machangwei@mcwk8s-master ~]$#挂载路径是容器中的路径,逻辑卷中定义的路径是相对路径,放到容器挂载路径下。 [machangwei@mcwk8s-master ~]$#多个文件用items.。逻辑卷定义,起个名字,供容器使用;逻辑卷使用secret, [machangwei@mcwk8s-master ~]$#使用哪个,就写到secret名字下,用items接收secret里面的data,指定每个data的文件名 [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mypod 1/1 Running 0 116s [machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # ls /etc/foo/ my-group / # ls /etc/foo/my-group/ my-password my-username / # cat /etc/foo/my-group/my-username mcw/ # / # cat /etc/foo/my-group/my-password 123456/ # / #
环境变量方式
[machangwei@mcwk8s-master ~]$ cat mypod.yml apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: busybox args: - /bin/sh - -c - sleep 10; touch /tmp/healthy; sleep 30000 env: - name: SECRET_USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: SECRET_PASSWORD valueFrom: secretKeyRef: name: mysecret key: password [machangwei@mcwk8s-master ~] #环境变量中设置。容器从环境变量获取密码。环境变量名称是什么,值来自哪里。也就是值来自secret [machangwei@mcwk8s-master ~] #,定义secretKey来自哪里,即指定secret名称,指定该secret哪个键 [machangwei@mcwk8s-master ~] #来当做这个环境变量。用secret里哪个data信息条目,就添加一个环境变量名称的配置。环境变量的配置和镜像是同级的 [machangwei@mcwk8s-master ~]$ kubectl apply -f mypod.yml pod/mypod created [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mypod 1/1 Running 0 6m23s [machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # echo $SECRET_USERNAME mcw / # echo $SECRET_PASSWORD 123456 / # env KUBERNETES_SERVICE_PORT=443 KUBERNETES_PORT=tcp://10.96.0.1:443 HOSTNAME=mypod SHLVL=1 HOME=/root SECRET_PASSWORD=123456 TERM=xterm KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin KUBERNETES_PORT_443_TCP_PORT=443 KUBERNETES_PORT_443_TCP_PROTO=tcp SECRET_USERNAME=mcw KUBERNETES_SERVICE_PORT_HTTPS=443 KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443 KUBERNETES_SERVICE_HOST=10.96.0.1 PWD=/ / #
configmap创建以及查看
通过--from-literal创建以及查看
[machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfigmap --from-literal=config1=xxx configmap/mcwconfigmap created [machangwei@mcwk8s-master ~]$ kubectl get configmap NAME DATA AGE kube-root-ca.crt 1 30d mcwconfigmap 1 11s [machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap Name: mcwconfigmap Namespace: default Labels: <none> Annotations: <none> Data ==== config1: ---- xxx BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$ kubectl edit configmap Name: mcwconfigmap Namespace: default Labels: <none> Annotations: <none> Data ==== config1: ---- xxx BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$ kubectl edit configmap #下面可以看到config1的值是什么,上面也可以看到config1的值,都在data下 # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 items: - apiVersion: v1 data: ca.crt: | -----BEGIN CERTIFICATE----- MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl cm5ldGVzMB4XDTIyMDEyMDE1MTkxNloXDTMyMDExODE1MTkxNlowFTETMBEGA1UE AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALty xsn+7/YJlyNNsNLVUuxUv/jO0ixWwTMOI4MbiLGFUlZBWb97H42RCkobxvviEOIx 7X3bAwZcPDp+E9aAbFM63l2hOa7vlTLONq3xu1GpPNRH0LOPa+fMMMYV0rk2VkRC t+pLYyhBvWlYS+JQy/0TuMJDKLmdpickcZf7zbiFSFcu4zxT75LS6DSM2KtH1z2D X7hgYfmn+nhDYFgjylvi1R1W7wdwiKANcGj9u64yOhyFj73bqi9CoGUTVGrjpGBy DqAStRLK0Li+bryabXPQcSW8PSDgQhX3KrQlFR0XUTZfh9+AxhnOzaBX/cLFcLEq XEngcnIaIE+qGBpIeMsCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFJeTO0aW15yZ8BPh0CaXuN70zaSGMBUGA1UdEQQO MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBALhuxZcU/ii/GEu30hr/ 7Gu13eoH/YhADHwr5vRFTA/jy3H1pk4kq++MH7ST3ctBunUikQKLnTg717K7BAzS 1jbf8OIJsnTyKqo/K+Gxf1vze2Msm97gfsdtLlpuDbRI8BVteRoKDZX2LhOo/yN/ 4C1u7TEXR+Fv/dmhpyV1FqWAtD0NGyGfH3x+WzYJghUVicuNsmqs1oBmWI/WxGrV SXGF/fXD8tNTS7EvXN3x51dVYb8HyPA6BCqvfEwqcoEWCrACNw6UuqY9YeT4Un9/ naEDzeg2a7xHjSxDrEA6ZQQmx2LiS8IFZ2P/61njUGBesq5X1IisdlKJ2xU4eWgt rr0= -----END CERTIFICATE----- kind: ConfigMap metadata: annotations: kubernetes.io/description: Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubernetes.default.svc. No other usage is guaranteed across distributions of Kubernetes clusters. creationTimestamp: "2022-01-20T15:20:08Z" name: kube-root-ca.crt namespace: default resourceVersion: "433" uid: c1b53c10-9103-4622-9662-3a9da59b057e - apiVersion: v1 data: config1: xxx kind: ConfigMap metadata: creationTimestamp: "2022-02-20T12:12:24Z" name: mcwconfigmap namespace: default resourceVersion: "89661" uid: 6b6164f3-e693-45fa-9063-71ba3d95391b kind: List metadata: {}
通过--from-file方式
[machangwei@mcwk8s-master ~]$ echo -n xxx >./config1 [machangwei@mcwk8s-master ~]$ echo -n yyy >./config2 [machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfig2 --from-file=./config1 --from-file=./config2 configmap/mcwconfig2 created [machangwei@mcwk8s-master ~]$ kubectl get configmap mcwconfig2 NAME DATA AGE mcwconfig2 2 24s [machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfig2 Name: mcwconfig2 Namespace: default Labels: <none> Annotations: <none> Data ==== config1: ---- xxx config2: ---- yyy BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$
通过--from-env-file方式
[machangwei@mcwk8s-master ~]$ cat << EOF >env.txt > config1=xxx > config2=yyy > EOF [machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfigmap3 --from-env-file=env.txt configmap/mcwconfigmap3 created [machangwei@mcwk8s-master ~]$ kubectl get configmap mcwconfigmap3 NAME DATA AGE mcwconfigmap3 2 19s [machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap3 Name: mcwconfigmap3 Namespace: default Labels: <none> Annotations: <none> Data ==== config1: ---- xxx config2: ---- yyy BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$
通过YAML配置文件
[machangwei@mcwk8s-master ~]$ cat mcwconfig.yml apiVersion: v1 kind: ConfigMap metadata: name: mcwconfigmap4 data: config1: xxx config2: yyy [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwconfig.yml configmap/mcwconfigmap4 created [machangwei@mcwk8s-master ~]$ kubectl get configmap mcwconfigmap4 NAME DATA AGE mcwconfigmap4 2 19s [machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap4 Name: mcwconfigmap4 Namespace: default Labels: <none> Annotations: <none> Data ==== config1: ---- xxx config2: ---- yyy BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$
在Pod中使用configmap
Volume方式
[machangwei@mcwk8s-master ~]$ cat mcwconfig.yml apiVersion: v1 kind: ConfigMap metadata: name: myconfigmap data: config1: xxx config2: yyy [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwconfig.yml configmap/myconfigmap created [machangwei@mcwk8s-master ~]$ kubectl get myconfigmap error: the server doesn't have a resource type "myconfigmap" [machangwei@mcwk8s-master ~]$ kubectl get configmap myconfigmap NAME DATA AGE myconfigmap 2 32s [machangwei@mcwk8s-master ~]$ cat configmappod.yml apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: busybox args: - /bin/sh - -c - sleep 10; touch /tmp/healthy; sleep 30000 volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true volumes: - name: foo configMap: name: myconfigmap [machangwei@mcwk8s-master ~]$ kubectl apply -f configmappod.yml pod/mypod created [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mypod 1/1 Running 0 39s [machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # ls /etc/foo/ config1 config2 / # cat /etc/foo/config1 xxx/ # / # cat /etc/foo/config2 yyy/ # / # [machangwei@mcwk8s-master ~]$
环境变量方式添加配置
[machangwei@mcwk8s-master ~]$ cat configmappod.yml apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: busybox args: - /bin/sh - -c - sleep 10; touch /tmp/healthy; sleep 30000 env: - name: CONFIG_1 valueFrom: configMapKeyRef: name: myonfigmap key: config1 - name: CONFIG_2 valueFrom: configMapKeyRef: name: myconfigmap key: config2 [machangwei@mcwk8s-master ~]$#容器配置名称,值来自哪里,来自配置键依据,配置服务名称,使用哪个键。使用环境变量添加配置 [machangwei@mcwk8s-master ~]$ kubectl apply -f configmappod.yml pod/mypod created [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mypod 1/1 Running 0 27s [machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # echo $CONFIG_1 xxx / # echo $CONFIG_2 yyy / # env KUBERNETES_SERVICE_PORT=443 KUBERNETES_PORT=tcp://10.96.0.1:443 HOSTNAME=mypod SHLVL=1 HOME=/root CONFIG_1=xxx CONFIG_2=yyy TERM=xterm KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin KUBERNETES_PORT_443_TCP_PORT=443 KUBERNETES_PORT_443_TCP_PROTO=tcp KUBERNETES_SERVICE_PORT_HTTPS=443 KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443 KUBERNETES_SERVICE_HOST=10.96.0.1 PWD=/ / # [machangwei@mcwk8s-master ~]$
--from-file方式
一般情况下,配置信息都是以文件形式提供,如下两种方式。
[machangwei@mcwk8s-master ~]$ kubectl get configmap NAME DATA AGE kube-root-ca.crt 1 30d mcwconfig2 2 107m mcwconfigmap 1 116m mcwconfigmap3 2 104m mcwconfigmap4 2 101m myconfigmap 2 55m [machangwei@mcwk8s-master ~]$ kubectl delete configmap mcwconfig2 mcwconfigmap mcwconfigmap3 myconfigmap configmap "mcwconfig2" deleted configmap "mcwconfigmap" deleted configmap "mcwconfigmap3" deleted configmap "myconfigmap" deleted [machangwei@mcwk8s-master ~]$ kubectl delete configmap mcwconfigmap4 configmap "mcwconfigmap4" deleted [machangwei@mcwk8s-master ~]$ kubectl get configmap NAME DATA AGE kube-root-ca.crt 1 30d machangwei@mcwk8s-master ~]$ cat logging.conf class: loogging.handlers.RotatingFileHandler formatter: precise level: INFO filename: %hostname-%timestamp.log [machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfig1 --from-file=./logging.conf configmap/mcwconfig1 created [machangwei@mcwk8s-master ~]$ kubectl get configmap NAME DATA AGE kube-root-ca.crt 1 30d mcwconfig1 1 11s [machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfig1 Name: mcwconfig1 Namespace: default Labels: <none> Annotations: <none> Data ==== logging.conf: #以配置文件名称作为键,每个键值对都是一个配置文件,应该一个配置服务可以弄多个配置文件 ---- class: loogging.handlers.RotatingFileHandler formatter: precise level: INFO filename: %hostname-%timestamp.log BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$
配置文件的方式供pod使用
[machangwei@mcwk8s-master ~]$ vim mcwconfig3.yml [machangwei@mcwk8s-master ~]$ cat mcwconfig3.yml apiVersion: v1 kind: ConfigMap metadata: name: mcwconfigmap2 data: logging.conf: | class: loogging.handlers.RotatingFileHandler formatter: precise level: INFO filename: %hostname-%timestamp.log [machangwei@mcwk8s-master ~]$ kubectl apply -f mcwconfig3.yml #创建配置服务 configmap/mcwconfigmap2 created [machangwei@mcwk8s-master ~]$ kubectl get configmap NAME DATA AGE kube-root-ca.crt 1 30d mcwconfig1 1 5m19s mcwconfigmap2 1 8s [machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap2 Name: mcwconfigmap2 Namespace: default Labels: <none> Annotations: <none> Data ==== logging.conf: ---- class: loogging.handlers.RotatingFileHandler formatter: precise level: INFO filename: %hostname-%timestamp.log BinaryData ==== Events: <none> [machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl get configmap NAME DATA AGE kube-root-ca.crt 1 30d mcwconfig1 1 16m mcwconfigmap2 1 11m [machangwei@mcwk8s-master ~]$ cat mypod.yml apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mypod image: busybox args: - /bin/sh - -c - sleep 10; touch /tmp/healthy; sleep 30000 volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true volumes: - name: foo configMap: name: mcwconfigmap2 items: - key: logging.conf path: myapp/logging.cof [machangwei@mcwk8s-master ~]$ kubectl apply -f mypod.yml pod/mypod created [machangwei@mcwk8s-master ~]$ kubectl get pod NAME READY STATUS RESTARTS AGE mypod 1/1 Running 0 31s [machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # ls /etc/foo/ myapp / # ls /etc/foo/myapp/ logging.cof / # cat /etc/foo/myapp/logging.cof class: loogging.handlers.RotatingFileHandler formatter: precise level: INFO filename: %hostname-%timestamp.log / # [machangwei@mcwk8s-master ~]$
参考书籍:每天5分钟玩转kubenates cloudman
