k8s 的configmap与Secret

命令行指定方式创建

?

1 2	[root@master vml]# kubectl create configmap nginx --from-literal=nginx_port=80 --from-literal=server_name=www.chenxi.com configmap/nginx created

　　查看

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

[root@master vml]# kubectl get configmap NAME        DATA   AGE nginx       2      15s ui-config   1      37d [root@master vml]# kubectl  describe configmap nginx Name:         nginx Namespace:    default Labels:       <none> Annotations:  <none>   Data ==== nginx_port: ---- 80 server_name: ---- www.chenxi.com Events:  <none>

　　命令行已指定文件方式创建

?

1 2	[root@master vml]# kubectl create configmap www.nginx.conf --from-file=./www.conf configmap/www.nginx.conf created

　　查看

?

1 2 3 4 5

[root@master vml]# kubectl get configmap NAME             DATA   AGE nginx            2      35m ui-config        1      37d www.nginx.conf   1      2m14s

　　编写pod文件：这个方式不能实时更新 

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

[root@master vml]# cat pod.yaml apiVersion: v1 kind: Pod metadata:   name: pod-demo   namespace: default   labels:     app: myapp     tier: frontend spec:   containers:   - name: myapp     image: ikubernetes/myapp:v1     ports:     - name: http       containerPort: 80     - name: https       containerPort: 443     env:     - name: NGINX       valueFrom:         configMapKeyRef:           name:  nginx            key: nginx_port           optional:

　　启动

?

1 2 3 4 5 6

[root@master vml]# kubectl apply -f pod.yaml pod/pod-demo created [root@master vml]# kubectl exec -it pod-demo -- /bin/sh / # echo $NGINX 80 / # exit

　　与存储卷的方式挂载

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

[root@master vml]# cat pod.yaml apiVersion: v1 kind: Pod metadata:   name: pod-demo   namespace: default   labels:     app: myapp     tier: frontend spec:   containers:   - name: myapp     image: ikubernetes/myapp:v1     ports:     - name: http       containerPort: 80     - name: https       containerPort: 443     volumeMounts:     - name: nginx       mountPath: /chenxi       readOnly: true   volumes:   - name: nginx     configMap:       name: www.nginx.conf [root@master vml]# kubectl exec -it pod-demo -- /bin/sh / # ls /chenxi www.conf / # ls /chenxi/www.conf /chenxi/www.conf / # cat /chenxi/www.conf server {   server_name www.chenxi.com;   listen 80;   root /data/www/html; }

　　使用edit在线修改configMap内容

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

[root@master vml]# kubectl edit configMap www.nginx.conf   # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data:   www.conf: |+     server {       server_name www.chenxi.com;       listen 9090;       root /data/www/html;     }   kind: ConfigMap metadata:   creationTimestamp: "2020-04-27T02:58:24Z"   name: www.nginx.conf   namespace: default   resourceVersion: "8747971"   selfLink: /api/v1/namespaces/default/configmaps/www.nginx.conf   uid: 5a958a9e-31f6-453c-9379-42bde7a21200 configmap/www.nginx.conf edited  ---表示修改成功 [root@master vml]# kubectl exec -it pod-demo -- /bin/sh / # cat /chenxi/www.conf  会有一定延迟 server {   server_name www.chenxi.com;   listen 80;   root /data/www/html; }   / # cat /chenxi/www.conf 再次查看 server {   server_name www.chenxi.com;   listen 9090;  修改成功   root /data/www/html; }

　　如果存在多个文件如何只挂在一个文件

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

[root@master vml]# kubectl explain pods.spec.volumes.configMap. KIND:     Pod VERSION:  v1   RESOURCE: configMap <Object>   DESCRIPTION:      ConfigMap represents a configMap that should populate this volume        Adapts a ConfigMap into a volume. The contents of the target ConfigMap's      Data field will be presented in a volume as files using the keys in the      Data field as the file names, unless the items element is populated with      specific mappings of keys to paths. ConfigMap volumes support ownership      management and SELinux relabeling.   FIELDS:    defaultMode  <integer>      Optional: mode bits to use on created files by default. Must be a value      between 0 and 0777. Defaults to 0644. Directories within the path are not      affected by this setting. This might be in conflict with other options that      affect the file mode, like fsGroup, and the result can be other mode bits      set.      items    <[]Object>  ---给定指定挂载的文件列表      If unspecified, each key-value pair in the Data field of the referenced      ConfigMap will be projected into the volume as a file whose name is the key      and content is the value. If specified, the listed keys will be projected      into the specified paths, and unlisted keys will not be present. If a key      is specified which is not present in the ConfigMap, the volume setup will      error unless it is marked optional. Paths must be relative and may not      contain the '..' path or start with '..'.      name <string>      Name of the referent. More info:      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names      optional <boolean>      Specify whether the ConfigMap or its keys must be defined

　　secret 投射数据卷的介绍

?

1 2 3 4 5 6 7 8 9 10 11 12 13

[root@master vml]# kubectl create secret --help Create a secret using specified subcommand.   Available Commands:   docker-registry 创建一个给 Docker registry 使用的 secret   generic         从本地 file, directory 或者 literal value 创建一个 secret   tls             创建一个 TLS secret   Usage:   kubectl create secret [flags] [options]   Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands)