配置 Pod 使用投射卷作存储
使用本地文件来创建用户名和密码 Secret, 然后创建运行一个容器的 Pod, 该 Pod 使用projected 卷将 Secret 挂载到相同的路径下。
一、为 Pod 配置投射卷
pod的yaml文件内容如下:
[root@master k8s]# cat deployment_voluments.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-projected-volume
spec:
containers:
- name: test-projected-volume
image: busybox:1.28
args:
- sleep
- "86400"
volumeMounts:
- name: all-in-one
mountPath: "/projected-volume"
readOnly: true
volumes:
- name: all-in-one
projected:
sources:
- secret:
name: user
- secret:
name: pass
创建 Secret:
# 创建包含用户名和密码的文件:
[root@master k8s]#echo -n "admin" > ./username.txt
[root@master k8s]#echo -n "1f2d1e2e67df" > ./password.txt
# 在 Secret 中引用上述文件
[root@master k8s]# kubectl create secret generic user --from-file=./username.txt
secret/user created
[root@master k8s]# kubectl create secret generic pass --from-file=./password.txt
secret/pass created
创建 Pod:
[root@master k8s]# kubectl apply -f deployment_voluments.yaml
pod/test-projected-volume created
确认 Pod 中的容器运行正常,然后监视 Pod 的变化:
[root@master k8s]# kubectl get pod test-projected-volume
NAME READY STATUS RESTARTS AGE
test-projected-volume 0/1 ContainerCreating 0 22s
[root@master k8s]# kubectl get pod test-projected-volume
NAME READY STATUS RESTARTS AGE
test-projected-volume 1/1 Running 0 68s
打开容器的 shell:
[root@master k8s]# kubectl exec -it test-projected-volume -- /bin/sh
/ # ls
bin etc proc root tmp var
dev home projected-volume sys usr
/ # cd projected-volume/
/projected-volume # ls
password.txt username.txt
可以看到已有投射源projected-volume。
二、清理 Pod 和 Secret
删除 Pod 和 Secret:
[root@master k8s]# kubectl delete pod test-projected-volume
pod "test-projected-volume" deleted
[root@master k8s]# kubectl delete secret user pass
secret "user" deleted
secret "pass" deleted
通过指令查看,已经删除成功:
[root@master k8s]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-6f48556457-gbvfp 1/1 Running 1 17d