视频来源:B站《(2022版)最新、最全、最详细的Kubernetes(K8s)教程,从K8s安装到实战一套搞定》
一边学习一边整理老师的课程内容及试验笔记,并与大家分享,侵权即删,谢谢支持!
附上汇总贴:(2022版)一套教程搞定k8s安装到实战 | 汇总_COCOgsta的博客-CSDN博客
Secret用来保存敏感信息的,比如密码、令牌或者key、Redis、MySQL密码。
Secret介绍地址:kubernetes.io/docs/concep…
$ * \ 特殊字符单引号无需转义
ImagePullSecret:Pod拉取私有镜像仓库时使用的账号密码,里面的帐号信息,会传递给kubelet,然后kubelet就可以拉去有密码的仓库里面的镜像。
创建一个docker registry的secret
[root@k8s-master-lb ~]# kubectl create secret docker-registry docker-secret2 --docker-server=hub.docker.com --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
secret/docker-secret2 created
复制代码test-env-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
nodeName: k8s-node01
imagePullSecrets:
- name: docker-secret2
containers:
- name: test-container
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "-c", "sleep 3600" ]
volumeMounts:
- name: config-volume
mountPath: /mnt
envFrom:
- configMapRef:
name: special-config
env:
# Define the environment variable
# - name: SPECIAL_LEVEL_KEY
# valueFrom:
# configMapKeyRef:
# # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
# name: special-config
# # Specify the key associated with the value
# key: special.how
- name: test
value: test-value
- name: mysqlHostAddress
value: 10.10.10.10
- name: mysqlPort
value: "3306" # only string
restartPolicy: Never
volumes:
- name: config-volume
configMap:
name: special-config
复制代码subPath解决目录覆盖的问题
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
nodeName: k8s-node01
imagePullSecrets:
- name: docker-secret2
containers:
- name: test-container
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "-c", "sleep 3600" ]
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
name: config-volume
subPath: etc/nginx/nginx.conf
envFrom:
- configMapRef:
name: special-config
env:
# Define the environment variable
# - name: SPECIAL_LEVEL_KEY
# valueFrom:
# configMapKeyRef:
# # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
# name: special-config
# # Specify the key associated with the value
# key: special.how
- name: test
value: test-value
- name: mysqlHostAddress
value: 10.10.10.10
- name: mysqlPort
value: "3306" # only string
restartPolicy: Never
volumes:
- configMap:
defaultMode: 420
items:
- key: nginx.conf
path: etc/nginx/nginx.conf
name: nginx-conf
name: config-volume
复制代码ConfigMap和Secret如果是以subPath的形式挂载的,那么Pod是不会感知到ConfigMap和Secret的更新的。
如果Pod的变量来自于ConfigMap和Secret中定义的内容,那么ConfigMap和Secret更新后,也不会更新Pod中的变量。
解决办法
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
nodeName: k8s-node01
imagePullSecrets:
- name: docker-secret2
containers:
- name: test-container
image: busybox:1.28
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "-c", "sleep 3600" ]
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
name: config-volume
subPath: etc/nginx/nginx.conf
- mountPath: /mnt/
name: config-volume-non-subpath
envFrom:
- configMapRef:
name: special-config
env:
# Define the environment variable
# - name: SPECIAL_LEVEL_KEY
# valueFrom:
# configMapKeyRef:
# # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
# name: special-config
# # Specify the key associated with the value
# key: special.how
- name: test
value: test-value
- name: mysqlHostAddress
value: 10.10.10.10
- name: mysqlPort
value: "3306" # only string
restartPolicy: Never
volumes:
- configMap:
defaultMode: 420
items:
- key: nginx.conf
path: etc/nginx/nginx.conf
name: nginx-conf
name: config-volume
- configMap:
defaultMode: 420
name: nginx-conf
name: config-volume-non-subpath
复制代码postStart:容器启动之前执行的命令
preStop:容器停止之前执行的命令
热更新ConfigMap或Secret:
kubectl create cm nginx-conf --from-file=nginx.conf --dry-run -oyaml | kubectl replace -f-
复制代码immutable:在ConfigMap和Secret的最后加上如下内容,则不再可以edit该ConfigMap或Secret
5万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
