Kubernetes 1.20.5实验记录–ConfigMap & Secret
1.1 ConfigMap
1、创建ConfigMap:
四种创建方式:
(1)–from-literal:
kubectl create configmap configmap --from-literal=config1=xxx --from-literal=config2=yyy
每个–from-literal对应一个信息条目
(2)–from-file:
echo -n xxx > ./config1
echo -n yyy > ./config2
kubectl create configmap configmap --from-file=./config1 --from-file=./config2
每个文件内容对应一个信息条目
(3)–from-env-file:
文件env.txt
config1=xxx
config2=yyy
kubectl create configmap configmap --from-env-file=env.txt
文件env.txt中每行Key=Value对应一个信息条目
(4)YAML配置文件:
文件configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap
data:
config1: xxx
config2: yyy
kubectl apply -f configmap.yaml
2、查看configmap:
kubectl get configmap configmap
3、查看configmap详细信息:
kubectl describe configmap configmap
4、编辑configmap密文:
kubectl edit configmap configmap
5、使用ConfigMap:
两种方式使用ConfigMap:
- vloume方式:
使用默认存放数据的文件名:
文件configmap-vloume-1-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-vloume-1-pod
spec:
containers:
- name: configmap-vloume-1-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
volumeMounts:
- name: foo
mountPath: /etc/foo
readOnly: true
volumes:
- name: foo
configMap:
name: configmap
kubectl apply -f configmap-vloume-1-pod.yaml
kubectl exec -it configmap-vloume-1-pod -- sh
cat /etc/foo/config1
cat /etc/foo/config2
kubectl delete -f configmap-vloume-1-pod.yaml
使用自定义存放数据的文件名:
文件configmap-vloume-2-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-vloume-2-pod
spec:
containers:
- name: configmap-vloume-2-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
volumeMounts:
- name: foo
mountPath: /etc/foo
readOnly: true
volumes:
- name: foo
configMap:
name: configmap
items:
- key: config1
path: config/xxx
- key: config2
path: config/yyy
kubectl apply -f configmap-vloume-2-pod.yaml
kubectl exec -it configmap-vloume-2-pod -- sh
cat /etc/foo/config/xxx
cat /etc/foo/config/yyy
kubectl delete -f configmap-vloume-2-pod.yaml
(2)env方式:
文件configmap-env-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-env-pod
spec:
containers:
- name: configmap-env-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
env:
- name: CONFIG_1
valueFrom:
configMapKeyRef:
name: configmap
key: config1
- name: CONFIG_2
valueFrom:
configMapKeyRef:
name: configmap
key: config2
kubectl apply -f configmap-env-pod.yaml
kubectl exec -it configmap-env-pod -- sh
echo $CONFIG_1
echo $CONFIG_2
kubectl delete -f configmap-env-pod.yaml
6、删除configmap:
kubectl delete configmap configmap
1.2 Secret
1、创建Secret:
四种方式创建Secret:
(1)–from-literal:
kubectl create secret generic secret --from-literal=username=admin --from-literal=password=123456
每个–from-literal对应一个信息条目
(2)–from-file:
echo -n admin > ./username
echo -n 123456 > ./password
kubectl create secret generic secret --from-file=./username --from-file=./password
每个文件内容对应一个信息条目
(3)–from-env-file:
文件env.txt
username=admin
password=123456
kubectl create secret generic secret --from-env-file=env.txt
文件env.txt中每行Key=Value对应一个信息条目
(4)YAML配置文件:
通过base64将Value编码:
echo -n admin | base64
echo -n 123456 | base64
文件secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret
data:
username: YWRtaW4=
password: MTIzNDU2
kubectl apply -f secret.yaml
2、查看Secret:
kubectl get secret secret
3、查看Secret详细信息:
kubectl describe secret secret
4、编辑Secret密文:
kubectl edit secret secret
通过base64将Value反编码:
echo -n YWRtaW4= | base64 --decode
echo -n MTIzNDU2 | base64 --decode
5、使用Secret:
两种方式使用Secret:
(1)vloume方式:
文件secret-volume-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-volume-pod
spec:
containers:
- name: secret-volume-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
volumeMounts:
- name: foo
mountPath: /etc/foo
readOnly: true
volumes:
- name: foo
secret:
secretName: secret
kubectl apply -f secret-volume-pod.yaml
kubectl exec -it secret-volume-pod -- sh
cat /etc/foo/username
cat /etc/foo/password
kubectl delete -f secret-volume-pod.yaml
(2)env方式:
文件secret-env-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: secret-env-pod
image: busybox
args:
- /bin/sh
- -c
- sleep 3000
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: secret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: secret
key: password
kubectl apply -f secret-env-pod.yaml
kubectl exec -it secret-env-pod -- sh
echo $SECRET_USERNAME
echo $SECRET_PASSWORD
kubectl delete -f secret-env-pod.yaml
6、删除secret:
kubectl delete secret secret