k8s环境变量创建方式有两种:secret方式和configmap方式
目录
1.secret方式
1.1 创建方式:4种
1.1.1:--from-literal
[root@master secret]# kubectl create secret generic mysecret1 --from-literal=username=root --from-literal=pasword=123.com
1.1.2:from-file
[root@master secret]# echo root > username
[root@master secret]# echo 123.com > password
[root@master secret]# kubectl create secret generic mysecret2 --from-file=username --from-file=password
1.1.3:from- env-file
[root@master secret]#vim env.txt
username=root
password=123.com
[root@master secret]# kubectl create secret generic mysecret3 --from-env-file=env.txt
1.1.4:yaml配置文件
[root@master secret]# echo root | base64
cm9vdAo=
[root@master secret]# echo 123.com | base64
MTIzLmNvbQo=
[root@master secret]# vim secret4.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret4
data:
username: cm9vdAo=
password: MTIzLmNvbQo=
[root@master secret]# kubectl apply -f secret4.yaml
1.2使用方式:2种
1.2.1:环境变量方式--不会实时更新
[root@master secret]# vim pod-env.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod2
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret2
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret2
key: password
[root@master secret]# kubectl apply -f pod-env.yaml
[root@master secret]# kubectl get pod
[root@master secret]# kubectl exec -it mypod2 /bin/sh
/ # echo $SECRET_USERNAME
root
/ # echo $SECRET_PASSWORD
123.com
[root@master yaml]# kubectl edit secrets mysecret2
//修改保存文件的内容
[root@master secret]# kubectl exec -it mypod2 /bin/sh
/ # echo $SECRET_USERNAME
root
/ # echo $SECRET_PASSWORD
123.com
1.2.2:volumes挂载方式--实时更新
[root@master secret]# vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
volumeMounts:
- name: secret-test
mountPath: "/etc/secret-test" #pod中的路径
readOnly: true #是否只读
volumes:
- name: secret-test
secret:
secretName: mysecret1
[root@master secret]# kubectl apply -f pod.yaml
[root@master secret]# kubectl exec -it mypod /bin/sh
/ # cd /etc/secret-test/
/etc/secret-test # ls
pasword username
##1.1 自定义存放数据的文件名的yaml文件
[root@master yaml]# vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
volumeMounts:
- name: secret-test
mountPath: "/etc/secret-test" #pod中的路径
readOnly: true #是否只读
volumes:
- name: secret-test
secret:
secretName: mysecret1
items:
- key: username
path: my-group/my-username #自定义的容器中的目录
- key: password
path: my-group/my-password #自定义的容器中的目录
[root@master secret]# kubectl exec -it mypod /bin/sh
//进入容器查看
cat /etc/secret-test/my-group/my-password
123.com
cat /etc/secret-test/my-group/my-username
root
2.ConfigMap
2.1 创建方式:4种
2.1.1:--from-literal
[root@master yaml]# kubectl create configmap myconfigmap1 --from-literal=username=adam --from-literal=age=18
[root@master yaml]# kubectl get cm
2.1.2:from-file
[root@master yaml]# echo adam > username
[root@master yaml]# echo 18 > age
[root@master yaml]# kubectl create configmap myconfigmap2 --from-file=username --from-file=age
2.1.3:from- env-file
[root@master yaml]# vim env.txt
username=adam
age=18
[root@master yaml]# kubectl create configmap myconfigmap3 --from-env-file=env.txt
2.1.4:yaml配置文件
[root@master yaml]# vim configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap4
data:
username: 'adam'
age: '18'
[root@master yaml]# kubectl apply -f configmap.yaml
[root@master yaml]# kubectl describe cm
2.2使用方式:2种
2.2.1:环境变量方式--不会实时更新
[root@master configmap]# vim e-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod2
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
env:
- name: CONFIGMAP_NAME
valueFrom:
configMapKeyRef:
name: myconfigmap2
key: username
- name: CONFIGMAP_AGE
valueFrom:
configMapKeyRef:
name: myconfigmap2
key: age
[root@master configmap]# kubectl apply -f e-pod.yaml
[root@master configmap]# kubectl exec -it pod2 /bin/sh
//进入容器查看一下
> echo $CONFIGMAP_NAME
adam
> echo $CONFIGMAP_AGE
18
[root@master configmap]# kubectl edit cm myconfigmap2
//修改保存文件的内容
[root@master configmap]# kubectl exec -it pod2 /bin/sh
//进入容器查看一下
> echo $CONFIGMAP_NAME
adam
> echo $CONFIGMAP_AGE
18
2.2.2:volumes挂载方式--实时更新
[root@master yaml]# vim v-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
volumeMounts:
- name: cmp-test
mountPath: "/etc/cmp-test"
readOnly: true
volumes:
- name: cmp-test
configMap:
name: myconfigmap1
[root@master configmap]# kubectl apply -f v-pod.yaml
[root@master configmap]# kubectl exec -it pod1 /bin/sh
//进入容器查看一下
> cat /etc/cmp-test/age
18/
> cat /etc/cmp-test/username
adam/
[root@master configmap]# vim v-pod2.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod3
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 300000
volumeMounts:
- name: cmp-test
mountPath: "/etc/cmp-test"
readOnly: true
volumes:
- name: cmp-test
configMap:
name: myconfigmap1
items:
- key: username
path: my-group/my-username #自定义的容器中的目录
- key: age
path: my-group/my-age #自定义的容器中的目录
[root@master configmap]# kubectl apply -f v-pod2.yaml
[root@master configmap]# kubectl exec -it pod3 /bin/sh
//进入容器查看
> cat /etc/cmp-test/my-group/my-username
adam/
> cat /etc/cmp-test/my-group/my-age
18/
[root@master configmap]# kubectl edit cm myconfigmap1
[root@master configmap]# kubectl exec -it pod3 /bin/sh
//进入容器查看
> cat /etc/cmp-test/my-group/my-username
adam/
> cat /etc/cmp-test/my-group/my-age
10
3.总结
3.1 Secret 与 ConfigMap 对比
3.1.1相同点:
key/value的形式
属于某个特定的namespace
可以导出到环境变量
可以通过目录/文件形式挂载
通过 volume 挂载的配置信息均可热更新
3.1.2不同点
Secret 可以被 ServerAccount 关联
Secret 可以存储 docker register 的鉴权信息,用在 ImagePullSecret 参数中,用于拉取私有仓库的镜像
Secret 支持 Base64 加密
Secret 分为 kubernetes.io/service-account-token、kubernetes.io/dockerconfigjson、Opaque 三种类型,而 Configmap 不区分类型
3.2 使用方式volumes挂载和环境变量对比
volumes挂载:可根据更改数据实时更新,能热更新
环境变量:不能实时更新