以命令行的方式创建configmap
kubectl create configmap dbconfig --from-literal=host=127.0.0.1 --from-literal=port=3306
kubectl get configmap dbconfig
kubectl describe configmaps dbconfig
以文件的形式创建configmap
创建一个host文件
kubectl create configmap dbconfig.file --from-file=host --from-file=port=host
–from-file=host
格式:–from-file=文件路径
–from-file没有定义key,创建的configmap的key是文件名称,value是文件内容。
–from-file=port=host
格式:–from-file=key名称=文件路径
以目录的形式创建configmap
创建三个文件
kubectl create configmap dbconfig.directory --from-file=/etc/yum.repos.d/yaml/configmap/
–from-file 后面跟文件夹路径,这个路径下的所有文件都会以 key=文件名称,value=文件内容的形式创建。
kubectl describe configmaps dbconfig.directory
kubectl get configmaps -owide
以yaml文件的形式创建configmap
创建一个configmap.yaml文件
kubectl create -f configmap.yaml
apiVersion: v1
data:
host: 127.0.0.1
port: "3306"
username: root
password: "123"
kind: ConfigMap
metadata:
creationTimestamp: null
name: configmap.yaml
Pod从configmap获取key-value
vim envFromConfigmap.yaml
kubectl apply -f envFromConfigmap.yaml
apiVersion: v1
kind: Pod
metadata:
name: env.from.configmap
spec:
containers:
- name: test-container
image: busybox
command: [ "/bin/sh", "-c", "echo $(USERNAME) $(PASSWORD)" ]
env:
- name: USERNAME
valueFrom:
configMapKeyRef:
name: configmap.yaml
key: username
- name: PASSWORD
valueFrom:
configMapKeyRef:
name: configmap.yaml
key: password
restartPolicy: Never
Pod从名称是configmap.yaml的ConfigMap中获取key=username和key=password的值,然后打印输出。
kubectl logs env.from.configmap
查看pod的日志
Secret
kubectl describe pod nfs-client-provisioner-699b6c8d99-ft28k
查看一个Pod的详细信息。关注serviceaccount和ConfigMapName
kubectl describe configmaps kube-root-ca.crt
kubectl exec -it nfs-client-provisioner-699b6c8d99-ft28k – sh
进入容器的/var/run/secrets/kubernetes.io/serviceaccount目录查看认证信息。
kubectl get secrets
kubectl describe secrets nfs-provisioner-token-tx6zf
以命令的形式创建secret
kubectl create secret generic secret.command --from-literal=username=admin --from-literal=password=123
kubectl get secrets
kubectl describe secrets secret.command
以yaml文件的形式创建secret
echo -n ‘admin’ | base64
echo -n ‘123’ | base64
用户名和密码进行base64加密
echo -n ‘MTIz’ | base64 --decode
base64解密
创建secret.yaml文件
kubectl apply -f secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret.yaml
type: Opaque
data:
username: YWRtaW4=
password: MTIz
Pod从Secret和ConfigMap获取key-value
vim envFromSecret.yaml
kubectl apply -f envFromSecret.yaml
apiVersion: v1
kind: Pod
metadata:
name: env.from.secret
spec:
containers:
- name: secret-container
image: nginx
command: [ "/bin/sh", "-c", "echo $(SECRET_USERNAME) $(SECRET_PASSWORD)" ]
env:
- name: SECRET_USERNAME
valueFrom:
configMapKeyRef:
name: configmap.yaml
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: secret.yaml
key: password
Pod从名称是configmap.yaml的ConfigMap中获取key=username的值和从名称是secret.yaml的Secret中获取key=password的值,然后打印输出。
kubectl logs env.from.secret
查看pod的日志
以envfrom的方式获取ConfigMap和Secret
vim envFrom.yaml
kubectl apply -f envFrom.yaml
apiVersion: v1
kind: Pod
metadata:
name: envfrom
spec:
containers:
- name: test-container
image: busybox
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- configMapRef:
name: configmap.yaml
- secretRef:
name: secret.yaml
restartPolicy: Never
获取名称是configmap.yaml的ConfigMap和名称是secret.yaml的Secret的全部配置信息,然后打印输出。
将ConfigMap和Secret挂载到Volume
vim configMapAndSecretFromVolumn.yaml
kubectl apply -f configMapAndSecretFromVolumn.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-test-pod
labels:
name: secret-test
spec:
volumes:
- name: secret-volume
secret:
secretName: secret.yaml
- name: cm-volume
configMap:
name: configmap.yaml
containers:
- name: ssh-test-container
image: busybox
command: [ "/bin/sh", "-c", "sleep 6000" ]
volumeMounts:
- name: secret-volume
readOnly: true
mountPath: "/etc/secret-volume"
- name: cm-volume
mountPath: "/etc/cm-volume"
kubectl exec -it secret-test-pod – sh
查看configmap
查看secret
修改ConfigMap
kubectl edit configmaps configmap.yaml
添加testKey: testValue
查看ConfigMap,添加testKey生效。
再到容器中查看挂载的Volume能查询到ConfigMap新添加的key-value。