k8s中配置存储ConfigMap和Secret
ConfigMap
ConfigMap是一种比较特殊的存储卷,它的主要作用是用来存储配置信息的。
Secret
在kubernetes中,还存在一种和ConfigMap非常类似的对象,称为Secret对象。它主要用于存储敏感信息,例如密码、秘钥、证书等等。
创建configmap
1. 先创建username.txt ,password.txt 文件,输入对应用户名和密码信息
[root@k8s-master1 ConfigMap_secret]# cat username.txt
xm
[root@k8s-master1 ConfigMap_secret]# cat
123456
2. 使用kubectl命令导出yaml文件
[root@k8s-master1 ConfigMap_secret]# kubectl create configmap configmap -n my-ns-xmcc --from-file=username.txt --from-file=password.txt --dry-run -o yaml > configmap.yaml
[root@k8s-master1 ConfigMap_secret]# cat configmap.yaml
apiVersion: v1
data:
password.txt: |
123456
username.txt: |
xm
kind: ConfigMap
metadata:
creationTimestamp: null
name: configmap1
namespace: my-ns-xmcc
#使用此配置文件创建configmap
[root@k8s-master1 ConfigMap_secret]# kubectl apply -f configmap.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
configmap/configmap configured
[root@k8s-master1 ConfigMap_secret]# kubectl get cm -n my-ns-xmcc
NAME DATA AGE
configmap 1 3m3s
# 查看configmap详情
[root@k8s-master1 ConfigMap_secret]# kubectl describe cm configmap -n my-ns-xmcc
Name: configmap
Namespace: my-ns-xmcc
Labels: <none>
Annotations: <none>
Data
====
info:
----
username: xm
password: 123456
Events: <none>3. 接下来创建一个deployment,将上面创建的configmap挂载进pod中
先用命令导出yaml文件
[root@k8s-master1 ConfigMap_secret]# kubectl create deploy deploy-xmcc -n my-ns-xmcc --image=centos-nginx:1.23.1 --dry-run -oyaml >> deploy.yaml
修改yaml文件,加入configmap配置信息
[root@k8s-master1 ConfigMap_secret]# cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: deploy-xmcc
name: deploy-xmcc
namespace: my-ns-xmcc
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: deploy-xmcc
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: deploy-xmcc
spec:
containers:
- image: centos-nginx:1.23.1
imagePullPolicy: IfNotPresent
name: centos-nginx
resources: {}
volumeMounts: #configmap挂载上去
- name: config
mountPath: /configmap/config
volumes:
- name: config
configMap:
name: configmap
dnsPolicy: ClusterFirst
restartPolicy: Always
#使用配置文件创建deployment
[root@k8s-master1 ConfigMap_secret]# kubectl apply -f deploy.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
#查询资源
[root@k8s-master1 ConfigMap_secret]# kubectl get all -n my-ns-xmcc
NAME READY STATUS RESTARTS AGE
pod/deploy-xmcc-7b49c87f8-zg6sp 1/1 Running 0 57s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deploy-xmcc 1/1 1 1 7m44s
NAME DESIRED CURRENT READY AGE
replicaset.apps/deploy-xmcc-5d64d5c64d 0 0 0 7m44s
replicaset.apps/deploy-xmcc-7b49c87f8 1 1 1 57s
#进入容器
[root@k8s-master1 ConfigMap_secret]# kubectl exec -it -n my-ns-xmcc deploy-xmcc-7b49c87f8-zg6sp /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@deploy-xmcc-7b49c87f8-zg6sp /]# cd /configmap/config/
[root@deploy-xmcc-7b49c87f8-zg6sp config]# ll
total 0
lrwxrwxrwx 1 root root 11 Sep 20 10:17 info -> ..data/info
[root@deploy-xmcc-7b49c87f8-zg6sp config]# cat info
username: xm
password: 123456
# 可以看到映射已经成功,每个configmap都映射成了一个目录
# key--->文件 value---->文件中的内容
# 此时如果更新configmap的内容, 容器中的值也会动态更新
Secret
在kubernetes中,还存在一种和ConfigMap非常类似的对象,称为Secret对象。它主要用于存储敏感信息,例如密码、秘钥、证书等等。
#首先使用base64对数据进行编码
[root@k8s-master1 ConfigMap_secret]# echo 'xm' |base64
eG0K
[root@k8s-master1 ConfigMap_secret]# echo '123456'|base64
MTIzNDU2Cg==
#解码的话,在上面命令加-d参数
[root@k8s-node1 ~]# echo eG0K | base64 -d
xm
[root@k8s-node1 ~]# echo MTIzNDU2Cg== | base64 -d
123456
#把编码存放在txt文件
[root@k8s-master1 ConfigMap_secret]# echo -n 'xm' | base64 >> username.txt
[root@k8s-master1 ConfigMap_secret]# echo -n '123456' | base64 >> password.txt
[root@k8s-master1 ConfigMap_secret]# cat username.txt
eG0=
[root@k8s-master1 ConfigMap_secret]# cat password.txt
MTIzNDU2
#使用kubectl命令创建,导出yaml文件
[root@k8s-master1 ConfigMap_secret]# kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt -n my-ns-xmcc --dry-run -o yaml >> db-user-pass-secret.yaml
#查询对应的yaml文件,可以根据需要修改
[root@k8s-master1 ConfigMap_secret]# cat db-user-pass-secret.yaml
apiVersion: v1
data:
password.txt: TVRJek5EVTIK
username.txt: ZUcwPQo=
kind: Secret
metadata:
creationTimestamp: null
name: db-user-pass
namespace: my-ns-xmcc
#修改后的yaml文件,使用yaml文件创建Secret
[root@k8s-master1 ConfigMap_secret]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret
namespace: my-ns-xmcc
type: Opaque
data:
username: eG0K
password: MTIzNDU2Cg==
# 创建secret
[root@k8s-master1 ConfigMap_secret]# kubectl create -f secret.yaml
secret/secret created
# 查看secret详情
[root@k8s-master1 ConfigMap_secret]# kubectl describe secret secret -n my-ns-xmcc
Name: secret
Namespace: my-ns-xmcc
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 7 bytes
username: 3 bytes#创建deployment,将上面创建的secret挂载进去:
[root@k8s-master1 ConfigMap_secret]# cat deploy-secret.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: deploy-xmcc-secret
name: deploy-xmcc-secret
namespace: my-ns-xmcc
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: deploy-xmcc-secret
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: deploy-xmcc-secret
spec:
containers:
- image: centos-nginx:1.23.1
imagePullPolicy: IfNotPresent
name: centos-nginx
resources: {}
volumeMounts: #挂载secret存储
- name: config
mountPath: /secret/config
volumes:
- name: config
secret:
secretName: secret
dnsPolicy: ClusterFirst
restartPolicy: Always
#创建deploy资源
[root@k8s-master1 ConfigMap_secret]# kubectl create -f deploy-secret.yaml
deployment.apps/deploy-xmcc-secret created
#查询资源
[root@k8s-master1 ConfigMap_secret]# kubectl get all -n my-ns-xmcc
NAME READY STATUS RESTARTS AGE
pod/deploy-xmcc-7b49c87f8-zg6sp 1/1 Running 0 5h51m
pod/deploy-xmcc-secret-54554c554f-gpwx7 1/1 Running 0 19s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/deploy-xmcc 1/1 1 1 5h58m
deployment.apps/deploy-xmcc-secret 1/1 1 1 19s
NAME DESIRED CURRENT READY AGE
replicaset.apps/deploy-xmcc-5d64d5c64d 0 0 0 5h58m
replicaset.apps/deploy-xmcc-7b49c87f8 1 1 1 5h51m
replicaset.apps/deploy-xmcc-secret-54554c554f 1 1 1 19s
#进入容器,查看secret信息,发现已经自动解码了
[root@k8s-master1 ConfigMap_secret]# kubectl exec -it -n my-ns-xmcc deploy-xmcc-secret-54554c554f-gpwx7 /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@deploy-xmcc-secret-54554c554f-gpwx7 /]# cd /secret/config/
[root@deploy-xmcc-secret-54554c554f-gpwx7 config]# ll
total 0
lrwxrwxrwx 1 root root 15 Sep 20 16:08 password -> ..data/password
lrwxrwxrwx 1 root root 15 Sep 20 16:08 username -> ..data/username
[root@deploy-xmcc-secret-54554c554f-gpwx7 config]# cat username
xm
[root@deploy-xmcc-secret-54554c554f-gpwx7 config]# cat password
123456至此,已经实现了利用secret实现了信息的编码。
