48
k8s 之 configMap-完美世界!
source link: https://blog.51cto.com/shyln/2415948
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
k8s 之 configMap
configMap 是一种快捷的修改容器内 变量的方式,由k-v组成,当修改configmap时 容器中的变量也会相应修改。
查看帮助文档
[root@node-1 ~]# kubectl explain pod.spec.containers.env.valueFrom.configMapKeyRef
[root@node-1 ~]# kubectl explain configmapconfigmap 可以直接用命令创建也可以把value保存到文件中,此时文件名为key ,文件中的内容为value.
直接用命令:
[root@node-1 ~]# kubectl create configmap --help
kubectl create configmap nginx-nc --from-literal=nginx_port=80 --from-literal=nginx_server=erick.com
查看创建的cm
[root@node-1 ~]# kubectl get cm
NAME DATA AGE
nginx-nc 2 60s
[root@node-1 cm]# kubectl get cm nginx-nc -o yaml
apiVersion: v1
data:
nginx_port: "80"
nginx_server: erick.com
kind: ConfigMap
metadata:
creationTimestamp: "2019-06-20T22:34:44Z"
name: nginx-nc
namespace: default
resourceVersion: "432545"
selfLink: /api/v1/namespaces/default/configmaps/nginx-nc
uid: 9a180b6e-93ab-11e9-b0ae-080027edb92f
[root@node-1 cm]# 把value以文件的方式存放
[root@node-1 cm]# cat www.conf
server {
server_name myapp.com;
port 80;
root /data/web/html;
}
[root@node-1 cm]# kubectl create configmap nginx-cm-from-file --from-file=./www.conf
configmap/nginx-cm-from-file created
[root@node-1 cm]# kubectl get cm
NAME DATA AGE
nginx-cm-from-file 1 7s
nginx-nc 2 9m7s
[root@node-1 cm]# kubectl get cm nginx-cm-from-file -o yaml
apiVersion: v1
data:
www.conf: "server {\n\tserver_name myapp.com;\n\tport 80;\n\troot /data/web/html;\n\n}\n"
kind: ConfigMap
metadata:
creationTimestamp: "2019-06-20T22:43:44Z"
name: nginx-cm-from-file
namespace: default
resourceVersion: "433432"
selfLink: /api/v1/namespaces/default/configmaps/nginx-cm-from-file
uid: dbd2aa33-93ac-11e9-b0ae-080027edb92f
[root@node-1 cm]#
也可以用describe 看
[root@node-1 cm]# kubectl describe cm nginx-nc
Name: nginx-nc
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
nginx_port:
----
80
nginx_server:
----
erick.com
Events: <none>
[root@node-1 cm]# kubectl describe cm nginx-cm-from-file
Name: nginx-cm-from-file
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
www.conf:
----
server {
server_name myapp.com;
port 80;
root /data/web/html;
}
Events: <none>可以看到用这种方式创建,key为文件名, key 为文件中的内容.
创建一个pod 关联刚刚创建的cm
[root@node-1 cm]# cat cm-1.yml
apiVersion: v1
kind: Pod
metadata:
name: myapp-cm-1
namespace: default
annotations:
erick: "by erick"
spec:
containers:
- name: myapp-cm-1
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
env:
- name: nginx_port
valueFrom:
configMapKeyRef:
name: nginx-nc
key: nginx_port
- name: nginx_server
valueFrom:
configMapKeyRef:
name: nginx-nc
key: nginx_server
[root@node-1 cm]# 进入容器并查看环境变量
[root@node-1 cm]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-cm-1 1/1 Running 0 2m16s
[root@node-1 cm]# kubectl exec -it myapp-cm-1 -- /bin/sh
/ # env|grep nginx_port
nginx_port=80
/ # env|grep nginx_server
nginx_server=erick.com
/ # 我们把cm 的环境变量修改下
[root@node-1 cm]# kubectl edit configmap nginx-nc
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
nginx_port: "8080"
nginx_server: erick.com
kind: ConfigMap
metadata:
creationTimestamp: "2019-06-20T22:34:44Z"
name: nginx-nc
namespace: default
resourceVersion: "436267"
selfLink: /api/v1/namespaces/default/configmaps/nginx-nc
uid: 9a180b6e-93ab-11e9-b0ae-080027edb92f
~
把port修改成8080
再次查看环境变量是否更改
[root@node-1 cm]# kubectl exec -it myapp-cm-1 -- /bin/sh
/ # env|grep nginx_port
nginx_port=80
/ # 结论: pod中的环境变量只会在第一次创建时生效,即使 重启pod也不会生效,后期修改不会生效。
2。基于存储卷的的 pod 引用环境变量。
apiVersion: v1
kind: Pod
metadata:
name: myappcmwww
namespace: default
annotations:
erick: "by erick"
spec:
containers:
- name: myappcmwww
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/conf.d/
volumes:
- name: nginx-conf
configMap:
name: nginx-cm-from-file
[root@node-1 cm]#
进入容器查看 环境变量
[root@node-1 cm]# kubectl exec -it myappcmwww -- /bin/sh
/ # cat /etc/nginx/conf.d/
..2019_06_22_09_11_04.278015527/ ..data/ www.conf
/ # cat /etc/nginx/conf.d/www.conf
server {
server_name myapp.com;
listen 80;
root /data/web/html;
}
/ # 修改configmap 的端口为8080
[root@node-1 ~]# kubectl edit cm nginx-cm-from-file
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
www.conf: "server {\n\tserver_name myapp.com;\n\tlisten 8080;\n\troot /data/web/html;\n\n}\n"
kind: ConfigMap
metadata:
creationTimestamp: "2019-06-20T22:43:44Z"
name: nginx-cm-from-file
namespace: default
resourceVersion: "494403"
selfLink: /api/v1/namespaces/default/configmaps/nginx-cm-from-file
uid: dbd2aa33-93ac-11e9-b0ae-080027edb92f
在容器内查看环境变量是否更改。
/ # cat /etc/nginx/conf.d/www.conf
server {
server_name myapp.com;
listen 8080;
root /data/web/html;
}
/ # 已经动态的发生了改变。
secret
secret 是用base64 进行编码的格式
[root@node-1 cm]# kubectl create secret --help
[root@node-1 cm]# kubectl create secret --help
Create a secret using specified subcommand.
Available Commands:
docker-registry Create a secret for use with a Docker registry ## 链接私有镜像时
generic Create a secret from a local file, directory or literal value ## 储存密码时
tls Create a TLS secret ## 放入证书时
Usage:
kubectl create secret [flags] [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@node-1 cm]#
secrete 是 用bash64 加密的, 可以被反向解密。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK