关于kubernetes:K8S学习笔记05-配置管理SecretConfigMap

Secret

Secret的次要作用就是加密数据，而后存在etcd外面，让Pod容器以挂载Volume形式进行拜访

场景：用户名 和 明码进行加密

个别场景的是对某个字符串进行base64编码 进行加密

echo -n 'admin' | base64echo -n 'admin123' | base64

变量模式挂载到Pod

1.创立secret加密数据 secret.yaml

apiVersion: v1kind: Secretmetadata:  name: mysecrettype: Opaquedata:  username: YWRtaW4=  password: YWRtaW4xMjM=

创立secret

kubectl create -f secret.yaml

查看secret

kubectl get secretNAME                  TYPE                                  DATA   AGEmysecret              Opaque                                2      18s

2.以变量模式挂载到pod容器中

创立yaml文件 secret-val.yaml

apiVersion: v1kind: Podmetadata:  name: mypodspec:  containers:  - name: nginx    image: nginx    env:      - name: SECRET_USERNAME        valueFrom:          secretKeyRef:            name: mysecret            key: username      - name: SECRET_PASSWORD        valueFrom:          secretKeyRef:            name: mysecret            key: password

执行

kubectl apply -f secret-val.yaml

查看容器中有没有变量

kubectl get podskubectl exec -it mypodecho $SECRET_USERNAME #adminecho $SECRET_PASSWORD #admin123

删除Pod

kubectl delete -f secret-val.yaml

3.以数据卷模式挂载

apiVersion: v1kind: Podmetadata:  name: mypodspec:  containers:  - name: nginx    image: nginx    volumeMounts:    - name: foo      mountPath: "/etc/foo"      readOnly: true  volumes:  - name: foo    secret:      secretName: mysecret

执行

kubectl apply -f secret-vol.yaml 

查看

kubectl exec -it mypod bashcat /etc/foo/username #admincat /etc/foo/password #admin123

删除全副pod

kubectl delete pod --all

ConfigMap 配置文件

ConfigMap作用是存储不加密的数据到etcd中，让Pod以变量或数据卷Volume挂载到容器中

创立配置文件

vim redis.propertiesredis.port=127.0.0.1redis.port=6379redis.password=123456

创立ConfigMap

kubectl create configmap redis-config --from-file=redis.properties

查看详细信息

kubectl describe cm redis-configName:         redis-configNamespace:    defaultLabels:       <none>Annotations:  <none>Data====redis.properties:----redis.port=127.0.0.1redis.port=6379redis.password=123456Events:  <none>

以数据卷模式挂载

编辑yaml

创立查看

# 创立kubectl apply -f cm.yaml# 查看kubectl get pods# 查看执行日志kubectl logs mypod

删除configmap

kubectl get cmkubectl delete -f cm.yaml

以变量的模式挂载Pod

配置文件myconfig.yaml申明变量

apiVersion: v1kind: ConfigMapmetadata:  name: myconfig  namespace: defaultdata:  special.level: info  special.type: hello

创立和查看

# 创立podkubectl apply -f myconfig.yaml# 获取kubectl get cmNAME       DATA   AGEmyconfig   2      3s

应用配置 config-val.yaml

apiVersion: v1kind: Podmetadata:  name: mypodspec:  containers:    - name: busybox      image: busybox      command: [ "/bin/sh", "-c", "echo $(LEVEL) $(TYPE)" ]      env:        - name: LEVEL          valueFrom:            configMapKeyRef:              name: myconfig              key: special.level        - name: TYPE          valueFrom:            configMapKeyRef:              name: myconfig              key: special.type  restartPolicy: Never              

查看日志

kubectl logs mypod#输入 info hello