Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

K8s cluster ConfigMap and Secret storage volumes

2025-01-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

A ConfigMap object is a collection of configurations. K8s will inject this collection into the corresponding Pod object and start the use of the container successfully. There are generally two ways of injection, one is to mount the storage volume, and the other is to pass variables. ConfigMap must exist before it is referenced, belongs to the namespace level, cannot be used across namespaces, and the content is displayed in clear text. After the ConfigMap content is modified, the corresponding pod must restart or reload the configuration.

Secret is similar to ConfigMap, is encrypted with Base64, ciphertext display, generally store sensitive data. There are generally two ways to create it, one is to create it using kubectl create, and the other is to use Secret configuration files.

Help for using ConfigMap key values: kubectl explain pods.spec.containers.env

ConfigMap volume creation help: kubectl explain pods.spec.volumes

ConfigMap Volume reference help: kubectl explain pods.spec.containers.volumeMounts

Secret help: kubectl explain secret

One, ConfigMap storage volume

1. Use key values to create objects directly

[root@k8s01 yaml] # kubectl create configmap wuhan123-- from-literal=wuhan= "2019 CISM World Games"

Configmap/wuhan123

[root@k8s01 yaml] # kubectl get configmap wuhan123

NAME DATA AGE

Wuhan123 1 27s

[root@k8s01 yaml] # kubectl get configmap wuhan123-o yaml

ApiVersion: v1data: wuhan: 2019 CISM World Games-key and data kind: ConfigMapmetadata: creationTimestamp: "2019-10-26T06:30:13Z" name: wuhan123 namespace: default resourceVersion: "3790588" selfLink: / api/v1/namespaces/default/configmaps/wuhan123 uid: c7771f6f-3825-47f8-9029-4630810b6dd5

[root@k8s01 yaml] #

1.1 reference a single object in the ConfigMap key value:

[root@k8s01 yaml] # vim wuhan123.yaml

ApiVersion: v1kind: Podmetadata: name: wuhan123 namespace: default labels: app: containers:-name: wuhan123 image: nginx:latest imagePullPolicy: Never env:-name: abc-- store the value valueFrom: configMapKeyRef: name: wuhan123-- configmap name key: wuhan-key [root@k8s01 yaml] # kubectl apply-f wuhan123.yaml after referencing the data

Pod/wuhan123 created

[root@k8s01 yaml] # kubectl exec-it wuhan123 bash

Root@wuhan123:/# echo $abc-- outputs the value in the key in the container

2019 CISM World Games

Root@wuhan123:/# exit

Exit

[root@k8s01 yaml] #

1.2 referencing all objects in the ConfigMap

[root@k8s01 yaml] # vim wuhan123-1.yaml

ApiVersion: v1kind: Podmetadata: name: wuhan123-1 namespace: default labels: app: webspec: containers:-name: wuhan123-1 image: nginx:latest imagePullPolicy: Never envFrom:-- reference all configmap values-prefix: WUHAN_-- prefix each variable configMapRef: name: wuhan123 optional: false

[root@k8s01 yaml] # kubectl apply-f wuhan123-1.yaml

Pod/wuhan123-1 created

[root@k8s01 yaml] # kubectl exec-it wuhan123-1 bash

Root@wuhan123-1 echo echo $WUHAN_wuhan-prefix when accessing variables

2019 CISM World Games

Root@wuhan123-1 VOLGUP # exit

Exit

[root@k8s01 yaml] #

two。 Create based on file

[root@k8s01 yaml] # kubectl create configmap wuhan2-- from-file=/root/yaml/nginx.conf-- specify the mounted file

Configmap/wuhan2 created

[root@k8s01 yaml] # kubectl get configmap wuhan2

NAME DATA AGE

Wuhan2 1 18s

[root@k8s01 yaml] # kubectl get configmap wuhan2-o yaml

ApiVersion: v1

Data:

Nginx.conf: | +

Worker_processes auto

Worker_cpu_affinity auto

Worker_rlimit_nofile 65535

Events {

Use epoll

Worker_connections 65535

}

Error_log logs/error.log error

Pid logs/nginx.pid

Http {

Server_info off

Include common/mime.types

Default_type application/octet-stream

Index index.html index.htm default.html default.htm index.json

Log_format main

'[$remote_addr $http_x_forwarded_for-$remote_user $time_local]'

'[Request: $host "$request"] $request_time sec'

'[Detail: $status $body_bytes_sent $http_referer]'

'[Upstream: $upstream_addr $upstream_status]' $upstream_response_time sec'

Access_log logs/access.log main

Keepalive_timeout 65

Sendfile on

Client_max_body_size 10240m

Client_body_buffer_size 1024k

Resolver 114.114.114.114 8.8.8.8

Uwsgi_cache_path uwsgi_temp levels=1:2 keys_zone=IFLYTEK_UWSGI_CACHE:100m inactive=5m max_size=20g

Include common/uwsgi.conf

Include common/proxy.conf

Include common/fastcgi.conf

Include common/gzip.conf

Include sites/*.conf

}

Kind: ConfigMap

Metadata:

CreationTimestamp: "2019-10-26T06:36:20Z"

Name: wuhan2

Namespace: default

ResourceVersion: "3791130"

SelfLink: / api/v1/namespaces/default/configmaps/wuhan2

Uid: 6305dd66-df6c-48a8-a1ad-02513ad64d6c

[root@k8s01 yaml] #

2.1 reference configmap object

[root@k8s01 yaml] # vim wuhan234.yaml

ApiVersion: v1kind: Podmetadata: name: wuhan234 namespace: default labels: app: containers:-name: wuhan234 image: nginx:latest imagePullPolicy: Never volumeMounts:-name: ngxconf mountPath: / usr/share/nginx/conf-Mount configmap to the specified directory readOnly: true volumes:-name: ngxconf-define a volume storage configMap: name: wuhan2-specify the configmap name

[root@k8s01 yaml] # kubectl apply-f wuhan234.yaml

Pod/wuhan234 created

[root@k8s01 yaml] # kubectl exec-it wuhan234 bash

Root@wuhan234:/# head-2 / usr/share/nginx/conf/nginx.conf-View the mounted content

Worker_processes auto

Worker_cpu_affinity auto

Root@wuhan234:/# exit

Exit

[root@k8s01 yaml] #

3. Create based on directory

[root@k8s01 yaml] # kubectl create configmap wuhan3-- from-file=/root/yaml/

Configmap/wuhan3 created

[root@k8s01 yaml] # kubectl get configmap wuhan3

NAME DATA AGE

Wuhan3 8 5s

[root@k8s01 yaml] # kubectl get configmap wuhan3-o yaml

3.1 reference configmap object (mount the specified file in the directory)

[root@k8s01 yaml] # vim wuhan345.yaml

ApiVersion: v1kind: Podmetadata: name: wuhan345 namespace: default labels: app: containers:-name: wuhan345 image: nginx:latest imagePullPolicy: Never volumeMounts:-name: ngxconf mountPath: / usr/share/nginx/conf readOnly: true volumes:-name: ngxconf-- define storage volume name configMap: name: wuhan3-- reference configmap name items:-key: nginx.yaml -- referenced file name path: nginx.yaml-- pre-referenced file name mode: 0777-- File permissions-key: helm123.yaml-- Mapping the referenced helm.yaml file to helm123.yaml path: helm.yaml mode: 0600

[root@k8s01 yaml] # kubectl apply-f wuhan345.yaml

Pod/wuhan345 created

[root@k8s01 yaml] # kubectl exec-it wuhan345 bash

Root@wuhan345:/# ls-al / usr/share/nginx/conf/

Total 0

Drwxrwxrwx 3 root root 97 Oct 26 08:25.

Drwxr-xr-x 1 root root 18 Oct 26 08:25..

Drwxr-xr-x 2 root root 44 Oct 26 08:25.. 2019_10_26_08_25_18.898777603

Lrwxrwxrwx 1 root root 31 Oct 26 08:25.. data-> .2019 1026082518898777603

Lrwxrwxrwx 1 root root 19 Oct 26 08:25 helm123.yaml->.. data/helm123.yaml-after file post-mapping

Lrwxrwxrwx 1 root root 17 Oct 26 08:25 nginx.yaml->.. data/nginx.yaml

Root@wuhan345:/# exit

Exit

[root@k8s01 yaml] #

3.2 reference configmap object (the specified files are mounted in the directory, and the original other files are retained)

[root@k8s01 yaml] # vim wuhan345-1.yaml

ApiVersion: v1kind: Podmetadata: name: wuhan345-1 namespace: default labels: app: webspec: containers:-name: wuhan345-1 image: nginx:latest imagePullPolicy: Never volumeMounts:-name: ngxconf mountPath: / usr/share/nginx/conf/nginx.conf subPath: nginx.conf readOnly: true-name: ngxconf mountPath: / usr/share/nginx/conf/default.conf subPath: default.conf readOnly: true volumes:-name: ngxconf configMap: name: wuhan3

[root@k8s01 yaml] # kubectl apply-f wuhan345-1.yaml

Pod/wuhan345-1 created

[root@k8s01 yaml] # kubectl exec-it wuhan345-1 bash

Root@wuhan345-1 al al # ls / usr/share/nginx/conf/

Total 4

Drwxr-xr-x 3 root root 44 Oct 26 08:20.

Drwxr-xr-x 1 root root 18 Oct 26 08:20..

Drwxrwxrwx 2 root root 6 Oct 26 08:20 default.conf

-rw-r--r-- 1 root root 1083 Oct 26 08:20 nginx.conf

Root@wuhan345-1 VOLGUP # exit

Exit

[root@k8s01 yaml] #

4. Create based on profile

[root@k8s01 yaml] # vim configmap.yaml

ApiVersion: v1kind: ConfigMapmetadata: name: wuhan5 namespace: defaultdata: |-- symbol must be used |, otherwise there is no format nginx.conf: worker_processes auto; worker_cpu_affinity auto; worker_rlimit_nofile 65535; events {use epoll; worker_connections 65535;} http {server_info off; index index.html index.htm default.html default.htm index.json Access_log logs/access.log main; keepalive_timeout 65; server {server_name baidu.com; location / {root html Index index.html}}-apiVersion: v1kind: Podmetadata: name: wuhan5-pod namespace: defaultspec: containers:-name: wuhan5-pod image: nginx:latest imagePullPolicy: Never volumeMounts:-name: ngxconf-- reference alias mountPath: / usr/share/nginx/conf-- mounted directory volumes:-name: ngxconf-define an alias ConfigMap: name: wuhan5-- reference configmap name

[root@k8s01 yaml] # kubectl apply-f configmap.yaml

Configmap/wuhan5 created

Pod/wuhan5-pod created

[root@k8s01 yaml] # kubectl exec-it wuhan5-pod bash

Root@wuhan5-pod:/# head-5 / usr/share/nginx/conf/nginx.conf-displays 5 lines

Worker_processes auto

Worker_cpu_affinity auto

Worker_rlimit_nofile 65535

Events {

Use epoll

Root@wuhan5-pod:/# exit

Exit

[root@k8s01 yaml] #

Second, Secret storage volume

5. Using command to create Secret

[root@k8s01 yaml] # kubectl create secret generic mypass-from-literal=username=root-from-literal=password=System135

Secret/mypass created

[root@k8s01 yaml] # kubectl get secrets mypass

NAME TYPE DATA AGE

Mypass Opaque 2 23s

[root@k8s01 yaml] # kubectl get secrets mypass-o yaml

ApiVersion: v1

Data:

Password: U3lzdGVtMTM1-password is encrypted

Username: cm9vdA==-- user name is encrypted

Kind: Secret

Metadata:

CreationTimestamp: "2019-10-26T08:32:18Z"

Name: mypass

Namespace: default

ResourceVersion: "3801721"

SelfLink: / api/v1/namespaces/default/secrets/mypass

Uid: 7a432a31-fe0b-4edc-a507-9f1aa0cd1745

Type: Opaque-if it's Opaque, it's encrypted with Base64.

[root@k8s01 yaml] # echo U3lzdGVtMTM1 | base64-d-displays the password in clear text

System135 [root@k8s01 yaml] #

6. All pod operational statu

[root@k8s01 yaml] # kubectl get pods-o wide | grep wuhan

Wuhan123 1/1 Running 0 97m 10.244.1.33 k8s02

Wuhan123-1 1bat 1 Running 0 94m 10.244.2.38 k8s03

Wuhan234 1/1 Running 0 85m 10.244.1.35 k8s02

Wuhan345 1/1 Running 0 58m 10.244.1.36 k8s02

Wuhan345-1 1bat 1 Running 0 63m 10.244.2.39 k8s03

Wuhan5-pod 1/1 Running 0 2m5s 10.244.2.41 k8s03

[root@k8s01 yaml] #

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report