Shulou(Shulou.com)06/02 Report--

Environment description:

Hostname operating system version ipdocker versionkubelet version configuration remarks masterCentos 7.6.1810172.27.9.131Docker 18.09.6V1.14.22C2Gmaster host node01Centos 7.6.1810172.27.9.135Docker 18.09.6V1.14.22C2Gnode node node02Centos 7.6.1810172.27.9.136Docker 18.09.6V1.14.22C2Gnode node

For more information on k8s cluster deployment, please see Centos7.6 deployment k8s (v1.14.2) cluster.

For more information on K8s learning materials, see: basic concepts, kubectl commands and data sharing.

For more information on k8s high availability cluster deployment, please see Centos7.6 deployment k8s v1.16.4 high availability cluster (active / standby mode)

1. Overview 1. ConfigMap

In the actual application deployment of   , it is often necessary to configure various parameters for various applications / middleware, such as database address, user name, password, etc., and the configuration of applications in most production environments is more complex, which may be a combination of multiple Config files, command line parameters and environment variables. There are many ways to accomplish such tasks, such as:

1. You can write it in the application configuration file directly when you package the image, but the disadvantages of this approach are obvious, because you often need to modify these configuration parameters in the application deployment, or you do not know the specific parameter configuration when creating the image. Once packaged into the image, the configuration cannot be changed. In addition, part of the configuration information involves security information (such as user name, password, etc.), the Packer image is easy to lead to security risks; 2. It can be passed in the configuration file through the ENV environment variable, but modifying ENV means modifying the yaml file and restarting all containers. 3. You can fetch the configuration file in the database or in a specific place when the application starts.

Obviously, the first two schemes are not the best, while the third one is troublesome to implement. To solve this problem, kubernetes introduces ConfigMap as an API resource to meet this requirement.

two。 Why do you need ConfigMap and Secret

   ConfigMap and Secret are two special types of storage volumes on Kubernetes systems. ConfigMap seems to be used to provide configuration data for applications in containers to customize the behavior of the program, but sensitive configuration information, such as keys and certificates, is usually configured by Secret objects. They save the corresponding configuration information in the object, and then mount it in the form of storage volume on the Pod resource and obtain the relevant configuration in order to decouple the configuration from the image file.

3. ConfigMap functions to pass command line parameters to containers to set custom environment variables for each container to mount configuration files to the container through special types of volumes. 2. Preparation

   creates the basic image loong576/date-random. The container centos-date and nginx-server are included in the creation pod date-random-configmap,pod, where the container centos-date is created by the image loong576/date-random. Verify whether the parameters are valid by accessing the container nginx-server.

1. Make a mirror image

Create an image loong576/date-random and upload dockerhub

[root@master loong576] # more Dockerfile FROM centos:centos7.6.1810 ADD date-random.sh / usr/bin/date-randomENTRYPOINT / usr/bin/date-random [root@master loong576] # more date-random.sh #! / bin/bashmkdir / var/htdocswhile: do / usr/bin/echo "date is:" `date` > > / var/htdocs/index.html / usr/bin/echo "RANDOM is:" `echo $RANDOM` > > / var/htdocs/index.html sleep 5done [root@master loong576] # Docker build-t loong576/date-random .Sending build context to Docker daemon 4.096kBStep 1 usr/bin/date-random 3: FROM centos:centos7.6.1810-- > f1cb7c7d58b7Step 2 usr/bin/date-random 3: ADD date-random.sh / usr/bin/date-random-> 58296331ae70Step 3 usr/bin/date-random 3: ENTRYPOINT / usr/bin/date-random-> Running in e9a3184518e7Removing intermediate container e9a3184518e7-- > 07db2452d706Successfully built 07db2452d706Successfully tagged loong576/date-random:latest [root@master loong576] # docker images | grep loong576/date-randomloong576/date-random Latest 07db2452d706 24 seconds ago 202MB

The base image is centos:centos7.6.1810, to which the script date-random.sh is written and executed, which runs the date and echo $RANDOM commands, the former outputs the current time, and the latter outputs a random number between 0,32767, with a script cycle time of 5 seconds.

two。 Upload dockerhub [root@master loong576] # docker push loong576/date-randomThe push refers to repository [docker.io/loong576/date-random] ec4ecb05d6b3: Pushed 89169d87dbe2: Layer already exists latest: digest: sha256:a680438f09b92f40b38f3da5f9ea34e4b3561c540f1093d9cbcc2385c0184551 size: 736

Login operation docker login is required before uploading to dockerhub.

3. Verify the image [root@master loong576] # more date-random-configmap.yaml apiVersion: v1kind: Podmetadata: name: containers:-image: loong576/date-random name: centos-date volumeMounts:-name: html mountPath: / var/htdocs-image: nginx name: nginx-server volumeMounts:-name: html mountPath: / usr/share/nginx/html readOnly: true volumes:-name: html emptyDir: {} [root@master loong576] # kubectl apply-f date-random-configmap.yaml pod/date-random-configmap created [root@master loong576] # kubectl get po-o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESdate-random-configmap 2 node01 2 Running 0 14s 10.244.1.203 [root@master loong576] # curl 10.244.1.203date is: Mon Sep 16 02:51:21 UTC 2019RANDOM is: 17563date is: Mon Sep 16 02:51:26 UTC 2019RANDOM is: 434date is: Mon Sep 16 02:51:31 UTC 2019RANDOM is: 18246date is: Mon Sep 16 02:51:36 UTC 2019RANDOM is: 2225

Run date-random-configmap.yaml and access the container nginx-server (the default port of nginx is 80), and find that date and random numbers are output every 5 seconds, as expected.

Third, the configuration data in the container is passed 1. ENTRYPOINT and CMD of the container

The two instructions in Dockerfile define commands and parameters, respectively:

ENTRYPOINT defines the commands that run when the container starts. CMD specifies the parameters passed to ENTRYPOINT.

CMD can also execute commands, which are generally the default startup commands.

The corresponding ENTRYPOINT and CMD in K8s are as follows:

DockerKubernetes states that ENTRYPOINTcommand specifies custom commands and parameters [root@master loong576] # more nginx.yaml apiVersion: Podmetadata: name: nginxspec: containers:-image: nginx name: nginx command: ["/ bin/echo"] args: ["hello", "world"] [root@master loong576] # kubectl apply-f nginx.yaml pod/nginx created [root@master loong576] # kubectl logs nginx hello world in the parameter pod passed to the executable program by CMDargs in the container

You can see that the output of pod nginx is' hello world',', which is consistent with the definitions in command and args in pod.

two。 Pass command line parameter 2.1 loop interval parameterization to the container [root@master loong576] # more date-random.sh #! / bin/bashmkdir / var/htdocsINTERVAL=$1while: do / usr/bin/echo "date is:" `date` > > / var/htdocs/index.html / usr/bin/echo "RANDOM is:" `echo $RANDOM` > > / var/htdocs/index.html sleep $INTERVAL done [root@master loong576] # more Dockerfile FROM centos:centos7.6.1810 ADD date-random.sh / usr / bin/date-randomENTRYPOINT ["/ usr/bin/date-random"] CMD ["10"] [root@master loong576] # docker build-t loong576/date-random:args .Sending build context to Docker daemon 5.12kBStep 1 FROM centos:centos7.6.1810: FROM centos:centos7.6.1810-> f1cb7c7d58b7Step 2 ADD date-random.sh 4: ADD date-random.sh / usr/bin/date-random-> 307e2f66dfa4Step 3 ADD date-random.sh 4: ENTRYPOINT ["/ usr/bin/date-random"]-> Running in ab41b93f6b28Removing intermediate container Ab41b93f6b28-- > 5f536f70da1fStep 4amp 4: CMD ["10"]-- > Running in 90f5d58c68fbRemoving intermediate container 90f5d58c68fb-- > 8bf9ce828481Successfully built 8bf9ce828481Successfully tagged loong576/date-random:args [root@master loong576] # docker push loong576/date-random:args The push refers to repository [docker.io/loong576/date-random] 200d475bbffa: Pushed 89169d87dbe2: Layer already exists args: digest: sha256:08e4c791dc9d6b71ce45b13768ab09194cc11ecd4856b52f2719372d912ee9c1 size: 736

Modify the previous loop interval of 5 seconds to the parameter INTERVAL, pass the parameter value to 10 seconds in Dockerfile, and upload dockerhub. The [] after ENTRYPOINT and CMD in Dockerfile indicates that the execution format is Exec, which is different from the previous Shell format.

2.2 Docker runs image [root@master loong576] # docker run-itd-- name centos-args loong576/date-random:args 159e3204dad64516adc4681e9d7b1fe9f4d11a178e3cca7e9a9f13fd10252a43 [root@master loong576] # docker run-d-- name centos-args loong576/date-random:args ee938a39167afb52fe72f9367ad23d9e8b2985037320ad1ccc6ec7e3f9bc9255 [root@master loong576] # docker exec-it centos-args shsh-4.2# [root@master loong576] # [root@master loong576] # docker run-it-- Name centos-args loong576/date-random:args [root@master loong576] # docker run-itd-- name centos-args loong576/date-random:args 2a25e91a0f5b54c1c568ce089d879d50cd9a12513be5d365dc5743d74f2ac737 [root@master loong576] # docker ps | grep centos2a25e91a0f5b loong576/date-random:args "/ usr/bin/date-rando..." 18 seconds ago Up 16 seconds centos-args [root@master loong576] # docker exec-it centos-args shsh-4.2# cd / var/htdocs/sh-4.2# ls-alrttotal 4drwxr-xr-x 1 root root 20 Sep 16 07:24.. drwxr-xr-x 2 root root 24 Sep 16 07:24.-rw-r--r-- 1 root root 234 Sep 16 07:25 index.htmlsh-4.2# tail-f index .html date is: Mon Sep 16 07:24:31 UTC 2019RANDOM is: 26700date is: Mon Sep 16 07:24:41 UTC 2019RANDOM is: 13556date is: Mon Sep 16 07:24:51 UTC 2019RANDOM is: 7320date is: Mon Sep 16 07:25:01 UTC 2019RANDOM is: 6041date is: Mon Sep 16 07:25:11 UTC 2019RANDOM is: 23591 ^ CSH-4.5

The inspection interval of the index.html output is 10 seconds, which proves that the Dockerfile setting is in effect.

2.3 Docker directly specify parameters to run the image

Specify a cycle interval of 3 seconds

[root@master loong576] # docker run-itd-- name centos-args2 loong576/date-random:args 3498e48dabb0b2eb15366286d7cfd317774cf993a98c19310e3b3fe2aad9d8d6a [root@master loong576] # docker ps | grep centos498e48dabb0b loong576/date-random:args "/ usr/bin/date-rando..." 7 seconds ago Up 5 seconds centos-args22a25e91a0f5b loong576/date-random:args "/ usr/bin/date-rando …" 6 minutes ago Up 6 minutes centos-args [root@master loong576] # docker exec-it centos-args2 sh sh-4.2# tail-f / var/htdocs/index.html date is: Mon Sep 16 07:31:24 UTC 2019RANDOM is: 17156date is: Mon Sep 16 07:31:27 UTC 2019RANDOM is: 30995date is: Mon Sep 16 07:31:30 UTC 2019RANDOM Is: 24714date is: Mon Sep 16 07:31:33 UTC 2019RANDOM is: 11670date is: Mon Sep 16 07:31:36 UTC 2019RANDOM is: 32253date is: Mon Sep 16 07:31:39 UTC 2019RANDOM is: 18917 ^ CSH-4.

You can see that the output interval of index.html is 3 seconds.

2.4 Parameter values passed as defined in pod

Define pod date-random-configmap-args and set the parameter value of the delivery container to 4. 0.

[root@master loong576] # more date-random-configmap-args.yaml apiVersion: v1kind: Podmetadata: name: date-random-configmap-args spec: containers:-image: loong576/date-random:args args: ["4"] name: centos-date volumeMounts:-name: html mountPath: / var/htdocs-image: nginx name: nginx-server volumeMounts:-name: html mountPath: / usr/share/nginx/html readOnly : true volumes:-name: html emptyDir: {} [root@master loong576] # kubectl apply-f date-random-configmap-args.yaml pod/date-random-configmap-args created [root@master loong576] # kubectl get po-o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESdate-random-configmap 2and2 Running 0 5h3m 10.244.1.203 node01 date-random-configmap-args 2/2 Running 0 100s 10.244.2.209 node02 nginx 0/1 CrashLoopBackOff 20 81m 10.244.1.205 node01 [root@master loong576] # curl 10.244.2.209date is: Mon Sep 16 07:52:37 UTC 2019RANDOM is: 5067date is: Mon Sep 16 07:52:41 UTC 2019RANDOM is: 1512date is: Mon Sep 16 07:52:45 UTC 2019RANDOM is: 30707date is: Mon Sep 16 07:52:49 UTC 2019RANDOM is: 9853date is: Mon Sep 16 07:52:53 UTC 2019RANDOM is: 4578date is: Mon Sep 16 07:52:57 UTC 2019RANDOM is: 22461date is: Mon Sep 16 07:53:01 UTC 2019RANDOM is: 23571date is: Mon Sep 16 07:53:05 UTC 2019RANDOM is: 27206date is: Mon Sep 16 07:53:09 UTC 2019RANDOM is: 5840date is: Mon Sep 16 07:53:13 UTC 2019RANDOM is: 16860date is: Mon Sep 16 07:53:17 UTC 2019RANDOM is: 3697date is: Mon Sep 16 07:53:21 UTC 2019RANDOM is: 24393date is: Mon Sep 16 07:53:25 UTC 2019RANDOM is: 6753

The output time interval of index.html is 4 seconds, which is consistent with the value set by pod's args.

3. Set environment variable 3.1 for the container to generate an image loong576/date-random:env [root@master loong576] # more date-random.sh #! / bin/bashmkdir / var/htdocs#INTERVAL=$1while: do / usr/bin/echo "date is:" `date` > > / var/htdocs/index.html / usr/bin/echo "RANDOM is:" `echo $RANDOM` > > / var/htdocs/index.html sleep $INTERVAL done [root@master loong576] # More Dockerfile FROM centos:centos7.6.1810 ADD date-random.sh / usr/bin/date-randomENTRYPOINT ["/ usr/bin/date-random"] # CMD ["10"] [root@master loong576] # docker build-t loong576/date-random:env .send ing build context to Docker daemon 6.144kBStep 1 ing build context to Docker daemon 6.144kBStep 3: FROM centos:centos7.6.1810-> f1cb7c7d58b7Step 2 f1cb7c7d58b7Step 3: ADD date-random.sh / usr/bin/date-random- -- > 1ddb8d15b11dStep 3 usr/bin/date-random 3: ENTRYPOINT ["/ usr/bin/date-random"]-- > Running in e34374da108aRemoving intermediate container e34374da108a-- > b5daa0cf4479Successfully built b5daa0cf4479Successfully tagged loong576/date-random:env [root@master loong576] # docker push loong576/date-random:env The push refers to repository [docker.io/loong576/date-random] 5a389d8a01f4: Pushed 89169d87dbe2: Layer already exists env: digest: sha256:f51c0831235a559e589ede54226d9f387966bea45435026acafad5416eba5e69 size: 736

Generate an image loong576/date-random:env. Compared with loong576/date-random:args, the main function of this image is to pass the parameter value 'CMD ["10"]' specified in 'INTERVAL=$1' and Dockerfile' in the annotation script.

3.2 specify environment variables in pod

Create a new pod date-random-configmap-env and specify the environment variable INTERVAL, with an assignment of 6

[root@master loong576] # more date-random-configmap-env.yaml apiVersion: v1kind: Podmetadata: name: date-random-configmap-envspec: containers:-image: loong576/date-random:env env:-name: INTERVAL value: "6" name: centos-date volumeMounts:-name: html mountPath: / var/htdocs-image: nginx name: nginx-server volumeMounts:-name: html mountPath : / usr/share/nginx/html readOnly: true volumes:-name: html emptyDir: {} [root@master loong576] # kubectl apply-f date-random-configmap-env.yaml pod/date-random-configmap-env created [root@master loong576] # kubectl get po-o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESdate-random-configmap 2 / 2 Running 0 5h39m 10.244.1.203 node01 date-random-configmap-args 2/2 Running 0 29m 10.244.2.209 node02 date-random-configmap-env 2/2 Running 0 4m20s 10.244.1.208 node01 nginx 0/1 CrashLoopBackOff 8 18m 10.244.1.206 node01 [root@master loong576] # curl 10.244.1.208date is: Mon Sep 16 08:16:50 UTC 2019RANDOM is: 30120date is: Mon Sep 16 08:16:56 UTC 2019RANDOM is: 8149date is: Mon Sep 16 08:17:02 UTC 2019RANDOM is: 2752date is: Mon Sep 16 08:17:08 UTC 2019RANDOM is: 20276date is: Mon Sep 16 08:17:14 UTC 2019RANDOM is: 19299date is: Mon Sep 16 08:17:21 UTC 2019RANDOM is: 20116date is: Mon Sep 16 08:17:27 UTC 2019RANDOM is: 22331date is: Mon Sep 16 08:17:33 UTC 2019RANDOM is: 3626date is: Mon Sep 16 08:17:39 UTC 2019RANDOM is: 28190date is: Mon Sep 16 08:17:45 UTC 2019RANDOM is: 3241date is: Mon Sep 16 08:17:51 UTC 2019RANDOM is: 27762date Is: Mon Sep 16 08:17:57 UTC 2019RANDOM is: 26519date is: Mon Sep 16 08:18:03 UTC 2019RANDOM is: 28403date is: Mon Sep 16 08:18:09 UTC 2019RANDOM is: 27219

The output time interval of index.html is 6 seconds, which is consistent with the value set by pod's env.

IV. ConfigMap

By passing configuration data in the container,    can define the parameters to be passed to the container directly in the image or pass the parameters to the container in pod by defining parameter values and environment variables. These methods have the following disadvantages:

1.pod configuration can not be reused, production and development environment need to be defined two sets; 2. Restart the container when the parameters are changed; 3. If you change the parameters in the image, you need to create a new image; 4. Not suitable for distributed environment

At this point, ConfigMap is required, and parameters are passed to the container by mount to Pod or environment variables in the form of Volume.

1. Create configmap1.1-- from-file specifies the file method [root@master loong576] # more file1.txt file1:abcfile1:123 [root@master loong576] # more file2.txt file2:abcdfile2:1234 [root@master loong576] # kubectl create cm my-config-file-from-file=file1.txt-from-file=test2=file2.txtconfigmap/my-config-file created [root@master loong576] # kubectl get cmNAME DATA AGEmy-config-file 2 5s [root@master loong576] # kubectl Describe cm my-config-fileName: my-config-fileNamespace: defaultLabels: Annotations: Data====file1.txt:----file1:abcfile1:123test2:----file2:abcdfile2:1234Events:

Create configmap my-config-file, specify files as file1.txt and file2.txt, and key values as default file1.txt and specified test2, respectively.

1.2-from-file specifies directory mode [root@master configmap] # kubectl create configmap my-config-dir-- from-file=/root/loong576/configmap/configmap/my-config-dir created [root@master configmap] # kubectl get cmNAME DATA AGEmy-config-dir 2 6smy-config-file 2 16h

Create configmap my-config-dir, specify the directory as / root/loong576/configmap/, where there are files my-nginx-config.conf and sleep-interval, one is configured for nginx, one is set for script cycle time, and the later configmap will be used.

1.3-from-literal literal method [root@master loong576] # kubectl create cm my-config-literal-- from-literal=username=admin-- from-literal=password=123456 configmap/my-config-literal created [root@master loong576] # kubectl get cmNAME DATA AGEmy-config-dir 2 18mmy-config-file 2 16hmy-config-literal 24 s

Create configmap my-config-literal,key as admin and password respectively

1. 4-from-env-file key-value alignment [root@master loong576] # more bar.env a=1b=2c=3d=4ef=ggggh='8'#i = '9roomj = "10" [root@master loong576] # kubectl create configmap my-config-env-- from-env-file=./bar.env configmap/my-config-env created [root@master loong576] # kubectl get cmNAME DATA AGEmy-config-dir 2 23mmy-config-env 9 3smyMART config- File 2 16hmy-config-literal 2 5m35s

Key value pairs have certain requirements for format: valid environment variable names must consist of alphabetic characters, numbers,'-'or'.' Composition and cannot start with a number (for example, '.my.env name', or' .my '.env.name', or '.myenvname1', the regex used for authentication is'[-.'- za-z] [-.-u a-za-z0-9] *')

1.5 yaml file method [root@master loong576] # more configmap.yaml apiVersion: v1kind: ConfigMapmetadata: name: my-config-yamldata: sleep-interval: "15" [root@master loong576] # kubectl apply-f configmap.yaml configmap/my-config-yaml created [root@master loong576] # kubectl get cmNAME DATA AGEmy-config-dir 2 34mmy-config-env 9 11mmy-config-file 2 16hmyconfig- Literal 2 16mmy-config-yaml 1 3s [root@master loong576] # kubectl describe cm my-config-yamlName: my-config-yamlNamespace: defaultLabels: Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion": "v1" "data": {"sleep-interval": "15"}, "kind": "ConfigMap", "metadata": {"annotations": {}, "name": "my-config-yaml", "namespace": "def...Data====sleep-interval:----15Events:

Create a configmap my-config-yaml and specify a key value of 15 sleep-interval

two。 Create a new pod date-random-configmap-volume using configmap2.1

Create pod date-random-configmap-volume, pass the ConfigMap entry sleep-interval to container centos-date as environment variable, and mount ConfigMap as volume to container nginx-server as nginx configuration file

[root@master loong576] # more date-random-configmap-volume.yaml apiVersion: v1kind: Podmetadata: name: date-random-configmap-volumespec: containers:-image: the image used by the container centos-date, tag is env env:-name: INTERVAL # the environment variable is named INTERVAL Consistent with the script date-random.sh defined valueFrom: configMapKeyRef: # initialize name: my-config-dir # ConfigMap name key: sleep-interval # the value of the environment variable is set to the value name: centos-date volumeMounts:-name: html mountPath: corresponding to sleep-interval under ConfigMap: / var/htdocs # location where emptyDir volumes are mounted-image: nginx name: nginx-server volumeMounts:-name: html mountPath: / usr/share/nginx/html # location where emptyDir volumes are mounted readOnly: true-name: config mountPath: / etc/nginx/conf.d # location where ConfigMap volumes are mounted readOnly: true volumes:-name: html emptyDir: {}-name: config configMap : name: my-config-dir # defines the volume type as ConfigMap The name is my-config-dir items: # Select the entry contained in the volume-key: my-nginx-config.conf # the mounted entry is my-nginx-config.conf path: nginx-port.conf # the file name mounted to the container [root@master loong576] # kubectl apply-f date-random-configmap-volume.yaml pod/date-random- Configmap-volume created [root@master loong576] # kubectl get po-o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESdate-random-configmap 2 Running 2 29h 10.244.1.211 node01 date-random-configmap-args 2 Running 2 24h 10.244.2.210 node02 date-random-configmap-env 2/2 Running 2 24h 10.244.1.209 node01 date-random-configmap-volume 2/2 Running 0 20s 10.244.1.216 node01 nginx 0/1 CrashLoopBackOff 113 24h 10.244.1.212 node01

Update the nginx configuration principle by mounting ConfigMap: Nginx needs to read the configuration file / etc/nginx/nginx.conf, and the default configuration file will automatically embed all conf files under the subfolder / etc/nginx/conf.d/, so you only need to place your configuration file in this subfolder.

2.2 access test [root@master loong576] # curl 10.244.1.216:81date is: Tue Sep 17 08:27:34 UTC 2019RANDOM is: 9389date is: Tue Sep 17 08:27:42 UTC 2019RANDOM is: 22109date is: Tue Sep 17 08:27:50 UTC 2019RANDOM is: 13043

The interval between accessing the output of the pod,nginx port 81 ~ date is 8 seconds.

[root@master loong576] # kubectl exec-it date-random-configmap-volume-c nginx-server sh# cd / etc/nginx/conf.d# lsnginx-port.conf# more nginx-port.confserver {listen 81; server_name localhost; gzip on; gzip_types text/plain application/xml; location / {root / usr/share/nginx/html; index index.html index.htm;}}

Enter the container nginx-server,/etc/nginx/conf.d to find the ConfigMap entry nginx-port.conf mounted as a volume

3. Update Application configuration 3.1 Update ConfigMap [root@master loong576] # kubectl edit cm my-config-dir

Update my-config-dir to change the nginx listening port of entry my-nginx-config.conf from 81 to 82

3.2 nginx load configuration # nginx-s reload

Since nginx does not automatically load the configuration, it needs to be reloaded

Visit nginx [root@master loong576] # curl 10.244.1.216:82date is: Tue Sep 17 08:27:34 UTC 2019RANDOM is: 9389date is: Tue Sep 17 08:27:42 UTC 2019RANDOM is: 22109date is: Tue Sep 17 08:27:50 UTC 2019RANDOM is: 13043

Access nginx again and the port becomes 82. 0.

Use ConfigMap to update the configuration file to avoid pod restart or container reconstruction.

5. Secret

To store and distribute such information, Kubemetes provides a separate resource object called Secret. The Secret structure is similar to ConfigMap in that it is a mapping of key / value pairs.

Secret function:

Pass the Secret entry as an environment variable to the container and expose the Secret entry as file 1. 0 in the volume. Create Secret

Similar to ConfigMap, Secret is created in 5 ways

Use files, directories, and literals:

[root@master loong576] # kubectl create secret generic mysecret-from-file=./username.txt-from-file=mypassword=./password.txt-from-literal=loong=576-from-file=./secret-dir/ secret/mysecret created [root@master loong576] # kubectl get secrets mysecret NAME TYPE DATA AGEmysecret Opaque 5 15s

There are three types of secret:

Docker-registry creates a secretgeneric for Docker registry to create a secrettls from a local file, directory or literal value to create a TLS secret

The generic method is used here, and the docker-registry method will be used later.

Key-value pair mode:

[root@master loong576] # kubectl create secret generic mysecret-env-- from-env-file=secret-env.txtsecret/mysecret-env created [root@master loong576] # kubectl get secrets NAME TYPE DATA AGEdefault-token-gwhj2 kubernetes.io/service-account-token 3 2m29smysecret Opaque 5 103smysecret-env Opaque 3 7s

Yaml mode:

[root@master loong576] # echo loong | base64 bG9vbmcK [root@master loong576] # echo 576 | base64 NTc2Cg== [root@master loong576] # more secret-yaml.yaml apiVersion: v1kind: Secretmetadata: name: username: bG9vbmcK password: NTc2Cg== [root@master loong576] # kubectl apply-f secret-yaml.yaml secret/mysecret-yaml created [root@master loong576] # kubectl get secrets NAME TYPE DATA AGEdefault-token-gwhj2 kubernetes.io/service-account-token 3 31mmysecret Opaque 5 30mmysecret-env Opaque 3 29mmysecret-yaml Opaque 2 5s

Note that in yaml mode, the value corresponding to the key value of the entry needs to be encoded by base64, and an error will be reported if you write the plaintext directly.

two。 Check [root @ master loong576] # kubectl get secrets NAME TYPE DATA AGEdefault-token-gwhj2 kubernetes.io/service-account-token 3 36mmysecret Opaque 5 35mmysecret-env Opaque 3 33m mysecrette- Yaml Opaque 2 4m53s [root@master loong576] # kubectl describe secrets mysecretName: mysecretNamespace: defaultLabels: Annotations: Type: OpaqueData====dir1.txt: 8 bytesdir2.txt: 8 bytesloong: 3 bytesmypassword: 7 bytesusername.txt: 6 bytes [root@master loong576] # kubectl get secrets mysecret-o yamlapiVersion: v1data: dir1.txt: dGVzdDAwMQo= dir2.txt: dGVzdDAwMgo= loong : NTc2 mypassword: YWJjMTIzCg== username.txt: YWRtaW4Kkind: Secretmetadata: creationTimestamp: "2019-09-18T01:55:47Z" name: mysecret namespace: default resourceVersion: "2643256" selfLink: / api/v1/namespaces/default/secrets/mysecret uid: 6ebdc96c-d9b7-11e9-863b-000c29d99ba3type: Opaque [root@master loong576] # echo dGVzdDAwMQo= | base64-decode test001

View all secret through 'kubectl get secrets', view the key value of the entry through' kubectl describe secrets mysecret', and view the value of the entry through 'kubectl get secrets mysecret-o yaml', but need to be decoded by base64.

3. Use Secret

This article uses Secret to pull private images as an example to introduce the use of Secret.

Create secret docker-registry [root@master loong576] # kubectl create secret docker-registry loong576-secret-- docker-username=loong576-- docker-password=xxxxxxxxxx-- docker-email=xxxxxxxxx@126.comsecret/loong576-secret created [root@master loong576] # kubectl get secrets loong576-secret NAME TYPE DATA AGEloong576-secret kubernetes.io/dockerconfigjson 1 16s [root@master loong576] #

Fill in the user name, password and mailbox for creating secret docker-registry:loong576-secret,dockerhub according to the actual situation of the individual.

3.2 create a private mirror loong576/test

Create a private mirror loong576/test on dockerhub

Create pod private-pod-secret [root@master loong576] # more private-image-secret-volume.yaml apiVersion: v1kind: Podmetadata: name: private-pod-secretspec: imagePullSecrets:-name: loong576-secret # refer to the created docker-registry secret:loong576-secret containers:-image: loong576/test # pull private image name: busybox576 args: ["/ bin/sh", "- c" "sleep 600000"] volumeMounts:-name: vol-secret mountPath: / etc/loong576 # Mount the volume to the path of the container readOnly: true volumes:-name: vol-secret # Mount secret as a volume The volume name is vol-secret secret: secretName: mysecret-yaml # refers to the previously created secret mysecret-yaml [root@master loong576] # kubectl apply-f private-image-secret-volume.yaml pod/private-pod-secret created [root@master loong576] # kubectl get po-o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESdate-random -configmap 2 Running 4 2d 10.244.1.217 node01 date-random-configmap-args 2 Running 4 43h 10.244.2.213 node02 date-random-configmap-env 2 Running 4 42 hours 10.244.1.220 node01 Date-random-configmap-volume 2/2 Running 2 18h 10.244.1.221 node01 nginx 0/1 CrashLoopBackOff 156 43h 10.244.1.218 node01 private-pod-secret 1/1 Running 0 45s 10.244.2.218 node02

Create a pod private-pod-secret, pull a private image using secret loong576-secret, and mount the secret mysecret-yaml to the container as a volume.

3.4 check secretroot @ master loong576 in pod # kubectl exec-it private-pod-secret sh/ # df-hFilesystem Size Used Available Use% Mounted onoverlay 5.0G 3.5g 1.5G 70% / tmpfs 64.0M 0 64.0M 0 / devtmpfs 909.8m 0 909.8m 0% / sys/fs/cgrouptmpfs 909.8M 8.0K 909.8m 0% / etc/loong576/dev/mapper/root--vg-var 5.0G 3.5G 1.5G 70% / dev/termination-log/dev/mapper/root--vg-var 5.0G 3.5g 1.5G 70% / etc/resolv.conf/dev/mapper/root--vg-var 5.0G 3.5G 1.5G 70% / etc/hostname/dev/mapper/root--vg-var 5.0G 3.5G 1.5G 70% / etc/hostsshm 64.0M 064. 0m 0% / dev/shmtmpfs 909.8M 12.0K 909.8m 0% / var/run/secrets/kubernetes.io/serviceaccounttmpfs 909.8M 0909.8m 0% / proc/acpitmpfs 64.0M 064.0m 0% / proc/kcoretmpfs 64.0m 0 64.0M 0% / proc/keystmpfs 64.0M 0 64.0M 0% / proc/timer_listtmpfs 64.0M 0 64.0M 0% / proc/timer_statstmpfs 64.0M 064.0M 0% / proc/sched_debugtmpfs 909.8M 0909.8m 0% / proc/scsitmpfs 909.8M 0909.8m 0% / sys/firmware/ # cd / etc/loong576//etc/loong576 # ls-ltotal 0lrwxrwxrwx 1 root root 15 Sep 18 03:15 password->.. data/passwordlrwxrwxrwx 1 root root 15 Sep 18 03:15 username->.. data/username/etc/ Loong576 # more username loong/etc/loong576 # more password 576

Check the secret in the container and find that the type of secret;/etc/loong576 file system mounted as a volume under / etc/loong576 is tmpfs, which means that secret volumes are mounted with a memory file system, and secret data is not written to disk to ensure data security.

4. Update Secret [root@master loong576] # echo loong-update | base64bG9vbmctdXBkYXRlCg== [root @ master loong576] # echo 576-update | base64NTc2LXVwZGF0ZQo= [root @ master loong576] # kubectl edit secret mysecret-yaml secret/mysecret-yaml edited

Update the mysecret-yaml and find that the contents mounted in the container are updated at the same time.

All scripts and configuration files in this article have been uploaded: K8s practice (8): ConfigMap and Secret

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.