Shulou(Shulou.com)06/01 Report--

This article is about how to configure and manage secret and configmap in Kubernetes. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Configuration management

Pod uses secret in two ways:

Variable injection (that is, when we write yaml, we directly let it be injected as a variable, into the pod, to reference the variable, to do related processing)

Mount (mount directly from volume to our specified directory)

Configmap

Like Secret, the difference is that ConfigMap saves configuration information that does not need to be encrypted.

Application scenarios: application configuration

Official documentation uses secret: https://kubernetes.io/docs/concepts/configuration/secret/

You can create a secret to store some encrypted data, such as user names and passwords, that you don't want others to see.

If you have stored how to allow users to access it, you can specify the secret name through ingress. In general, if you create a pod business container, you need to specify where to go to the secret or mount it by volume.

Encrypt the data and store it in Etcd, so that the container of Pod can be accessed by mounting Volume.

Application scenarios: credential

Create the resource in YAML or JSON format, and then create the object. Contains two mappings: stringdata and data. This data field is used to store arbitrary data and is encoded in Base64. Provided in stringdata and allows you to provide secret data as unencoded strings.

For example, two strings are stored for use in yaml, converting them to BASE64:

The variable here is converted to encoding, prompting sensitive characters. The following yaml file is not written. Sorry.

[root@k8s-master demo] # echo-n 'root' | base64 [root@k8s-master demo] # echo-n' zhaocheng' | base64 [root@k8s-master cert] # vim secret.yamlapiVersion: v1kind: Secretmetadata: name: mysecrettype: Opaquedata: username: password: [root@k8s-master cert] # kubectl create-f secret.yaml [root@k8s-master demo] # vim secret-pod1.yaml apiVersion: v1kind: Podmetadata: name: mypodspec: containers:-name: nginx image: nginx Env:-name: SECRET_USERNAME valueFrom: secretKeyRef: name: mysecret key: username-name: SECRET_PASSWORD valueFrom: secretKeyRef: name: mysecret key: password [root@k8s-master demo] # kubectl create-f secret-pod1.yaml [root@k8s-master demo] # kubectl get podNAME READY STATUS RESTARTS AGEbusybox 1 to 1 Running 35 4d1hmypod 1 to 1 Running 0 2m27snginx-5ddcc6cb74-m8dwr 1 to 1 Running 0 5h57mnginx-5ddcc6cb74-rs8b6 1 to 1 Running 0 4h44mnginx-5ddcc6cb74-zm7cz 1 to 1 Running 0 4h44m [root@k8s-master demo] # kubectl exec-it mypod shlsbin boot dev etc Home lib lib64 media mnt opt proc root run sbin srv sys tmp usr varecho $SECRET_USERNAMErootecho $SECRET_PASSWORDzhaocheng

Application scenarios:

Usually when you write Dockerfile, or docker-compose, you can automatically deal with these variables, that is, this value is decoded by K8s.

Mount through the volume form

Volume is generally used to mount some certificates, such as https certificates, into the directory in the form of variables.

[root@k8s-master demo] # vim secret-pod2.yamlapiVersion: v1kind: Podmetadata: name: mypod2spec: containers:-name: nginx image: nginx volumeMounts:-name: foo mountPath: "/ etc/foo" readOnly: true volumes:-name: foo secret: secretName: mysecret [root@k8s-master demo] # kubectl create-f secret-pod2.yaml [root@k8s-master demo] # kubectl get podNAME READY STATUS RESTARTS AGEmypod 1 Running 0 6m1smypod2 1 Running 0 43m [root@k8s-master demo] # kubectl exec-it mypod2 bashroot@mypod2:/# ls / etc/foo/password usernameroot@mypod2:/# cat / etc/foo/password zhaochengroot@mypod2:/# cat / etc/foo/usernamerootroot@mypod2:/#

Configmap

Like Secret, the difference is that ConfigMap saves configuration information that does not need to be encrypted.

Application scenarios: application configuration

Use configmap to pass in variables

Official document: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/

[root@k8s-master demo] # vim configmap1.yamlapiVersion: v1kind: ConfigMapmetadata: name: myconfig namespace: defaultdata: special.level: info special.type: hello---apiVersion: v1kind: Podmetadata: name: mypodspec: containers:-name: busybox image: busybox command: ["/ bin/sh", "- c" "echo $(LEVEL) $(TYPE)] env:-name: LEVEL valueFrom: configMapKeyRef: name: myconfig key: special.level-name: TYPE valueFrom: configMapKeyRef: name: myconfig key: special.type restartPolicy: Never [root@k8s-master demo] # kubectl get podNAME READY STATUS RESTARTS AGEmypod 1 to 1 Running 0 26mmypod2 1 to 1 Running 0 20mmypod3 0 to 1 Completed 0 41snginx-5ddcc6cb74-lplxl 1 to 1 Running 0 63m [root@k8s-master demo] # kubectl logs mypod3info hello to use An instance of redis [root@k8s-master demo] # vim configmap2.yaml apiVersion: v1kind: ConfigMapmetadata: name: redis-configdata: redis.properties: | redis.host=127.0.0.1 redis.port=6379 redis.password=123456---apiVersion: v1kind: Podmetadata: name: mypodspec: containers:-name: busybox image: busybox command: ["/ bin/sh" "- c" "cat / etc/config/redis.properties"] volumeMounts:-name: config-volume mountPath: / etc/config volumes:-name: config-volume configMap: name: Never [root@k8s-master demo] # kubectl create-f configmap2.yaml [root@k8s-master demo] # kubectl get podNAME READY STATUS RESTARTS AGEmypod 1 / 1 Running 0 30mmypod2 1 30mmypod2 1 Running 0 24mmypod3 0 15snginx-5ddcc6cb74-lplxl 1 Completed 0 4m58smypod4 0 15snginx-5ddcc6cb74-lplxl 1 Completed 0 15snginx-5ddcc6cb74-lplxl 1 Running 0 68m verify that the content has been sent to the console [root@k8s-master demo ] # kubectl logs mypod4redis.host=127.0.0.1redis.port=6379redis.password=123456 Thank you for your reading! This is the end of this article on "how to configure and manage secret and configmap in Kubernetes". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.