kubernetes之Secret和Configmap
创建和查询Secret
literal 播报 编辑 讨论 上传视频
literal是一个英语单词,形容词,意思是文字的;逐字的;无夸张的。 [1]
通过--from-literal创建以及查看
[machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret1 --from-literal=uername=mcw --from-literal=password=123456
secret/mcwsecret1 created
[machangwei@mcwk8s-master ~]$ kubectl get secret #查看这里查看到的第一个应该是k8s自己的token用的
NAME TYPE DATA AGE
default-token-9qbhw kubernetes.io/service-account-token 3 30d
mcwsecret1 Opaque 2 16s
[machangwei@mcwk8s-master ~]$
[machangwei@mcwk8s-master ~]$ kubectl describe secret mcwsecret1 #查看详情
Name: mcwsecret1
Namespace: default
Labels: <none>
Annotations: <none> Type: Opaque Data
====
password: 6 bytes
uername: 3 bytes
[machangwei@mcwk8s-master ~]$ kubectl edit secret mcwsecret1 # Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
password: MTIzNDU2 #可以看到用户和密码是加密后的内容
uername: bWN3
kind: Secret
metadata:
creationTimestamp: "2022-02-20T06:35:16Z"
name: mcwsecret1
namespace: default
resourceVersion: "61473"
uid: f826a036-0e99-4369-9e48-9862601c96c9
type: Opaque
~
[machangwei@mcwk8s-master ~]$ echo -n bWN3|base64 --decode #虽然加密过的但是可以使用base64反编码获取到
mcw[machangwei@mcwk8s-master ~]$ echo MTIzNDU2|base64 --decode
123456[machangwei@mcwk8s-master ~]$
通过--from-file
[machangwei@mcwk8s-master ~]$ echo -n mcw>./username #-n不换行,这是怕写进换行符受到影响吗,难道
[machangwei@mcwk8s-master ~]$ echo -n 123456 >./password
[machangwei@mcwk8s-master ~]$ cat username
mcw[machangwei@mcwk8s-master ~]$
[machangwei@mcwk8s-master ~]$ cat password
123456[machangwei@mcwk8s-master ~]$
[machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret2 --from-file=./uername --from-file=./password
error: error reading ./uername: no such file or directory
[machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret2 --from-file=./username --from-file=./password
secret/mcwsecret2 created
[machangwei@mcwk8s-master ~]$ kubectl get secret
NAME TYPE DATA AGE
default-token-9qbhw kubernetes.io/service-account-token 3 30d
mcwsecret1 Opaque 2 12m
mcwsecret2 Opaque 2 13s
[machangwei@mcwk8s-master ~]$ 当文件中写入多行数据时,
[machangwei@mcwk8s-master ~]$ cat username
mcw
mcw2
[machangwei@mcwk8s-master ~]$ cat password
123456
654321
[machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret3 --from-file=./username --from-file=./password
secret/mcwsecret3 created
[machangwei@mcwk8s-master ~]$ kubectl get secret
NAME TYPE DATA AGE
default-token-9qbhw kubernetes.io/service-account-token 3 30d
mcwsecret1 Opaque 2 16m
mcwsecret2 Opaque 2 4m5s
mcwsecret3 Opaque 2 5s
[machangwei@mcwk8s-master ~]$ kubectl edit secret mcwsecret3 #
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
password: MTIzNDU2CjY1NDMyMQo=
username: bWN3Cm1jdzIK
kind: Secret
metadata:
creationTimestamp: "2022-02-20T06:51:12Z"
name: mcwsecret3
namespace: default
resourceVersion: "62806"
uid: fcbc860b-e9d4-407c-a586-c5630c17875d
type: Opaque
[machangwei@mcwk8s-master ~]$ echo bWN3Cm1jdzIK|base64 --decode #可以看到,data还是只有两个,一个文件代表一个data。而且换行和第二行都属于同个data的值
mcw
mcw2
[machangwei@mcwk8s-master ~]$
通过--from-env-file,一个文件多个键值对
[machangwei@mcwk8s-master ~]$ cat << EOF >env.txt
> uername=mcw
> password=123456
> EOF
[machangwei@mcwk8s-master ~]$ kubectl create secret generic mcwsecret4 --from-env-file=env.txt
secret/mcwsecret4 created
[machangwei@mcwk8s-master ~]$ kubectl get secret mcwsecret4
NAME TYPE DATA AGE
mcwsecret4 Opaque 2 61s
[machangwei@mcwk8s-master ~]$ #可以看到有两个信息条目数据
通过YAML配置文件
[machangwei@mcwk8s-master ~]$ echo -n mcw | base64
bWN3
[machangwei@mcwk8s-master ~]$ echo -n 123456 | base64
MTIzNDU2
[machangwei@mcwk8s-master ~]$ 先给需要加密的值base64加密,然后放入到配置文件中
[machangwei@mcwk8s-master ~]$ vim mcwcecret.yml
[machangwei@mcwk8s-master ~]$ cat mcwcecret.yml
apiVersion: v1
kind: Secret
metadata:
name: mcwsecret5
data:
username: bWN3
password: MTIzNDU2
[machangwei@mcwk8s-master ~]$ kubectl apply -f mcwcecret.yml
secret/mcwsecret5 created
[machangwei@mcwk8s-master ~]$ kubectl get secret mcwsecret5
NAME TYPE DATA AGE
mcwsecret5 Opaque 2 19s
在Pod中使用Secret
Volume方式
[machangwei@mcwk8s-master ~]$ echo -n mcw | base64
bWN3
[machangwei@mcwk8s-master ~]$ echo -n 123456 | base64
MTIzNDU2
[machangwei@mcwk8s-master ~]$ cat mcwcecret.yml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
data:
username: bWN3
password: MTIzNDU2
[machangwei@mcwk8s-master ~]$ kubectl apply -f mcwcecret.yml
secret/mysecret created
[machangwei@mcwk8s-master ~]$ kubectl get secret
NAME TYPE DATA AGE
default-token-9qbhw kubernetes.io/service-account-token 3 30d
mysecret Opaque 2 10s
[machangwei@mcwk8s-master ~]$
[machangwei@mcwk8s-master ~]$ cat mypod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 30000
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
[machangwei@mcwk8s-master ~]$ kubectl apply -f mypod.yml
pod/mypod created
[machangwei@mcwk8s-master ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 45s [machangwei@mcwk8s-master ~]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mypod 1/1 Running 0 67s 10.244.2.21 mcwk8s-node2 <none> <none>
[machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh #busybox的进入,可以用sh,但是bash进不去。主节点进入和docker进入类似,就是把开头命令换掉
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # ls /etc/foo/
password username
/ # cat /etc/foo/username
mcw/ #
/ # cat /etc/foo/password
123456/ #
[machangwei@mcwk8s-master ~]$ 这里ctrl d退出,没啥影响
将mcwcecret.yml密码的值修改,使用base64编码编码后的值,然后重新用这个文件部署。这样secret修改了,那么使用这个volume的容器内部密码也被修改了。后面的configmap的volume方式也支持动态修改
修改添加自定义容器中存放文件的路径。使用items
[machangwei@mcwk8s-master ~]$ cat mypod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 30000
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
items:
- key: username
path: my-group/my-username
- key: password
path: my-group/my-password
[machangwei@mcwk8s-master ~]$#挂载路径是容器中的路径,逻辑卷中定义的路径是相对路径,放到容器挂载路径下。
[machangwei@mcwk8s-master ~]$#多个文件用items.。逻辑卷定义,起个名字,供容器使用;逻辑卷使用secret,
[machangwei@mcwk8s-master ~]$#使用哪个,就写到secret名字下,用items接收secret里面的data,指定每个data的文件名
[machangwei@mcwk8s-master ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 116s
[machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # ls /etc/foo/
my-group
/ # ls /etc/foo/my-group/
my-password my-username
/ # cat /etc/foo/my-group/my-username
mcw/ #
/ # cat /etc/foo/my-group/my-password
123456/ #
/ #
环境变量方式
[machangwei@mcwk8s-master ~]$ cat mypod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 30000
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
[machangwei@mcwk8s-master ~] #环境变量中设置。容器从环境变量获取密码。环境变量名称是什么,值来自哪里。也就是值来自secret
[machangwei@mcwk8s-master ~] #,定义secretKey来自哪里,即指定secret名称,指定该secret哪个键
[machangwei@mcwk8s-master ~] #来当做这个环境变量。用secret里哪个data信息条目,就添加一个环境变量名称的配置。环境变量的配置和镜像是同级的
[machangwei@mcwk8s-master ~]$ kubectl apply -f mypod.yml
pod/mypod created
[machangwei@mcwk8s-master ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 6m23s
[machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # echo $SECRET_USERNAME
mcw
/ # echo $SECRET_PASSWORD
123456
/ # env
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=mypod
SHLVL=1
HOME=/root
SECRET_PASSWORD=123456
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
SECRET_USERNAME=mcw
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
/ #
configmap创建以及查看
通过--from-literal创建以及查看
[machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfigmap --from-literal=config1=xxx
configmap/mcwconfigmap created
[machangwei@mcwk8s-master ~]$ kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 30d
mcwconfigmap 1 11s
[machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap
Name: mcwconfigmap
Namespace: default
Labels: <none>
Annotations: <none> Data
====
config1:
----
xxx BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$ kubectl edit configmap
Name: mcwconfigmap
Namespace: default
Labels: <none>
Annotations: <none> Data
====
config1:
----
xxx BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$ kubectl edit configmap #下面可以看到config1的值是什么,上面也可以看到config1的值,都在data下
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
items:
- apiVersion: v1
data:
ca.crt: |
-----BEGIN CERTIFICATE-----
MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTIyMDEyMDE1MTkxNloXDTMyMDExODE1MTkxNlowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALty
xsn+7/YJlyNNsNLVUuxUv/jO0ixWwTMOI4MbiLGFUlZBWb97H42RCkobxvviEOIx
7X3bAwZcPDp+E9aAbFM63l2hOa7vlTLONq3xu1GpPNRH0LOPa+fMMMYV0rk2VkRC
t+pLYyhBvWlYS+JQy/0TuMJDKLmdpickcZf7zbiFSFcu4zxT75LS6DSM2KtH1z2D
X7hgYfmn+nhDYFgjylvi1R1W7wdwiKANcGj9u64yOhyFj73bqi9CoGUTVGrjpGBy
DqAStRLK0Li+bryabXPQcSW8PSDgQhX3KrQlFR0XUTZfh9+AxhnOzaBX/cLFcLEq
XEngcnIaIE+qGBpIeMsCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFJeTO0aW15yZ8BPh0CaXuN70zaSGMBUGA1UdEQQO
MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBALhuxZcU/ii/GEu30hr/
7Gu13eoH/YhADHwr5vRFTA/jy3H1pk4kq++MH7ST3ctBunUikQKLnTg717K7BAzS
1jbf8OIJsnTyKqo/K+Gxf1vze2Msm97gfsdtLlpuDbRI8BVteRoKDZX2LhOo/yN/
4C1u7TEXR+Fv/dmhpyV1FqWAtD0NGyGfH3x+WzYJghUVicuNsmqs1oBmWI/WxGrV
SXGF/fXD8tNTS7EvXN3x51dVYb8HyPA6BCqvfEwqcoEWCrACNw6UuqY9YeT4Un9/
naEDzeg2a7xHjSxDrEA6ZQQmx2LiS8IFZ2P/61njUGBesq5X1IisdlKJ2xU4eWgt
rr0=
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
annotations:
kubernetes.io/description: Contains a CA bundle that can be used to verify the
kube-apiserver when using internal endpoints such as the internal service
IP or kubernetes.default.svc. No other usage is guaranteed across distributions
of Kubernetes clusters.
creationTimestamp: "2022-01-20T15:20:08Z"
name: kube-root-ca.crt
namespace: default
resourceVersion: "433"
uid: c1b53c10-9103-4622-9662-3a9da59b057e
- apiVersion: v1
data:
config1: xxx
kind: ConfigMap
metadata:
creationTimestamp: "2022-02-20T12:12:24Z"
name: mcwconfigmap
namespace: default
resourceVersion: "89661"
uid: 6b6164f3-e693-45fa-9063-71ba3d95391b
kind: List
metadata: {}
通过--from-file方式
[machangwei@mcwk8s-master ~]$ echo -n xxx >./config1
[machangwei@mcwk8s-master ~]$ echo -n yyy >./config2
[machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfig2 --from-file=./config1 --from-file=./config2
configmap/mcwconfig2 created
[machangwei@mcwk8s-master ~]$ kubectl get configmap mcwconfig2
NAME DATA AGE
mcwconfig2 2 24s
[machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfig2
Name: mcwconfig2
Namespace: default
Labels: <none>
Annotations: <none> Data
====
config1:
----
xxx
config2:
----
yyy BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$
通过--from-env-file方式
[machangwei@mcwk8s-master ~]$ cat << EOF >env.txt
> config1=xxx
> config2=yyy
> EOF
[machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfigmap3 --from-env-file=env.txt
configmap/mcwconfigmap3 created
[machangwei@mcwk8s-master ~]$ kubectl get configmap mcwconfigmap3
NAME DATA AGE
mcwconfigmap3 2 19s
[machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap3
Name: mcwconfigmap3
Namespace: default
Labels: <none>
Annotations: <none> Data
====
config1:
----
xxx
config2:
----
yyy BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$
通过YAML配置文件
[machangwei@mcwk8s-master ~]$ cat mcwconfig.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: mcwconfigmap4
data:
config1: xxx
config2: yyy
[machangwei@mcwk8s-master ~]$ kubectl apply -f mcwconfig.yml
configmap/mcwconfigmap4 created
[machangwei@mcwk8s-master ~]$ kubectl get configmap mcwconfigmap4
NAME DATA AGE
mcwconfigmap4 2 19s
[machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap4
Name: mcwconfigmap4
Namespace: default
Labels: <none>
Annotations: <none> Data
====
config1:
----
xxx
config2:
----
yyy BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$
在Pod中使用configmap
Volume方式
[machangwei@mcwk8s-master ~]$ cat mcwconfig.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
config1: xxx
config2: yyy
[machangwei@mcwk8s-master ~]$ kubectl apply -f mcwconfig.yml
configmap/myconfigmap created
[machangwei@mcwk8s-master ~]$ kubectl get myconfigmap
error: the server doesn't have a resource type "myconfigmap"
[machangwei@mcwk8s-master ~]$ kubectl get configmap myconfigmap
NAME DATA AGE
myconfigmap 2 32s
[machangwei@mcwk8s-master ~]$ cat configmappod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 30000
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
configMap:
name: myconfigmap
[machangwei@mcwk8s-master ~]$ kubectl apply -f configmappod.yml
pod/mypod created
[machangwei@mcwk8s-master ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 39s
[machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # ls /etc/foo/
config1 config2
/ # cat /etc/foo/config1
xxx/ #
/ # cat /etc/foo/config2
yyy/ #
/ #
[machangwei@mcwk8s-master ~]$
环境变量方式添加配置
[machangwei@mcwk8s-master ~]$ cat configmappod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 30000
env:
- name: CONFIG_1
valueFrom:
configMapKeyRef:
name: myonfigmap
key: config1
- name: CONFIG_2
valueFrom:
configMapKeyRef:
name: myconfigmap
key: config2
[machangwei@mcwk8s-master ~]$#容器配置名称,值来自哪里,来自配置键依据,配置服务名称,使用哪个键。使用环境变量添加配置
[machangwei@mcwk8s-master ~]$ kubectl apply -f configmappod.yml
pod/mypod created
[machangwei@mcwk8s-master ~]$
[machangwei@mcwk8s-master ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 27s
[machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # echo $CONFIG_1
xxx
/ # echo $CONFIG_2
yyy
/ # env
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=mypod
SHLVL=1
HOME=/root
CONFIG_1=xxx
CONFIG_2=yyy
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
/ #
[machangwei@mcwk8s-master ~]$
--from-file方式
一般情况下,配置信息都是以文件形式提供,如下两种方式。
[machangwei@mcwk8s-master ~]$ kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 30d
mcwconfig2 2 107m
mcwconfigmap 1 116m
mcwconfigmap3 2 104m
mcwconfigmap4 2 101m
myconfigmap 2 55m
[machangwei@mcwk8s-master ~]$ kubectl delete configmap mcwconfig2 mcwconfigmap mcwconfigmap3 myconfigmap
configmap "mcwconfig2" deleted
configmap "mcwconfigmap" deleted
configmap "mcwconfigmap3" deleted
configmap "myconfigmap" deleted
[machangwei@mcwk8s-master ~]$ kubectl delete configmap mcwconfigmap4
configmap "mcwconfigmap4" deleted
[machangwei@mcwk8s-master ~]$ kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 30d
machangwei@mcwk8s-master ~]$ cat logging.conf
class: loogging.handlers.RotatingFileHandler
formatter: precise
level: INFO
filename: %hostname-%timestamp.log
[machangwei@mcwk8s-master ~]$ kubectl create configmap mcwconfig1 --from-file=./logging.conf
configmap/mcwconfig1 created
[machangwei@mcwk8s-master ~]$ kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 30d
mcwconfig1 1 11s
[machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfig1
Name: mcwconfig1
Namespace: default
Labels: <none>
Annotations: <none> Data
====
logging.conf: #以配置文件名称作为键,每个键值对都是一个配置文件,应该一个配置服务可以弄多个配置文件
----
class: loogging.handlers.RotatingFileHandler
formatter: precise
level: INFO
filename: %hostname-%timestamp.log BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$
配置文件的方式供pod使用
[machangwei@mcwk8s-master ~]$ vim mcwconfig3.yml
[machangwei@mcwk8s-master ~]$ cat mcwconfig3.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: mcwconfigmap2
data:
logging.conf: |
class: loogging.handlers.RotatingFileHandler
formatter: precise
level: INFO
filename: %hostname-%timestamp.log
[machangwei@mcwk8s-master ~]$ kubectl apply -f mcwconfig3.yml #创建配置服务
configmap/mcwconfigmap2 created
[machangwei@mcwk8s-master ~]$ kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 30d
mcwconfig1 1 5m19s
mcwconfigmap2 1 8s
[machangwei@mcwk8s-master ~]$ kubectl describe configmap mcwconfigmap2
Name: mcwconfigmap2
Namespace: default
Labels: <none>
Annotations: <none> Data
====
logging.conf:
----
class: loogging.handlers.RotatingFileHandler
formatter: precise
level: INFO
filename: %hostname-%timestamp.log BinaryData
==== Events: <none>
[machangwei@mcwk8s-master ~]$ [machangwei@mcwk8s-master ~]$ kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 30d
mcwconfig1 1 16m
mcwconfigmap2 1 11m
[machangwei@mcwk8s-master ~]$ cat mypod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 30000
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
configMap:
name: mcwconfigmap2
items:
- key: logging.conf
path: myapp/logging.cof
[machangwei@mcwk8s-master ~]$ kubectl apply -f mypod.yml
pod/mypod created
[machangwei@mcwk8s-master ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 31s
[machangwei@mcwk8s-master ~]$ kubectl exec -it mypod sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # ls /etc/foo/
myapp
/ # ls /etc/foo/myapp/
logging.cof
/ # cat /etc/foo/myapp/logging.cof
class: loogging.handlers.RotatingFileHandler
formatter: precise
level: INFO
filename: %hostname-%timestamp.log
/ #
[machangwei@mcwk8s-master ~]$
参考书籍:每天5分钟玩转kubenates cloudman
kubernetes之Secret和Configmap的更多相关文章
- kubernetes之secret
Secret解决了密码.token.密钥等敏感数据的配置问题,而不需要把这些敏感数据暴露到镜像或者Pod Spec中.Secret可以以Volume或者环境变量的方式使用. Secret类型: Opa ...
- secret或configmap对象key名称带点,env命令不显示分析
分享一个最近在排查的问题: k8s的 secret 或 configmap 对象,如果 key 名称是带[.]的,比如[a.b.c .db.host]这种名称,注入到POD后,使用env等命令查看不到 ...
- Kubernetes K8S之存储ConfigMap详解
K8S之存储ConfigMap概述与说明,并详解常用ConfigMap示例 主机配置规划 服务器名称(hostname) 系统版本 配置 内网IP 外网IP(模拟) k8s-master CentOS ...
- kubernetes里kube-proxy的ConfigMap误删除处理
由于想要开启ipvs,没想到把cm当成pod删除了....然后就开始了修复之路 ConfigMap介绍 ConfigMap是一种API对象,用来将非加密数据保存到键值对中.可以用作环境变量.命令行参数 ...
- k8s_使用k8s部署博客系统svc、secret、configmap(三)
service service是抽象Pod对外提供服务的地址,将其固化的作用:屏蔽因pod的创删以及扩缩容带来ip变化.service通过自身定义文件的selector的标签配置匹配到需要提供服务的对 ...
- Kubernetes的Secret对象的使用
Secret可以想要访问的加密数据,存放到Etcd中,Pod可以通过的Volume的方式,访问到Secret保存的信息 ,当数据修改的时候,Pod挂载的Secret文件也会被修改 一.创建Secret ...
- kubernetes配置secret拉取私仓镜像
2017.05.10 19:48* 字数 390 阅读 5216评论 0喜欢 8 对于公司内部的项目, 我们不可能使用公有开放的镜像仓库, 一般情况可能会花钱买docker私仓服务, 或者说自己在服务 ...
- Kubernetes中的Configmap和Secret
本文的试验环境为CentOS 7.3,Kubernetes集群为1.11.2,安装步骤参见kubeadm安装kubernetes V1.11.1 集群 应用场景:镜像往往是一个应用的基础,还有很多需要 ...
- Kubernetes 学习13 kubernetes pv pvc configmap 和secret
一.概述 1.我们在pvc申请的时候未必就有现成的pv能正好符合这个pvc在申请中指定的条件,毕竟上一次的成功是我们有意设定了有一些满足有一些不满足的前提下我们成功创建了一个pvc并且被pod绑定所使 ...
- kubernetes Configmap secret的使用
kubernetes configmap 核心作用是让配置信息和镜像解耦,pod可以使用configmap的数据生成配置文件.如果后端的pod配置文件要改变时,只需要更改下configmap里面的数据 ...
随机推荐
- C# Log4net详细说明
1.概述 log4net是.Net下一个非常优秀的开源日志记录组件.log4net记录日志的功能非常强大.它可以将日志分不同的等级,以不同的格式,输出到不同的媒介.本文主要是介绍如何在Visual S ...
- HMS Core分析服务智能运营,“智能时机”上线,轻松提升Push点击
对于运营者来说,消息推送一直是提升用户活跃与转化的重要工具,如何在提升转化的情况下,同时不降低用户的接受程度,这一直是运营不断追求的目标. 好的推送不只在于优质的推送内容,还需要把握合适的时机.在合适 ...
- L1 L2正则化
范数 0范数 \(L_0\)范数表示为向量中非0元素的个数 \[L_0-||x||_0 = x_i, (x_i \not= 0) \] 1范数 向量中元素绝对值的和,也就是\(x\)与0之间的曼哈顿距 ...
- Java进行excel的导入导出操作
excel表格的导出导入在业务中经常会遇到,下面介绍hutool和easyExcel两种操作excel的工具 测试的实体类 通过mybatis-plus生成的,用于导出数据的实体类 @Getter @ ...
- mysql入门操作(部分操作,不为完全格式)
查询数据库在电脑中绝对路径: show variables like '%datadir%'; 设置字符集 set names gbk; 导入数据库 source 绝对路径 eg: source D: ...
- 力扣535(java)-TinyURL的加密与解密(中等)
题目: TinyURL 是一种 URL 简化服务, 比如:当你输入一个 URL https://leetcode.com/problems/design-tinyurl 时,它将返回一个简化的URL ...
- BizWorks助力企业应用的高效开发与复用
简介: BizWorks作为企业级云原生应用数字工作台,能很好地支撑企业数字中台建设.云原生应用开发.企业资产运营管理等场景.本文不会全面介绍BizWorks平台的能力,而是着重介绍BizWorks在 ...
- Serverless在游戏运营行业进行数据采集分析的最佳实践
简介: 这个架构不光适用于游戏运营行业,其实任何大数据采集传输的场景都是适用的,目前也已经有很多客户正在基于Serverless的架构跑在生产环境,或者正走在改造Serverless 架构的路上. 众 ...
- 最佳实践丨三种典型场景下的云上虚拟IDC(私有池)选购指南
简介:业务上云常态化,业务在云上资源的选购.弹性交付.自助化成为大趋势.不同行业的不同客户,业务发展阶段不一样,云上资源的成本投入在业务整体成本占比也不一样,最小化成本投入.最大化业务收益始终是不同 ...
- 基于MaxCompute分布式Python能力的大规模数据科学分析
简介: 如何利用云上分布式 Python 加速数据科学. 如果你熟悉 numpy.pandas 或者 sklearn 这样的数据科学技术栈,同时又受限于平台的计算性能无法处理,本文介绍的 MaxCo ...