k8s 的configmap与Secret

命令行指定方式创建

[root@master vml]# kubectl create configmap nginx --from-literal=nginx_port=80 --from-literal=server_name=www.chenxi.com 
configmap/nginx created

　　查看

[root@master vml]# kubectl get configmap
NAME        DATA   AGE
nginx       2      15s
ui-config   1      37d
[root@master vml]# kubectl  describe configmap nginx
Name:         nginx
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
nginx_port:
----
80
server_name:
----
www.chenxi.com
Events:  <none>

　　命令行已指定文件方式创建

[root@master vml]# kubectl create configmap www.nginx.conf --from-file=./www.conf 
configmap/www.nginx.conf created

　　查看

[root@master vml]# kubectl get configmap
NAME             DATA   AGE
nginx            2      35m
ui-config        1      37d
www.nginx.conf   1      2m14s

　　编写pod文件：这个方式不能实时更新 

[root@master vml]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    - name: https 
      containerPort: 443
    env:
    - name: NGINX
      valueFrom:
        configMapKeyRef:
          name:  nginx  
          key: nginx_port
          optional: 

　　启动

[root@master vml]# kubectl apply -f pod.yaml 
pod/pod-demo created
[root@master vml]# kubectl exec -it pod-demo -- /bin/sh
/ # echo $NGINX
80
/ # exit

　　与存储卷的方式挂载

[root@master vml]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod-demo
  namespace: default
  labels:
    app: myapp
    tier: frontend
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    - name: https 
      containerPort: 443
    volumeMounts:
    - name: nginx
      mountPath: /chenxi
      readOnly: true
  volumes: 
  - name: nginx
    configMap: 
      name: www.nginx.conf
[root@master vml]# kubectl exec -it pod-demo -- /bin/sh
/ # ls /chenxi
www.conf
/ # ls /chenxi/www.conf
/chenxi/www.conf
/ # cat /chenxi/www.conf
server {
  server_name www.chenxi.com;
  listen 80;
  root /data/www/html;
}

　　使用edit在线修改configMap内容

[root@master vml]# kubectl edit configMap www.nginx.conf

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  www.conf: |+
    server {
      server_name www.chenxi.com;
      listen 9090;
      root /data/www/html;
    }

kind: ConfigMap
metadata:
  creationTimestamp: "2020-04-27T02:58:24Z"
  name: www.nginx.conf
  namespace: default
  resourceVersion: "8747971"
  selfLink: /api/v1/namespaces/default/configmaps/www.nginx.conf
  uid: 5a958a9e-31f6-453c-9379-42bde7a21200
configmap/www.nginx.conf edited  ---表示修改成功
[root@master vml]# kubectl exec -it pod-demo -- /bin/sh
/ # cat /chenxi/www.conf  会有一定延迟
server {
  server_name www.chenxi.com;
  listen 80;
  root /data/www/html;
}

/ # cat /chenxi/www.conf 再次查看
server {
  server_name www.chenxi.com;
  listen 9090;  修改成功
  root /data/www/html;
}

　　如果存在多个文件如何只挂在一个文件

[root@master vml]# kubectl explain pods.spec.volumes.configMap.
KIND:     Pod
VERSION:  v1

RESOURCE: configMap <Object>

DESCRIPTION:
     ConfigMap represents a configMap that should populate this volume

     Adapts a ConfigMap into a volume. The contents of the target ConfigMap's
     Data field will be presented in a volume as files using the keys in the
     Data field as the file names, unless the items element is populated with
     specific mappings of keys to paths. ConfigMap volumes support ownership
     management and SELinux relabeling.

FIELDS:
   defaultMode	<integer>
     Optional: mode bits to use on created files by default. Must be a value
     between 0 and 0777. Defaults to 0644. Directories within the path are not
     affected by this setting. This might be in conflict with other options that
     affect the file mode, like fsGroup, and the result can be other mode bits
     set.

   items	<[]Object>  ---给定指定挂载的文件列表
     If unspecified, each key-value pair in the Data field of the referenced
     ConfigMap will be projected into the volume as a file whose name is the key
     and content is the value. If specified, the listed keys will be projected
     into the specified paths, and unlisted keys will not be present. If a key
     is specified which is not present in the ConfigMap, the volume setup will
     error unless it is marked optional. Paths must be relative and may not
     contain the '..' path or start with '..'.

   name	<string>
     Name of the referent. More info:
     https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

   optional	<boolean>
     Specify whether the ConfigMap or its keys must be defined

　　secret 投射数据卷的介绍

[root@master vml]# kubectl create secret --help
Create a secret using specified subcommand.

Available Commands:
  docker-registry 创建一个给 Docker registry 使用的 secret
  generic         从本地 file, directory 或者 literal value 创建一个 secret
  tls             创建一个 TLS secret

Usage:
  kubectl create secret [flags] [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands)