kubernetes configMap secret

配置容器化应用的方式

• 自定义命令行参数
• 把配置文件直接焙进镜像
• 环境变量
  • cloud native的应用程序一般可直接通过环境变量加载配置
  • 通过entrypoint脚本来预处理变量
• 存储卷

configMap(配置中心)

pod从configMap中读取配置关联到pod

创建configMap

kubectl create configmap nginx-config --from-literal=nginx_port=80 --from-literal=server_name=myapp.wuxingge.com

查看

kubectl get configmaps

kubectl describe configmaps nginx-config

cat www.conf

server {
	server_name myapp.wuxingge.com;
	listen 80;
	root /data/web/html/;
}

kubectl create configmap nginx-www --from-file=./www.conf

编辑

kubectl edit configmaps nginx-www

pod-configmap.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    wuxingge.com/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    env:
    - name: NGINX_SERVER_PORT
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: nginx_port
    - name: NGINX_SERVER_NAME
      valueFrom:
        configMapKeyRef:
          name: nginx-config
          key: server_name

pod-configmap-2.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-2
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    wuxingge.com/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginxconf
      mountPath: /etc/nginx/config.d/
      readOnly: true
  volumes:
  - name: nginxconf
    configMap:
      name: nginx-config

pod-configmap-3.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod-cm-3
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    wuxingge.com/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    volumeMounts:
    - name: nginxconf
      mountPath: /etc/nginx/conf.d/
      readOnly: true
  volumes:
  - name: nginxconf
    configMap:
      name: nginx-www

secret

创建secret

kubectl create secret generic mysql-root-password --from-literal=password=MyP@ss123

查看

kubectl get secrets mysql-root-password -o yaml

apiVersion: v1
data:
  password: TXlQQHNzMTIz
kind: Secret
metadata:
  creationTimestamp: "2019-11-30T08:26:57Z"
  name: mysql-root-password
  namespace: default
  resourceVersion: "711777"
  selfLink: /api/v1/namespaces/default/secrets/mysql-root-password
  uid: 2c259780-134b-11ea-a76c-000c29b4d624
type: Opaque

echo TXlQQHNzMTIz |base64 -d
MyP@ss123

pod-secret-1.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod-secret-1
  namespace: default
  labels:
    app: myapp
    tier: frontend
  annotations:
    wuxingge.com/created-by: "cluster admin"
spec:
  containers:
  - name: myapp
    image: ikubernetes/myapp:v1
    ports:
    - name: http
      containerPort: 80
    env:
    - name: MYSQL_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysql-root-password
          key: password