1.configmap
configmap are two special secret and storage volumes, they are not used to provide a pod storage space, but provides the user the administrator or injection information from the outside to the inside pod embodiment.
configmap: the configuration file on the distribution center, distribution center and then read more pod configuration file , however, the configuration information configmap in clear text, so insecure;
secret: function and configmap the same, but the distribution center to store configuration files and not in the clear .configmap secret is exclusively belong to a namespace.
# Use the command line to create ConfigMap
kubectl the Create ConfigMap nginx-config-literal = nginx_port the --from the --from-literal = 80 = server_name = myapp.lixiang.com
kubectl DESCRIBE cm nginx-config
# create a list of ways ConfigMap
mkdir ConfigMap && cd ConfigMap
CAT www.conf
Server {
server_name myapp.lixiang.com;
the listen 80;
the root / Data / Web / HTML;
}
kubectl ConfigMap Nginx Create File-WWW---from = www.conf
# ENV manner with configuration information ConfigMap injected into the pod
CAT pod-configmap.yaml
apiVersion: V1
kind: Pod
Metadata:
name:-pod. 1-cm & lt
namespace: default
Labels:
App: MyApp
Tier: frontend
spec:
Containers:
# the printenv
- name: myapp
Image: ikubernetes / myapp: v1
the ports:
- name: HTTP
containerPort: 80
env:
- name: NGINX_SERVER_PORT
the valueFrom: # kubectl EXPLAIN pods.spec.containers.env.valueFrom
configMapKeyRef: # pledged to get a reference to a configmap data
name: nginx-config # configmap name
key: nginx_port # by kubectl describe cm nginx-config key
- name: NGINX_SERVER_NAME
the valueFrom:
configMapKeyRef:
name: Nginx config-
key: server_name
kubectl Apply -f POD-configmap.yaml
kubectl Exec . 1-POD-cm & lt Expediting IT - / bin / SH
NGINX_SERVER_PORT = 80
NGINX_SERVER_NAME = myapp.lixiang.com
# modified configmap arranged by edit file, which does not take effect immediately in the Pod, need to restart the pod to take effect
kubectl edit-config cm & lt Nginx
# way with the storage volume is injected into the pod configmap the
CAT-POD configmap2.ymal
apiVersion: V1
kind: Pod
Metadata:
name: POD-2-cm & lt
namespace: default
Labels:
App: MyApp
spec:
Containers:
- name: MyApp
Image: ikubernetes / MyApp: V1
the ports:
- name: HTTP
containerPort: 80
volumeMounts:
- name: nginxconf
MountPath: /etc/nginx/conf.d/
readOnly: to true
Volumes:
- name: nginxconf
configMap:
name: nginx-config
kubectl the Apply -f POD-configmap2.ymal
# to enter the pod, you can see configmap of key-value pairs exist in the form of a document /etc/nginx/conf.d/
# to www .conf file is injected into the pod
CAT pod-configmap3.yaml
apiVersion: V1
kind: Pod
Metadata:
name:-pod. 3-cm & lt
namespace: default
Labels:
App: MyApp
spec:
Containers:
- name: MyApp
Image: ikubernetes / MyApp: v1
the ports:
- name: HTTP
containerPort: 80
volumeMounts:
- name: nginxconf
MountPath: /etc/nginx/conf.d/
readOnly: to true
Volumes:
- name: nginxconf
configMap:
name: WWW-Nginx
kubectl Apply -f POD-configmap3.yaml
kubectl Exec-cm & lt Expediting IT-POD. 3 - / bin / SH
/ CD /etc/nginx/conf.d/ #
/ etc / Nginx / # LS the conf.d
www.conf
/etc/nginx/conf.d CAT # www.conf
Server {
server_name myapp.lixiang.com;
the listen 80;
the root / Data / Web / HTML;
}
# modify port, pod configuration The same file will change
kubectl edit cm nginx-www
2.secret
secret function and configmap the same, but secret distribution center to store configuration files not in the clear, the general password to connect to the database, such as to write in secret in private .
kubectl create secret --help
generic: Save password;
tls: save the private key, certificate;
docker-registry: save docker authentication information, such as when pulling a mirror from a private warehouse docker, use this type, k8s drag mirroring process is kublet.
# If you pull a mirror from a private warehouse on deposit with imagePullSecrets login authentication information
kubectl EXPLAIN pods.spec.imagePullSecrets
kubectl the Create Secret Docker-Registry LXregsecret --docker-Server = registry.cn-hangzhou.aliyuncs.com \
--docker- = --docker-password = username xxxxxx in email --docker-XX = XX
LXregsecret: the name of the specified secret, definable; - docker-email: e-mail address (optional)
that the key can only be used in the corresponding namespace, here is the default, and if you need to use in another namespace, you need to specify the namespace when creating
Containers:
- name: Channel
Image: registry-internal.cn-hangzhou.aliyuncs.com/yin32167/channel:dev-1.0
the ports :
- containerPort: 8114
imagePullSecrets:
- name: LXregsecret
#
# seems to be so created, bash64 -wo representative 64 transcoding show and does not wrap
apiVersion: v1
cat .docker / config.json | base64 -w0
secret.yaml Docker-CAT
kind: Secret
Metadata:
name: registrypullsecret
Data:
.dockerconfigjson: encryption string
type: kubernetes.io/dockerconfigjson
# password encrypted content will be in the form of base64
kubectl create secret generic mysql-root- password --from password = 123456 = -literal
kubectl DESCRIBE the root-secret password MySQL-
kubectl the root-GET-secret password MySQL -o YAML
# in base64 decoding
echo MTIzNDU2 | base64 -d
# secret injected into the pod through the inside env manner
cat pod- 1.yaml-Secret
apiVersion: V1
kind: Pod
Metadata:
name: POD-Secret. 1-
namespace: default
Labels:
App: MyApp
spec:
Containers:
- name: MyApp
Image: ikubernetes / MyApp: V1
the ports:
- name: HTTP
containerPort: 80
the env:
- name: MYSQL_ROOT_PASSWORD
the valueFrom:
secretKeyRef:
name: MySQL the root-password-
Key: password
kubectl Apply -f POD-Secret-1.yaml
kubectl Secret-pod Expediting IT-Exec. 1 - / bin / SH
# the printenv
MYSQL_ROOT_PASSWORD = 123456
Secret embodiment can also be used to mount the pod injection
Reference blog: http://blog.itpub.net/28916011/viewspace-2214804/
Deploy nginx + mysql + php application in kubernetes cluster: https://blog.csdn.net/bbwangj/article/details/82954187
kubernetes small classroom: https://k.i4t.com/