1.configmap
configmap are two special secret and storage volumes, they are not used to provide a pod storage space, but provides the user the administrator or injection information from the outside to the inside pod embodiment.
configmap: the configuration file on the distribution center, distribution center and then read more pod configuration file , however, the configuration information configmap in clear text, so insecure;
secret: function and configmap the same, but the distribution center to store configuration files and not in the clear .configmap secret is exclusively belong to a namespace.
# Use the command line to create ConfigMap kubectl the Create ConfigMap nginx-config-literal = nginx_port the --from the --from-literal = 80 = server_name = myapp.lixiang.com kubectl DESCRIBE cm nginx-config # create a list of ways ConfigMap mkdir ConfigMap && cd ConfigMap CAT www.conf Server { server_name myapp.lixiang.com; the listen 80; the root / Data / Web / HTML; } kubectl ConfigMap Nginx Create File-WWW---from = www.conf # ENV manner with configuration information ConfigMap injected into the pod CAT pod-configmap.yaml apiVersion: V1 kind: Pod Metadata: name:-pod. 1-cm & lt namespace: default Labels: App: MyApp Tier: frontend spec: Containers: # the printenv - name: myapp Image: ikubernetes / myapp: v1 the ports: - name: HTTP containerPort: 80 env: - name: NGINX_SERVER_PORT the valueFrom: # kubectl EXPLAIN pods.spec.containers.env.valueFrom configMapKeyRef: # pledged to get a reference to a configmap data name: nginx-config # configmap name key: nginx_port # by kubectl describe cm nginx-config key - name: NGINX_SERVER_NAME the valueFrom: configMapKeyRef: name: Nginx config- key: server_name kubectl Apply -f POD-configmap.yaml kubectl Exec . 1-POD-cm & lt Expediting IT - / bin / SH NGINX_SERVER_PORT = 80 NGINX_SERVER_NAME = myapp.lixiang.com # modified configmap arranged by edit file, which does not take effect immediately in the Pod, need to restart the pod to take effect kubectl edit-config cm & lt Nginx # way with the storage volume is injected into the pod configmap the CAT-POD configmap2.ymal apiVersion: V1 kind: Pod Metadata: name: POD-2-cm & lt namespace: default Labels: App: MyApp spec: Containers: - name: MyApp Image: ikubernetes / MyApp: V1 the ports: - name: HTTP containerPort: 80 volumeMounts: - name: nginxconf MountPath: /etc/nginx/conf.d/ readOnly: to true Volumes: - name: nginxconf configMap: name: nginx-config kubectl the Apply -f POD-configmap2.ymal # to enter the pod, you can see configmap of key-value pairs exist in the form of a document /etc/nginx/conf.d/ # to www .conf file is injected into the pod CAT pod-configmap3.yaml apiVersion: V1 kind: Pod Metadata: name:-pod. 3-cm & lt namespace: default Labels: App: MyApp spec: Containers: - name: MyApp Image: ikubernetes / MyApp: v1 the ports: - name: HTTP containerPort: 80 volumeMounts: - name: nginxconf MountPath: /etc/nginx/conf.d/ readOnly: to true Volumes: - name: nginxconf configMap: name: WWW-Nginx kubectl Apply -f POD-configmap3.yaml kubectl Exec-cm & lt Expediting IT-POD. 3 - / bin / SH / CD /etc/nginx/conf.d/ # / etc / Nginx / # LS the conf.d www.conf /etc/nginx/conf.d CAT # www.conf Server { server_name myapp.lixiang.com; the listen 80; the root / Data / Web / HTML; } # modify port, pod configuration The same file will change kubectl edit cm nginx-www
2.secret
secret function and configmap the same, but secret distribution center to store configuration files not in the clear, the general password to connect to the database, such as to write in secret in private .
kubectl create secret --help
generic: Save password;
tls: save the private key, certificate;
docker-registry: save docker authentication information, such as when pulling a mirror from a private warehouse docker, use this type, k8s drag mirroring process is kublet.
# If you pull a mirror from a private warehouse on deposit with imagePullSecrets login authentication information kubectl EXPLAIN pods.spec.imagePullSecrets kubectl the Create Secret Docker-Registry LXregsecret --docker-Server = registry.cn-hangzhou.aliyuncs.com \ --docker- = --docker-password = username xxxxxx in email --docker-XX = XX LXregsecret: the name of the specified secret, definable; - docker-email: e-mail address (optional) that the key can only be used in the corresponding namespace, here is the default, and if you need to use in another namespace, you need to specify the namespace when creating Containers: - name: Channel Image: registry-internal.cn-hangzhou.aliyuncs.com/yin32167/channel:dev-1.0 the ports : - containerPort: 8114 imagePullSecrets: - name: LXregsecret # # seems to be so created, bash64 -wo representative 64 transcoding show and does not wrap apiVersion: v1 cat .docker / config.json | base64 -w0 secret.yaml Docker-CAT kind: Secret Metadata: name: registrypullsecret Data: .dockerconfigjson: encryption string type: kubernetes.io/dockerconfigjson # password encrypted content will be in the form of base64 kubectl create secret generic mysql-root- password --from password = 123456 = -literal kubectl DESCRIBE the root-secret password MySQL- kubectl the root-GET-secret password MySQL -o YAML # in base64 decoding echo MTIzNDU2 | base64 -d # secret injected into the pod through the inside env manner cat pod- 1.yaml-Secret apiVersion: V1 kind: Pod Metadata: name: POD-Secret. 1- namespace: default Labels: App: MyApp spec: Containers: - name: MyApp Image: ikubernetes / MyApp: V1 the ports: - name: HTTP containerPort: 80 the env: - name: MYSQL_ROOT_PASSWORD the valueFrom: secretKeyRef: name: MySQL the root-password- Key: password kubectl Apply -f POD-Secret-1.yaml kubectl Secret-pod Expediting IT-Exec. 1 - / bin / SH # the printenv MYSQL_ROOT_PASSWORD = 123456 Secret embodiment can also be used to mount the pod injection
Reference blog: http://blog.itpub.net/28916011/viewspace-2214804/
Deploy nginx + mysql + php application in kubernetes cluster: https://blog.csdn.net/bbwangj/article/details/82954187
kubernetes small classroom: https://k.i4t.com/