ConfigMap

configmap是一種比較特殊的儲存卷,它的主要作用是用來儲存配置資訊的

建立configmap.yaml,內容如下

apiVersion: v1
kind: ConfigMap
metadata:
name: configmap
namespace: dev
data:
info:
username:admin
password:123456

接下來,使用此配置檔案建立configmap

[root@master ~]# vim configmap.yaml
[root@master ~]# kubectl create -f configmap.yaml
configmap/configmap created

[root@master ~]# kubectl describe cm configmap -n dev
Name: configmap
Namespace: dev
Labels: <none>
Annotations: <none> Data
====
info:
----
username:admin password:123456
Events: <none>

接下來建立一個pod-configmap.yaml,將上面建立的configmap掛載進去

apiVersion: v1
kind: Pod
metadata:
name: pod-configmap
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
volumeMounts:
- name: config
mountPath: /configmap/config
volumes:
- name: config
configMap:
name: configmap

使用配置檔案

[root@master ~]# vim pod-configmap.yaml
[root@master ~]# kubectl create -f pod-configmap.yaml
pod/pod-configmap created
[root@master ~]# kubectl get pod pod-configmap -n dev
NAME READY STATUS RESTARTS AGE
pod-configmap 1/1 Running 0 32s

進入容器,可以看見對映已經成功,每個configmap都對映成了一個目錄

[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# cd /configmap/config
# ls
info
# more info
username:admin password:123456
# exit

編輯configmap,將password改為123456789

[root@master ~]# kubectl edit cm configmap -n dev
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
info: username:admin password:123456789
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-18T03:58:59Z"
name: configmap
namespace: dev
resourceVersion: "171455"
selfLink: /api/v1/namespaces/dev/configmaps/configmap
uid: 46f41475-b95b-4477-9221-50054d6a5ea2

再次檢視info檔案

[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# more /configmap/config/info
username:admin password:123456789

Secret

在k8s中,還存在一種和ConfigMap非常類似的物件,成為Secret物件。它主要用於儲存敏感資訊,例如密碼,金鑰,證書等等。

首先使用base64對資料進行編碼

[root@master ~]# echo -n 'admin' | base64
YWRtaW4=
[root@master ~]# echo -n '123456' | base64
MTIzNDU2

接下來編寫secret.yaml,並建立secret

apiVersion: v1
kind: Secret
metadata:
name: secret
namespace: dev
type: Opaque
data:
username: YWRtaW4=
password: MTIzNDU2

使用配置檔案

[root@master ~]# vim secret.yaml
[root@master ~]# kubectl create -f secret.yaml
secret/secret created
[root@master ~]# kubectl describe secret/secret -n dev
Name: secret
Namespace: dev
Labels: <none>
Annotations: <none> Type: Opaque Data
====
password: 6 bytes
username: 5 bytes

建立pod-secret.yaml,將上面的secret掛載進去

apiVersion: v1
kind: Pod
metadata:
name: pod-secret
namespace: dev
spec:
containers:
- name: nginx
image: nginx:1.17.1
volumeMounts:
- name: config
mountPath: /secret/config
volumes:
- name: config
secret:
secretName: secret

使用配置檔案

[root@master ~]# vim pod-secret.yaml
[root@master ~]# kubectl create -f pod-secret.yaml
pod/pod-secret created

#檢視secret資訊,發現已經自動解碼了
[root@master ~]# kubectl exec -it pod-secret -n dev /bin/sh
# cd /secret/config
# ls
password username
# more username
admin
# more password
123456

至此,已經實現了利用secret實現資訊的編碼