内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档介绍Kubernetes ConfigMap和Secret的创建和使用方法。
风哥提示:
Part01-ConfigMap管理
1.1 创建ConfigMap
[root@k8s-master ~]# kubectl create configmap fgedu-config \
–from-literal=APP_NAME=fgedu-web \
–from-literal=APP_ENV=production \
–from-literal=APP_PORT=8080
configmap/fgedu-config created
# 查看ConfigMap
[root@k8s-master ~]# kubectl get configmap fgedu-config
NAME DATA AGE
fgedu-config 3 10s
# 查看ConfigMap详情
[root@k8s-master ~]# kubectl describe configmap fgedu-config
Name: fgedu-config
Namespace: default
Labels:
Annotations:
Data
====
APP_ENV:
—-
production
APP_NAME:
—-
fgedu-web
APP_PORT:
—-
8080
BinaryData
====
Events:
# 从文件创建ConfigMap
[root@k8s-master ~]# cat > nginx.conf << 'EOF'
server {
更多学习教程公众号风哥教程itpux_com listen 80;
server_name fgedu.net.cn;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
EOF
[root@k8s-master ~]# kubectl create configmap nginx-config --from-file=nginx.conf
configmap/nginx-config created
# 从目录创建ConfigMap
[root@k8s-master ~]# mkdir -p config
[root@k8s-master ~]# echo "key1=value1" > config/app.conf
[root@k8s-master ~]# echo “key2=value2” > config/db.conf
[root@k8s-master ~]# kubectl create configmap app-config –from-file=config/
configmap/app-config created
# 使用YAML创建ConfigMap
[root@k8s-master ~]# cat > fgedu-configmap.yaml << 'EOF'
apiVersion: v1
kind: ConfigMap
metadata:
name: fgedu-app-config
data:
APP_NAME: fgedu-web
APP_ENV: production
APP_DEBUG: "false"
DB_HOST: mysql-service
DB_PORT: "3306"
DB_NAME: fgedudb
redis.conf: |
bind 0.0.0.0
port 6379
maxmemory 256mb
maxmemory-policy allkeys-lru
EOF
[root@k8s-master ~]# kubectl apply -f fgedu-configmap.yaml
configmap/fgedu-app-config created
Part02-ConfigMap使用
2.1 在Pod中使用ConfigMap
[root@k8s-master ~]# cat > fgedu-pod-env.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: fgedu-app spec: containers: - name: app image: nginx:1.25 envFrom: - configMapRef: name: fgedu-app-config env: - name: APP_VERSION value: "1.0.0" EOF [root@k8s-master ~]# kubectl apply -f fgedu-pod-env.yaml pod/fgedu-app created # 验证环境变量 [root@k8s-master ~]# kubectl exec fgedu-app -- env | grep APP APP_NAME=fgedu-web APP_ENV=production APP_DEBUG=false APP_VERSION=1.0.0 # 作为配置文件挂载 [root@k8s-master ~]# cat > fgedu-pod-volume.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: fgedu-nginx spec: containers: - name: nginx image: nginx:1.25 volumeMounts: - name: config mountPath: /etc/nginx/conf.d volumes: - name: config configMap: name: nginx-config EOF [root@k8s-master ~]# kubectl apply -f fgedu-pod-volume.yaml pod/fgedu-nginx created
Part03-Secret管理
3.1 创建Secret
[root@k8s-master ~]# kubectl create secret generic fgedu-secret \
–from-literal=username=admin \
–from-literal=password=admin123
secret/fgedu-secret created
# 查看Secret
[root@k8s-master ~]# kubectl get secret fgedu-secret
NAME TYPE DATA AGE
fgedu-secret Opaque 2 10s
# 查看Secret详情(Base64编码)
[root@k8s-master ~]# kubectl describe secret fgedu-secret
Name: fgedu-secret
Namespace: default
Labels:
Annotations:
Type: Opaque
Data
====
password: 8 bytes
username: 5 bytes
# 解码Secret
[root@k8s-from PG视频:www.itpux.commaster ~]# kubectl get secret fgedu-secret -o jsonpath='{.data.password}’ | base64 -d
admin123
# 使用YAML创建Secret
[root@k8s-master ~]# echo -n ‘admin’ | base64
YWRtaW4=
[root@k8s-master ~]# echo -n ‘admin123’ | base64
YWRtaW4xMjM=
[root@k8s-master ~]# cat > fgedu-secret.yaml << 'EOF' apiVersion: v1 kind: Secret metadata: name: fgedu-db-secret type: Opaque data: DB_USER: ZmdlZHU= DB_PASSWORD: ZmdlZHViMTIz DB_ROOT_PASSWORD: cm9vdDEyMw== EOF [root@k8s-master ~]# kubectl apply -f fgedu-secret.yaml secret/fgedu-db-secret created # 创建TLS Secret [root@k8s-master ~]# kubectl create secret tls fgedu-tls \ --cert=/path/to/cert.pem \ --key=/path/to/key.pem secret/fgedu-tls created # 创建docker-registry Secret [root@k8s-master ~]# kubectl create secret docker-registry fgedu-registry \ --d学习交流加群风哥微信: itpux-comocker-server=registry.fgedu.net.cn \ --docker-username=admin \ --docker-password=admin123 \ --docker-email=admin@fgedu.net.cn secret/fgedu-registry created
Part04-Secret使用
4.1 在Pod中使用Secret
[root@k8s-master ~]# cat > fgedu-pod-secret.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: fgedu-db spec: containers: - name: mysql image: mysql:8.0 envFrom: - secretRef: name: fgedu-db-secret env: - name: MYSQL_DATABASE value: fgedudb EOF [root@k8s-master ~]# kubectl apply -f fgedu-pod-secret.yaml pod/fgedu-db created # 作为文件挂载 [root@k8s-master ~]# cat > fgedu-pod-secret-volume.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: fgedu-app-secret spec: containers: - name: app image: nginx:1.25 volumeMounts: - name: secret mountPath: /etc/secrets readOnly: true volumes: - name: secret secret: secretName: fgedu-secret EOF [root@k8s-master ~]# kubectl apply -f fgedu-pod-secret-volume.yaml pod/fgedu-app-secret created # 使用imagePullSecrets [root@k8s-master ~]# cat > fgedu-pod-registry.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: fgedu-private-app spec: imagePullSecrets: - name: fgedu-registry containers: - name: app image: registry.fgedu.net.cn/fgedu/app:v1.0 EOF
- 使用ConfigMap存储非敏感配置
- 使用Secret存储敏感信息
- 启用Secret加密存储
- 配置RBAC访问控制
- 定期轮换Secret
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
