k8s之数据存储-配置存储

ConfigMap

configmap是一种比较特殊的存储卷,它的主要作用是用来存储配置信息的

创建configmap.yaml,内容如下

apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap
  namespace: dev
data:
  info:
    username:admin
    password:123456

 接下来,使用此配置文件创建configmap

[root@master ~]# vim configmap.yaml
[root@master ~]# kubectl create -f configmap.yaml
configmap/configmap created
[root@master
~]# kubectl describe cm configmap -n dev Name: configmap Namespace: dev Labels: <none> Annotations: <none> Data ==== info: ---- username:admin password:123456 Events: <none>

接下来创建一个pod-configmap.yaml,将上面创建的configmap挂载进去

apiVersion: v1
kind: Pod
metadata:
  name: pod-configmap
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    volumeMounts: 
    - name: config
      mountPath: /configmap/config
  volumes:
  - name: config
    configMap: 
      name: configmap

使用配置文件

[root@master ~]# vim pod-configmap.yaml
[root@master ~]# kubectl create -f pod-configmap.yaml 
pod/pod-configmap created
[root@master ~]# kubectl get pod pod-configmap -n dev
NAME            READY   STATUS    RESTARTS   AGE
pod-configmap   1/1     Running   0          32s

进入容器,可以看见映射已经成功,每个configmap都映射成了一个目录

[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# cd /configmap/config
# ls
info
# more info
username:admin password:123456
# exit

编辑configmap,将password改为123456789

[root@master ~]# kubectl edit cm configmap -n dev
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  info: username:admin password:123456789
kind: ConfigMap
metadata:
  creationTimestamp: "2021-08-18T03:58:59Z"
  name: configmap
  namespace: dev
  resourceVersion: "171455"
  selfLink: /api/v1/namespaces/dev/configmaps/configmap
  uid: 46f41475-b95b-4477-9221-50054d6a5ea2

再次查看info文件

[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# more /configmap/config/info
username:admin password:123456789

Secret

在k8s中,还存在一种和ConfigMap非常类似的对象,成为Secret对象。它主要用于存储敏感信息,例如密码,密钥,证书等等。

首先使用base64对数据进行编码

[root@master ~]# echo -n 'admin' | base64
YWRtaW4=
[root@master ~]# echo -n '123456' | base64
MTIzNDU2

接下来编写secret.yaml,并创建secret

apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: dev
type: Opaque
data: 
  username: YWRtaW4=
  password: MTIzNDU2

使用配置文件

[root@master ~]# vim secret.yaml
[root@master ~]# kubectl create -f secret.yaml 
secret/secret created
[root@master ~]# kubectl describe secret/secret -n dev
Name:         secret
Namespace:    dev
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:  6 bytes
username:  5 bytes

创建pod-secret.yaml,将上面的secret挂载进去

apiVersion: v1
kind: Pod
metadata:
  name: pod-secret
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    volumeMounts: 
    - name: config
      mountPath: /secret/config
  volumes:
  - name: config
    secret: 
      secretName: secret

使用配置文件

[root@master ~]# vim pod-secret.yaml
[root@master ~]# kubectl create -f pod-secret.yaml 
pod/pod-secret created

#查看secret信息,发现已经自动解码了 [root@master
~]# kubectl exec -it pod-secret -n dev /bin/sh # cd /secret/config # ls password username # more username admin # more password 123456

至此,已经实现了利用secret实现信息的编码