k8s之数据存储-配置存储
- 2021 年 8 月 19 日
- 筆記
- Kubernetes, Linux学习
ConfigMap
configmap是一种比较特殊的存储卷,它的主要作用是用来存储配置信息的
创建configmap.yaml,内容如下
apiVersion: v1 kind: ConfigMap metadata: name: configmap namespace: dev data: info: username:admin password:123456
接下来,使用此配置文件创建configmap
[root@master ~]# vim configmap.yaml [root@master ~]# kubectl create -f configmap.yaml configmap/configmap created
[root@master ~]# kubectl describe cm configmap -n dev Name: configmap Namespace: dev Labels: <none> Annotations: <none> Data ==== info: ---- username:admin password:123456 Events: <none>
接下来创建一个pod-configmap.yaml,将上面创建的configmap挂载进去
apiVersion: v1 kind: Pod metadata: name: pod-configmap namespace: dev spec: containers: - name: nginx image: nginx:1.17.1 volumeMounts: - name: config mountPath: /configmap/config volumes: - name: config configMap: name: configmap
使用配置文件
[root@master ~]# vim pod-configmap.yaml [root@master ~]# kubectl create -f pod-configmap.yaml pod/pod-configmap created [root@master ~]# kubectl get pod pod-configmap -n dev NAME READY STATUS RESTARTS AGE pod-configmap 1/1 Running 0 32s
进入容器,可以看见映射已经成功,每个configmap都映射成了一个目录
[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh # cd /configmap/config # ls info # more info username:admin password:123456
# exit
编辑configmap,将password改为123456789
[root@master ~]# kubectl edit cm configmap -n dev # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: info: username:admin password:123456789 kind: ConfigMap metadata: creationTimestamp: "2021-08-18T03:58:59Z" name: configmap namespace: dev resourceVersion: "171455" selfLink: /api/v1/namespaces/dev/configmaps/configmap uid: 46f41475-b95b-4477-9221-50054d6a5ea2
再次查看info文件
[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh # more /configmap/config/info username:admin password:123456789
Secret
在k8s中,还存在一种和ConfigMap非常类似的对象,成为Secret对象。它主要用于存储敏感信息,例如密码,密钥,证书等等。
首先使用base64对数据进行编码
[root@master ~]# echo -n 'admin' | base64 YWRtaW4= [root@master ~]# echo -n '123456' | base64 MTIzNDU2
接下来编写secret.yaml,并创建secret
apiVersion: v1 kind: Secret metadata: name: secret namespace: dev type: Opaque data: username: YWRtaW4= password: MTIzNDU2
使用配置文件
[root@master ~]# vim secret.yaml [root@master ~]# kubectl create -f secret.yaml secret/secret created [root@master ~]# kubectl describe secret/secret -n dev Name: secret Namespace: dev Labels: <none> Annotations: <none> Type: Opaque Data ==== password: 6 bytes username: 5 bytes
创建pod-secret.yaml,将上面的secret挂载进去
apiVersion: v1 kind: Pod metadata: name: pod-secret namespace: dev spec: containers: - name: nginx image: nginx:1.17.1 volumeMounts: - name: config mountPath: /secret/config volumes: - name: config secret: secretName: secret
使用配置文件
[root@master ~]# vim pod-secret.yaml [root@master ~]# kubectl create -f pod-secret.yaml pod/pod-secret created
#查看secret信息,发现已经自动解码了 [root@master ~]# kubectl exec -it pod-secret -n dev /bin/sh # cd /secret/config # ls password username # more username admin # more password 123456
至此,已经实现了利用secret实现信息的编码