Kubernetes 配置管理 ComfiMap&Secret

Source

一、创建configmap的几种方式
1.1、使用目录创建configmap

[root@kubernetes-master config]# kubectl create cm nginx-conf --from-file=../config/
configmap/nginx-conf created
说明：如果config目录中有多个文件，会将多个文件全部创建为configmap

1.2、查看创建后的结果

[root@kubernetes-master config]# kubectl get cm
NAME                   DATA   AGE
elastic-certificates   1      145d
istio-ca-root-cert     1      172d
kube-root-ca.crt       1      178d
nginx-conf             2      36s

1.3、查看创建后的文件信息

[root@kubernetes-master config]# kubectl describe cm nginx-conf
Name:         nginx-conf
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
nginx.conf:      # 第一个配置文件
----
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

nginx1.conf:     #第二个nginx配置文件
----
upstream web_ken {
    server 192.168.122.231:9020;
    #server 192.168.122.155:32331;
}
upstream open_ken {
   server 192.168.122.231:9060;
   #server 192.168.122.155:30278;
}
server {
    listen 8800;
    server_name  localhost;
    lua_need_request_body on;
    set $req_headers "";
    set $req_body "";
    set $resp_body "";
    set $con_type "";
    #拦截preview前缀的路径到pdfjs插件目录，该目录主要用于pdf显示
    location ^~/preview/ {
        root /usr/local/openresty/nginx/www/pdf_view;
    }
    location ^~/hc/app/upload/ {
        #移除请求的api二级目录
        rewrite ^/hc/app/upload/(.*)$ /hc/common/upload/app break;
        proxy_set_header X-Real-IP $remote_addr;
            #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_pass http://commonstream;
    }
}

2、使用单个文件创建

[root@kubernetes-master config]# kubectl create cm nginx-conf --from-file=../config/nginx.conf 
configmap/nginx-conf created

2.1、查看是否创建成功

[root@kubernetes-master config]# kubectl get cm
NAME                   DATA   AGE
elastic-certificates   1      145d
istio-ca-root-cert     1      172d
kube-root-ca.crt       1      178d
nginx-conf             1      5s

2.2、查看创建后的文件

[root@kubernetes-master config]# kubectl describe cm nginx-conf
Name:         nginx-conf
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
nginx.conf:
----
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

BinaryData
====
Events:  <none>

3、创建自定义名称configmap

[root@kubernetes-master config]# kubectl create cm cmspecialname --from-file=nginx2=nginx.conf 
configmap/cmspecialname created
说明：nginx2为自定义名称

3.1、查看创建结果

[root@kubernetes-master config]# kubectl describe cm cmspecialname
Name:         cmspecialname
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
nginx2:     # 已变更为自定义名称nginx2
----
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

二、挂载创建后的configmap
2.1、使用如下yaml文件挂载configmap

[root@kubernetes-master nginx_test]# cat nginx_deployment.yaml.bak 
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
        resources:
          requests:
            cpu: "50m"
            memory: "30Mi"
          limits:
            cpu: "50m"
            memory: "30Mi"
        volumeMounts:
        - name: local-time
          mountPath: /etc/localtime
        - name: nginx-conf
          mountPath: /etc/nginx/conf.d/nginx.conf  #容器挂载目录
          subPath: nginx.conf  # 挂载后的子文件（单个文件）
      volumes:
      - name: local-time
        hostPath:
          path: /usr/share/zoneinfo/Asia/Shanghai
      - name: nginx-conf
        configMap:
          name: nginx-conf   # configmap名称

三、创建secret几种方式
3.1、命令行创建

[root@kubernetes-master secret]# kubectl create secret generic db-user-pass \
> --from-file=./username.txt \
> --from-file=./password.txt 
secret/db-user-pass created

3.2、查看创建结果

[root@kubernetes-master secret]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
db-user-pass          Opaque                                2      15s

3.3、查看secret文件内容

[root@kubernetes-master secret]# kubectl get secret db-user-pass -o yaml
apiVersion: v1
data:
  password.txt: c2ZzYWZzM3JmZmFzZncxMg==   # 使用base64加密
  username.txt: YWRtaW4=    # 使用base64加密
kind: Secret
metadata:
  creationTimestamp: "2022-12-19T14:38:22Z"
  name: db-user-pass
  namespace: default
  resourceVersion: "46050247"
  uid: 25b1b334-c02f-4ffd-be3d-6f083828a10e
type: Opaque

3.4、使用secret创建私有仓库密钥信息

[root@kubernetes-master secret]#   kubectl create secret docker-registry aliyunharbor --docker-username=ljx --docker-password=123.com --docker-email=ljx@harbor.com --docker-server=www.hcharbor.com

3.5、查看创建结果

[root@kubernetes-master secret]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
aliyunharbor          kubernetes.io/dockerconfigjson        1      10s