Secret
作用:加密数据存在etcd里面,让pod容器以变量或挂载Volume方式进行访问
场景:凭证
1.创建secret加密数据
apiVersion: v1
kind: Secret
metadate:
name: mysecret
type: Opaque
data:
username: xxx
password: xxx
kubectl create -f secret.yaml
kubectl get secret
base64编码:echo -n ‘admin’ | base64
2.以变量形式挂载到pod容器中
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
kubectl apply -f secret-env.yaml
kubectl get pods
kubectl exec -it pod-name /bin/bash # 进入pod中查看定义的变量是否生效
echo $SECRET_USERNAME
echo $SECRET_PASSWORD
3.以数据卷的方式挂载到pod中
- name: nginx
image: nginx
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
kubectl apply -f secret-vol.yaml
kubectl get pods
kubectl exec -it pod-name /bin/bash
ls /etc/foo
cat /etc/foo/username
cat /etc/foo/password
ConfigMap
作用:存储不加密数据到etcd,让Pod以变量或者挂载Volume的方式访问
场景:配置文件
1.创建配置文件
vi redis.properties
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
2.创建configmap
kubectl create configmap redis-config —from-file=redis.properties
kubectl get cm
kubectl describe cm redis-config # 查看configmap的详细内容
3.以Volume挂载到pod中
vi mypod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh", "-c","cat /etc/config/redis.properties"]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: redis-config
restartPolicy: Never
kubectl apply -f cm.yaml
kubectl get pods # 状态为completed
kubectl logs mypod # 查看为redis.properties内容
4.以变量形式挂载到pod容器中
1) 创建yaml,声明变量信息 configmap创建
vi myconfig.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
namespace: default
data:
special.level: info
special.type: hello
kubectl apply -f myconfig.yaml
kubectl get cm
2) 以变量挂载
vi config-var.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh", "-c","echo $(LEVEL) $(TYPE)"]
env:
- name: LEVEL
valueFrom:
configMapKeyRef:
name: myconfig
key: special.level
- name: LEVEL
valueFrom:
configMapKeyRef:
name: myconfig
key: special.type
restartPolicy: Never
kubectl apply -f config-var.yaml
kubectl get pods
kubectl logs mypod