8.1 云原生要素-配置分离
杜宽老师k8s课程学习笔记
ConfigMap:存储明文配置
Secret:存储密文,敏感配置,各种密码;
配置更新直接同步容器,热加载,无需重启pod或者容器;镜像和配置分离,可单独修改发布;
8.2 创建ConfigMap的几种形式
01 基于目录去创建configmap
cd /root/configmap;
kubectl create configmap cmfromdir --from-file=conf/;
02 基于文件去创建configmap
kubectl create cm cmfromfile --from-file=conf/redis.con
创建时指定cm名称
kubectl create cm cmspecial --from-file=game-conf-newname=conf/game.con
03 基于环境变量创建cm
kubectl create cm gameenvcm --from-env-file=conf/game.con
pod中可以通过valueFrom,envfrom来引用
04 通过–from-literal创建cm
kubectl create cm envfromliteral --from-literal=level=info --from-literal=passwd=redis123
05 基于yaml文件创建cm
cat cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: game-demo
data:# 类属性键;每一个键都映射到一个简单的值player_initial_lives: "3"ui_properties_file_name: "user-interface.properties"# 类文件键game.properties: |enemy.types=aliens,monstersplayer.maximum-lives=5 user-interface.properties: |color.good=purplecolor.bad=yellowallow.textmode=true
kubectl create -f cm.yaml
8.3 使用valuefrom定义环境变量
configmap的使用:可以用作配置文件,也可用作环境变量;
kubectl create deploy dp-cm --image=nginx --dry-run=client -oyaml >dp-cm.yaml
cd /root/configmap;cat dp-cm.yaml
[root@k8s-master01 configmap]# pwd
/root/configmap
[root@k8s-master01 configmap]# cat dp-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxenv:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives
[root@k8s-master01 configmap]#
kubectl create -f dp-cm.yaml
注意点:deployment与configmap在同一namespace下面;
引用多个cm的key变量,valueFrom主要是配置较少的环境变量时引用,配置较多环境变量时
推荐使用envFrom方式。
[root@k8s-master01 configmap]# cat dp-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxenv:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives- name: test_envvalueFrom:configMapKeyRef:name: gameenvcmkey: test_env
[root@k8s-master01 configmap]#
测试结果
8.4 使用envFrom批量生成环境变量
官网配置参考:配置 Pod 使用 ConfigMap | Kubernetes
cat dp-envfrom-cm.yaml
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginx#cm gameenvcm里的变量全部输出envFrom:- configMapRef:name: gameenvcm env:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives#- name: test_env# valueFrom:# configMapKeyRef:# name: gameenvcm# key: test_env
[root@k8s-master01 configmap]#
kubectl create -f dp-envfrom-cm.yaml
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxenvFrom:- configMapRef:name: gameenvcm prefix: fromCmenv:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives#- name: test_env# valueFrom:# configMapKeyRef:# name: gameenvcm# key: test_env
[root@k8s-master01 configmap]#
kubectl replace -f dp-envfrom-cm.yaml
8.5 以文件的形式挂载ConfigMap
官网步骤参考:ConfigMap | Kubernetes
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: redis-conf-volumesmountPath: /etc/config# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis # name: redisvolumes:- name: redis-conf-volumesconfigMap:name: redis-conf
[root@k8s-master01 configmap]#
kubectl replace -f dp-envfrom-cm.yaml
kubectl edit cm redis-conf
挂载多个volumes实例
测试
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: redis-conf-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis # name: redisvolumes:- name: redis-conf-volumesconfigMap:name: redis-conf- name: cmfromdir-volumesconfigMap:name: cmfromdir
[root@k8s-master01 configmap]#
kubectl replace -f dp-envfrom-cm.yaml
8.6 自定义挂载权限及名称
自定义文件名
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: redis-conf-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis # name: redisvolumes:- name: redis-conf-volumesconfigMap:name: redis-confitems:- key: redis.conpath: redis-conf.bak- name: cmfromdir-volumesconfigMap:name: cmfromdir
[root@k8s-master01 configmap]#
可以按照如下方式修改挂载到pod 容器中的文件名
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: cmfromfile-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis # name: redisvolumes:- name: cmfromfile-volumesconfigMap:name: cmfromfileitems:- key: redis.conpath: redis-conf.new- name: cmfromdir-volumesconfigMap:name: cmfromdir
[root@k8s-master01 configmap]#
修改挂载权限
[root@k8s-master01 configmap]# kubectl get cm cmfromfile -oyaml
apiVersion: v1
data:redis.con: |passwd redis123`
kind: ConfigMap
metadata:creationTimestamp: "2022-11-30T01:56:08Z"managedFields:- apiVersion: v1fieldsType: FieldsV1fieldsV1:f:data:.: {}f:redis.con: {}manager: kubectl-createoperation: Updatetime: "2022-11-30T01:56:08Z"name: cmfromfilenamespace: defaultresourceVersion: "1370377"uid: a85dacd5-1f6f-4c43-baaa-c429c623495b
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: cmfromfile-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis # name: redisvolumes:- name: cmfromfile-volumesconfigMap:name: cmfromfileitems:- key: redis.conpath: redis-conf.newdefaultMode: 0666- name: cmfromdir-volumesconfigMap:name: cmfromdir
您在 /var/spool/mail/root 中有新邮
测试结果
8.7 Secret常用类型
8.8 创建Secret的几种形式
001 –from-file形式创建
kubectl create secret generic db-user-pass \--from-file=/root/secret/username.txt \--from-file=/root/secret/passwd.txt
002 –from-literal形式创建
kubectl create secret generic dev-db-secret --from-literal=username=devuser --from-literal=password='S!B\*d$zDsb='
003 通过yaml文件创建
yaml中写铭文,通过stringdata加密
[root@k8s-master01 secret]# cat secret-stringdata.yaml
apiVersion: v1
kind: Secret
metadata:name: my-secret-stringdata
type: Opaque
stringData:username: admin # kubernetes.io/basic-auth 类型的必需字段password: t0p-Secret # kubernetes.io/basic-auth 类型的必需字段
[root@k8s-master01 secret]#
8.9 使用Secret拉取私有仓库镜像
修改yaml文件配置
8.10 Secret管理HTTPS证书
创建证书
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=test.com"
创建secret
kubectl -n default create secret tls nginx-test-tls --key=tls.key --cert=tls.crt
8.11 使用SubPath解决挂载覆盖
将容器里的nginx.con拷贝出并做如下修改
创建nginx-conf cm
kubectl create cm nginx-conf --from-file=/root/secret/nginx.conf
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: confmountPath: /etc/nginx/nginx.confsubPath: nginx.confvolumes:- name: confconfigMap:name: nginx-conf
[root@k8s-master01 configmap]#
8.12 ConfigMap&Secret热更新
edit修改的cm 服务出现乱码,修改复杂;
解决:通过yaml文件创建的cm,直接vim修改yaml文件,然后replace/apply一下;
通过文件形式创建的cm的热更新;通过yaml文件创建的cm,直接vim修改yaml文件,然后replace/apply一下;
将worker_connections修改为256;改为后如何导入到configmap中呢?
#热更新
[root@k8s-master01 secret]# kubectl create cm nginx-conf --from-file=nginx.conf --dry-run=client -oyaml|kubectl replace -f -
configmap/nginx-conf replaced
[root@k8s-master01 secret]#
8.13 ConfigMap&Secret使用限制