8.1 云原生要素-配置分离

杜宽老师k8s课程学习笔记

 

 ConfigMap：存储明文配置

Secret:存储密文，敏感配置，各种密码；

配置更新直接同步容器，热加载，无需重启pod或者容器；镜像和配置分离，可单独修改发布；

 

 8.2 创建ConfigMap的几种形式

01 基于目录去创建configmap

cd /root/configmap;
kubectl create  configmap  cmfromdir --from-file=conf/;

 

 02 基于文件去创建configmap

kubectl create  cm cmfromfile --from-file=conf/redis.con 

 创建时指定cm名称

kubectl create  cm cmspecial --from-file=game-conf-newname=conf/game.con

03  基于环境变量创建cm

kubectl create  cm gameenvcm --from-env-file=conf/game.con

 pod中可以通过valueFrom，envfrom来引用

 04 通过–from-literal创建cm

kubectl create  cm envfromliteral  --from-literal=level=info --from-literal=passwd=redis123

 05 基于yaml文件创建cm

cat cm.yaml

apiVersion: v1
kind: ConfigMap
metadata:name: game-demo
data:# 类属性键；每一个键都映射到一个简单的值player_initial_lives: "3"ui_properties_file_name: "user-interface.properties"# 类文件键game.properties: |enemy.types=aliens,monstersplayer.maximum-lives=5    user-interface.properties: |color.good=purplecolor.bad=yellowallow.textmode=true    

 kubectl create  -f cm.yaml 

8.3 使用valuefrom定义环境变量

configmap的使用：可以用作配置文件，也可用作环境变量；

 kubectl create deploy dp-cm --image=nginx  --dry-run=client  -oyaml >dp-cm.yaml

 cd /root/configmap;cat dp-cm.yaml 

[root@k8s-master01 configmap]# pwd
/root/configmap
[root@k8s-master01 configmap]# cat dp-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxenv:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives
[root@k8s-master01 configmap]# 

kubectl create  -f dp-cm.yaml

注意点：deployment与configmap在同一namespace下面；

 

 

 

 引用多个cm的key变量，valueFrom主要是配置较少的环境变量时引用，配置较多环境变量时

推荐使用envFrom方式。

[root@k8s-master01 configmap]# cat dp-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxenv:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives- name: test_envvalueFrom:configMapKeyRef:name: gameenvcmkey: test_env
[root@k8s-master01 configmap]# 

测试结果

8.4 使用envFrom批量生成环境变量

官网配置参考：配置 Pod 使用 ConfigMap | Kubernetes

cat dp-envfrom-cm.yaml

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginx#cm gameenvcm里的变量全部输出envFrom:- configMapRef:name: gameenvcm env:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives#- name: test_env#  valueFrom:#    configMapKeyRef:#     name: gameenvcm#      key: test_env
[root@k8s-master01 configmap]# 

kubectl create  -f dp-envfrom-cm.yaml 

 

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxenvFrom:- configMapRef:name: gameenvcm prefix: fromCmenv:- name: TEST_ENVvalue: testenv- name: LIVESvalueFrom:configMapKeyRef:name: gameenvcmkey: lives#- name: test_env#  valueFrom:#    configMapKeyRef:#     name: gameenvcm#      key: test_env
[root@k8s-master01 configmap]# 

kubectl replace -f   dp-envfrom-cm.yaml 

 

8.5 以文件的形式挂载ConfigMap

官网步骤参考：ConfigMap | Kubernetes

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: redis-conf-volumesmountPath: /etc/config# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis #   name: redisvolumes:- name: redis-conf-volumesconfigMap:name: redis-conf
[root@k8s-master01 configmap]# 

kubectl replace  -f dp-envfrom-cm.yaml 

 kubectl edit  cm redis-conf

挂载多个volumes实例

测试

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: redis-conf-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis #   name: redisvolumes:- name: redis-conf-volumesconfigMap:name: redis-conf- name: cmfromdir-volumesconfigMap:name: cmfromdir 
[root@k8s-master01 configmap]# 

kubectl replace   -f dp-envfrom-cm.yaml

 

 

 8.6 自定义挂载权限及名称

自定义文件名

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: redis-conf-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis #   name: redisvolumes:- name: redis-conf-volumesconfigMap:name: redis-confitems:- key: redis.conpath: redis-conf.bak- name: cmfromdir-volumesconfigMap:name: cmfromdir 
[root@k8s-master01 configmap]# 

 

 

可以按照如下方式修改挂载到pod 容器中的文件名

     

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: cmfromfile-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis #   name: redisvolumes:- name: cmfromfile-volumesconfigMap:name: cmfromfileitems:- key: redis.conpath: redis-conf.new- name: cmfromdir-volumesconfigMap:name: cmfromdir 
[root@k8s-master01 configmap]# 

 修改挂载权限

[root@k8s-master01 configmap]# kubectl get cm  cmfromfile -oyaml 
apiVersion: v1
data:redis.con: |passwd redis123`
kind: ConfigMap
metadata:creationTimestamp: "2022-11-30T01:56:08Z"managedFields:- apiVersion: v1fieldsType: FieldsV1fieldsV1:f:data:.: {}f:redis.con: {}manager: kubectl-createoperation: Updatetime: "2022-11-30T01:56:08Z"name: cmfromfilenamespace: defaultresourceVersion: "1370377"uid: a85dacd5-1f6f-4c43-baaa-c429c623495b
[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: cmfromfile-volumesmountPath: /etc/config- name: cmfromdir-volumesmountPath: /etc/config2# - image: registry.cn-beijing.aliyuncs.com/dotbalo/redis #   name: redisvolumes:- name: cmfromfile-volumesconfigMap:name: cmfromfileitems:- key: redis.conpath: redis-conf.newdefaultMode: 0666- name: cmfromdir-volumesconfigMap:name: cmfromdir 
您在 /var/spool/mail/root 中有新邮

测试结果

 

 8.7 Secret常用类型

 8.8 创建Secret的几种形式

001    –from-file形式创建

kubectl create secret generic  db-user-pass \--from-file=/root/secret/username.txt \--from-file=/root/secret/passwd.txt 

 

 

 002    –from-literal形式创建

kubectl create secret generic dev-db-secret --from-literal=username=devuser --from-literal=password='S!B\*d$zDsb='

 003 通过yaml文件创建

 yaml中写铭文，通过stringdata加密

[root@k8s-master01 secret]# cat secret-stringdata.yaml 
apiVersion: v1
kind: Secret
metadata:name: my-secret-stringdata
type: Opaque
stringData:username: admin      # kubernetes.io/basic-auth 类型的必需字段password: t0p-Secret # kubernetes.io/basic-auth 类型的必需字段
[root@k8s-master01 secret]# 

8.9 使用Secret拉取私有仓库镜像 

 

 

 

 

 

 

 修改yaml文件配置

 

 8.10 Secret管理HTTPS证书

创建证书

openssl req -x509  -nodes  -days 365 -newkey rsa:2048  -keyout tls.key -out tls.crt -subj "/CN=test.com"

 创建secret

kubectl -n default create secret tls nginx-test-tls  --key=tls.key  --cert=tls.crt

 

8.11 使用SubPath解决挂载覆盖

将容器里的nginx.con拷贝出并做如下修改

创建nginx-conf cm

kubectl create cm nginx-conf --from-file=/root/secret/nginx.conf 

 

 

[root@k8s-master01 configmap]# cat dp-envfrom-cm.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: dp-cmname: dp-cm
spec:replicas: 1selector:matchLabels:app: dp-cmtemplate:metadata:labels:app: dp-cmspec:containers:- image: registry.cn-beijing.aliyuncs.com/dotbalo/nginxname: nginxvolumeMounts:- name: confmountPath: /etc/nginx/nginx.confsubPath: nginx.confvolumes:- name: confconfigMap:name: nginx-conf
[root@k8s-master01 configmap]# 

8.12  ConfigMap&Secret热更新

edit修改的cm 服务出现乱码，修改复杂；

解决：通过yaml文件创建的cm，直接vim修改yaml文件，然后replace/apply一下；

 通过文件形式创建的cm的热更新；通过yaml文件创建的cm，直接vim修改yaml文件，然后replace/apply一下；

 将worker_connections修改为256；改为后如何导入到configmap中呢？

#热更新
[root@k8s-master01 secret]# kubectl  create  cm nginx-conf  --from-file=nginx.conf  --dry-run=client  -oyaml|kubectl  replace  -f  -
configmap/nginx-conf replaced
[root@k8s-master01 secret]# 

 8.13 ConfigMap&Secret使用限制