kubernetes学习记录之ConfigMap & Secret

初识

configmap 是用來儲存設定檔案的 volume，例如 nginx 的設定檔
secret 是用來儲存機密資料，像是PWD、TLS、Harbor仓库的pwd

兩者都可以以 Volume 或 ENV 的方式傳入 Pod
secret存储的是经过base64加密后的

创建ConfigMap 、Pod从变量

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-demo1
data:
  username: "xiaoming"
  age: "12"
1
2
3
4
5
6
7

apiVersion: v1
kind: Pod
metadata:
  name: app-demo1
spec:
  containers:
    - name: demo
      image: nginx
      env:
        - name: USERNAME
          valueFrom:
            configMapKeyRef:
              name: app-demo1
              key: username
        - name: AGE
          valueFrom:
            configMapKeyRef:
              name: app-demo1
              key: age
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

用的时候就可以进入Pod echo $USERNAME $AGE

创建ConfigMap 、Pod从配置文件

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-demo2
data:
  app.properties: |
    username=xiaoming
    age=13
1
2
3
4
5
6
7
8

apiVersion: v1
kind: Pod
metadata:
  name: app-demo2
spec:
  containers:
    - name: demo
      image: nginx
      volumeMounts:
      - name: app-demo2
        mountPath: "/config"
        readOnly: true
  volumes:
    - name: app-demo2
      configMap:
        name: app-demo2
        items:
        - key: "app.properties"
          path: "app.properties"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

这变量就挂载了

创建Secret 、Pod从变量

echo admin | base64
echo pass | base64
1
2

apiVersion: v1
kind: Secret
metadata:
  name: app-secret1
type: Opaque
data:
  username: YWRtaW4=
  pass: MTIzNDU2
1
2
3
4
5
6
7
8

apiVersion: v1
kind: Pod
metadata:
  name: app-secret1
spec:
  containers:
    - name: demo
      image: nginx
      env:
        - name: USERNAME
          valueFrom:
            secretKeyRef:
              name: app-secret1
              key: username
        - name: PASSWORD
          valueFrom:
            secretKeyRef:
              name: app-secret1
              key: password
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

通过读变量就可以读出来，自动解密

创建Secret 、Pod从文件

apiVersion: v1
kind: Secret
metadata:
  name: app-secret2
type: Opaque
data:
  username: YWRtaW4=
  password: MTIzNDU2
1
2
3
4
5
6
7
8

apiVersion: v1
kind: Pod
metadata:
  name: app-secret2
spec:
  containers:
    - name: demo
      image: nginx
      volumeMounts:
      - name: app-secret2
        mountPath: "/config"
        readOnly: true
  volumes:
    - name: app-secret2
      secret:
        secretName: app-secret2
        items:
        - key: "username"
          path: "db.username"
        - key: "password"
          path: "db.password"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

当ConfigMap更新，Pod会自动更新（滚动更新）

相关阅读:
java基于springboot+vue的人才推荐求职招聘系统
数列计算
0-1 背包问题
企业为什么需要通过低代码平台实现知识文档管理系统
汇编寻址方式
PX4模块设计之二十：PX4应用平台初始化
Vue3+Ts+Element-Plus多级表头以及动态合并单元格
04 【Sass语法介绍-运算】
unity3d客户端框架基于类对象池的可回收变量代码实现
Acwing 836. 合并集合

原文地址：https://blog.csdn.net/hans99812345/article/details/126386771