k8s之資料儲存-配置儲存

路過的柚子廚發表於2021-08-19
K8S

ConfigMap

configmap是一種比較特殊的儲存卷,它的主要作用是用來儲存配置資訊的

建立configmap.yaml,內容如下

apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap
  namespace: dev
data:
  info:
    username:admin
    password:123456

 接下來,使用此配置檔案建立configmap

[root@master ~]# vim configmap.yaml
[root@master ~]# kubectl create -f configmap.yaml
configmap/configmap created

[root@master ~]# kubectl describe cm configmap -n dev
Name:         configmap
Namespace:    dev
Labels:       <none>
Annotations:  <none>

Data
====
info:
----
username:admin password:123456
Events:  <none>

接下來建立一個pod-configmap.yaml,將上面建立的configmap掛載進去

apiVersion: v1
kind: Pod
metadata:
  name: pod-configmap
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    volumeMounts: 
    - name: config
      mountPath: /configmap/config
  volumes:
  - name: config
    configMap: 
      name: configmap

使用配置檔案

[root@master ~]# vim pod-configmap.yaml
[root@master ~]# kubectl create -f pod-configmap.yaml 
pod/pod-configmap created
[root@master ~]# kubectl get pod pod-configmap -n dev
NAME            READY   STATUS    RESTARTS   AGE
pod-configmap   1/1     Running   0          32s

進入容器,可以看見對映已經成功,每個configmap都對映成了一個目錄

[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# cd /configmap/config
# ls
info
# more info
username:admin password:123456
# exit

編輯configmap,將password改為123456789

[root@master ~]# kubectl edit cm configmap -n dev
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  info: username:admin password:123456789
kind: ConfigMap
metadata:
  creationTimestamp: "2021-08-18T03:58:59Z"
  name: configmap
  namespace: dev
  resourceVersion: "171455"
  selfLink: /api/v1/namespaces/dev/configmaps/configmap
  uid: 46f41475-b95b-4477-9221-50054d6a5ea2

再次檢視info檔案

[root@master ~]# kubectl exec -it pod-configmap -n dev /bin/sh
# more /configmap/config/info
username:admin password:123456789

Secret

在k8s中,還存在一種和ConfigMap非常類似的物件,成為Secret物件。它主要用於儲存敏感資訊,例如密碼,金鑰,證書等等。

首先使用base64對資料進行編碼

[root@master ~]# echo -n 'admin' | base64
YWRtaW4=
[root@master ~]# echo -n '123456' | base64
MTIzNDU2

接下來編寫secret.yaml,並建立secret

apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: dev
type: Opaque
data: 
  username: YWRtaW4=
  password: MTIzNDU2

使用配置檔案

[root@master ~]# vim secret.yaml
[root@master ~]# kubectl create -f secret.yaml 
secret/secret created
[root@master ~]# kubectl describe secret/secret -n dev
Name:         secret
Namespace:    dev
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:  6 bytes
username:  5 bytes

建立pod-secret.yaml,將上面的secret掛載進去

apiVersion: v1
kind: Pod
metadata:
  name: pod-secret
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx:1.17.1
    volumeMounts: 
    - name: config
      mountPath: /secret/config
  volumes:
  - name: config
    secret: 
      secretName: secret

使用配置檔案

[root@master ~]# vim pod-secret.yaml
[root@master ~]# kubectl create -f pod-secret.yaml 
pod/pod-secret created

#檢視secret資訊,發現已經自動解碼了
[root@master ~]# kubectl exec -it pod-secret -n dev /bin/sh
# cd /secret/config
# ls 
password  username
# more username
admin
# more password
123456

至此,已經實現了利用secret實現資訊的編碼

 

相關文章