k8s叢集ConfigMap和Secret儲存卷

   ConfigMap對像是一系列配置的集合，k8s會將這一集合注入到對應的Pod對像中，併為容器成功啟動使用。注入的方式一般有兩種，一種是掛載儲存卷，一種是傳遞變數。ConfigMap被引用之前必須存在，屬於名稱空間級別，不能跨名稱空間使用，內容明文顯示。ConfigMap內容修改後，對應的pod必須重啟或者重新載入配置。
  Secret類似於ConfigMap，是用Base64加密，密文顯示，一般存放敏感資料。一般有兩種建立方式，一種是使用kubectl create建立，一種是用Secret配置檔案。
ConfigMap鍵值使用幫助：kubectl  explain pods.spec.containers.env
ConfigMap卷建立幫助： kubectl  explain pods.spec.volumes
ConfigMap卷引用幫助：kubectl  explain pods.spec.containers.volumeMounts
Secret幫助：kubectl  explain secret

一，ConfigMap儲存卷
1.使用鍵值直接建立對像
[root@k8s01 yaml]# kubectl create configmap wuhan123 --from-literal=wuhan="2019軍運會"
configmap/wuhan123
[root@k8s01 yaml]# kubectl get configmap wuhan123
NAME       DATA   AGE
wuhan123   1      27s
[root@k8s01 yaml]# kubectl get configmap wuhan123 -o yaml

apiVersion: v1
data:
  wuhan: 2019軍運會            --鍵和資料
kind: ConfigMap
metadata:
  creationTimestamp: "2019-10-26T06:30:13Z"
  name: wuhan123
  namespace: default
  resourceVersion: "3790588"
  selfLink: /api/v1/namespaces/default/configmaps/wuhan123
  uid: c7771f6f-3825-47f8-9029-4630810b6dd5

[root@k8s01 yaml]#

1.1引用ConfigMap鍵值中的單個對像：
[root@k8s01 yaml]# vim wuhan123.yaml

apiVersion: v1
kind: Pod
metadata:
  name: wuhan123
  namespace: default
  labels:
    app: web
spec:
  containers:
  - name: wuhan123
    image: nginx:latest
    imagePullPolicy: Never
    env:
    - name: abc          --引用到資料後存放值
      valueFrom:
        configMapKeyRef:
          name: wuhan123      --configmap名
          key: wuhan               --鍵
[root@k8s01 yaml]# kubectl apply -f wuhan123.yaml

pod/wuhan123 created
[root@k8s01 yaml]# kubectl  exec -it wuhan123 bash
root@wuhan123:/# echo $abc      --在容器中輸出鍵中的值
2019軍運會
root@wuhan123:/# exit
exit
[root@k8s01 yaml]#

1.2引用ConfigMap中所有對像
[root@k8s01 yaml]# vim wuhan123-1.yaml

apiVersion: v1
kind: Pod
metadata:
  name: wuhan123-1
  namespace: default
  labels:
    app: web
spec:
  containers:
  - name: wuhan123-1
    image: nginx:latest
    imagePullPolicy: Never
    envFrom:             --引用configmap所有值 
    - prefix: WUHAN_      --為每個變數加字首
      configMapRef:
        name: wuhan123
        optional: false

[root@k8s01 yaml]# kubectl apply -f  wuhan123-1.yaml
pod/wuhan123-1 created
[root@k8s01 yaml]# kubectl  exec -it wuhan123-1 bash
root@wuhan123-1:/# echo $WUHAN_wuhan           --訪問變數時要加字首
2019軍運會
root@wuhan123-1:/# exit
exit
[root@k8s01 yaml]#

2.基於檔案建立
[root@k8s01 yaml]# kubectl create configmap wuhan2 --from-file=/root/yaml/nginx.conf    --指定掛載的檔案
configmap/wuhan2 created
[root@k8s01 yaml]# kubectl get configmap wuhan2
NAME     DATA   AGE
wuhan2   1      18s
[root@k8s01 yaml]# kubectl get configmap wuhan2 -o yaml
apiVersion: v1
data:
  nginx.conf: |+
    worker_processes auto;
    worker_cpu_affinity auto;
    worker_rlimit_nofile 65535;
    events {
      use epoll;
      worker_connections 65535;
    }
    error_log  logs/error.log error;
    pid        logs/nginx.pid;
    http {
      server_info off;
      include       common/mime.types;
      default_type  application/octet-stream;
      index index.html index.htm default.html default.htm index.json;
       log_format  main
            '[$remote_addr $http_x_forwarded_for - $remote_user $time_local] '
            '[Request: $host "$request"] $request_time sec '
            '[Detail: $status $body_bytes_sent $http_referer] '
            '[Upstream: $upstream_addr $upstream_status]' ' $upstream_response_time sec';
      access_log logs/access.log main;
      keepalive_timeout 65;
      sendfile        on;
      client_max_body_size 10240m;
      client_body_buffer_size 1024k;
      resolver 114.114.114.114 8.8.8.8;
      uwsgi_cache_path uwsgi_temp levels=1:2 keys_zone=IFLYTEK_UWSGI_CACHE:100m inactive=5m max_size=20g;
      include common/uwsgi.conf;
      include common/proxy.conf;
      include common/fastcgi.conf;
      include common/gzip.conf;
      include sites/*.conf;
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2019-10-26T06:36:20Z"
  name: wuhan2
  namespace: default
  resourceVersion: "3791130"
  selfLink: /api/v1/namespaces/default/configmaps/wuhan2
  uid: 6305dd66-df6c-48a8-a1ad-02513ad64d6c
[root@k8s01 yaml]#

2.1引用configmap對像
[root@k8s01 yaml]# vim wuhan234.yaml

apiVersion: v1
kind: Pod
metadata:
  name: wuhan234
  namespace: default
  labels:
    app: web
spec:
  containers:
  - name: wuhan234
    image: nginx:latest
    imagePullPolicy: Never
    volumeMounts:
    - name: ngxconf
      mountPath: /usr/share/nginx/conf     --將configmap掛載到指定目錄
      readOnly: true
  volumes:
  - name: ngxconf            --定義一個卷儲存
    configMap:
      name: wuhan2          --指定configmap名

[root@k8s01 yaml]# kubectl apply -f  wuhan234.yaml
pod/wuhan234 created
[root@k8s01 yaml]# kubectl  exec -it wuhan234 bash
root@wuhan234:/# head -2 /usr/share/nginx/conf/nginx.conf      --檢視掛載後內容
worker_processes auto;
worker_cpu_affinity auto;
root@wuhan234:/# exit
exit
[root@k8s01 yaml]#

3.基於目錄建立
[root@k8s01 yaml]# kubectl create configmap wuhan3 --from-file=/root/yaml/
configmap/wuhan3 created
[root@k8s01 yaml]# kubectl get configmap wuhan3
NAME     DATA   AGE
wuhan3   8      5s
[root@k8s01 yaml]# kubectl get configmap wuhan3 -o yaml

3.1引用configmap對像(掛載目錄中指定檔案)
[root@k8s01 yaml]# vim wuhan345.yaml

apiVersion: v1
kind: Pod
metadata:
  name: wuhan345
  namespace: default
  labels:
    app: web
spec:
  containers:
  - name: wuhan345
    image: nginx:latest
    imagePullPolicy: Never
    volumeMounts:
    - name: ngxconf
      mountPath: /usr/share/nginx/conf
      readOnly: true
  volumes:
  - name: ngxconf           --定義儲存卷名
    configMap:
      name: wuhan3         --引用configmap名
      items:
      - key: nginx.yaml        --引用後的檔名
        path: nginx.yaml      --引用前檔名
        mode: 0777              --檔案許可權
      - key: helm123.yaml       --將helm.yaml檔案引用後對映成helm123.yaml
        path: helm.yaml
        mode: 0600

[root@k8s01 yaml]# kubectl apply -f  wuhan345.yaml
pod/wuhan345 created
[root@k8s01 yaml]# kubectl exec -it wuhan345 bash
root@wuhan345:/# ls -al /usr/share/nginx/conf/
total 0
drwxrwxrwx 3 root root 97 Oct 26 08:25 .
drwxr-xr-x 1 root root 18 Oct 26 08:25 ..
drwxr-xr-x 2 root root 44 Oct 26 08:25 ..2019_10_26_08_25_18.898777603
lrwxrwxrwx 1 root root 31 Oct 26 08:25 ..data -> ..2019_10_26_08_25_18.898777603
lrwxrwxrwx 1 root root 19 Oct 26 08:25 helm123.yaml -> ..data/helm123.yaml        --檔案後對映後
lrwxrwxrwx 1 root root 17 Oct 26 08:25 nginx.yaml -> ..data/nginx.yaml
root@wuhan345:/# exit
exit
[root@k8s01 yaml]#

3.2引用configmap對像(掛載目錄中指定檔案，原其它檔案保留)
[root@k8s01 yaml]# vim wuhan345-1.yaml

apiVersion: v1
kind: Pod
metadata:
  name: wuhan345-1
  namespace: default
  labels:
    app: web
spec:
  containers:
  - name: wuhan345-1
    image: nginx:latest
    imagePullPolicy: Never
    volumeMounts:
    - name: ngxconf
      mountPath: /usr/share/nginx/conf/nginx.conf
      subPath: nginx.conf
      readOnly: true
    - name: ngxconf
      mountPath: /usr/share/nginx/conf/default.conf
      subPath: default.conf
      readOnly: true
  volumes:
  - name: ngxconf
    configMap:
      name: wuhan3

[root@k8s01 yaml]# kubectl apply -f  wuhan345-1.yaml
pod/wuhan345-1 created
[root@k8s01 yaml]# kubectl exec -it wuhan345-1 bash
root@wuhan345-1:/# ls -al /usr/share/nginx/conf/
total 4
drwxr-xr-x 3 root root   44 Oct 26 08:20 .
drwxr-xr-x 1 root root   18 Oct 26 08:20 ..
drwxrwxrwx 2 root root    6 Oct 26 08:20 default.conf
-rw-r--r-- 1 root root 1083 Oct 26 08:20 nginx.conf
root@wuhan345-1:/# exit
exit
[root@k8s01 yaml]#

4.基於配置檔案建立
[root@k8s01 yaml]# vim configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: wuhan5
  namespace: default
data: |            --必須要使用符號|,否則沒有格式
  nginx.conf:
    worker_processes auto;
    worker_cpu_affinity auto;
    worker_rlimit_nofile 65535;
    events {
      use epoll;
      worker_connections 65535;
    }
    http {
      server_info off;
      index index.html index.htm default.html default.htm index.json;
      access_log logs/access.log main;
      keepalive_timeout 65;
      server {
         server_name baidu.com;
         location / {
            root html;
            index index.html
          }
      }
    }
---
apiVersion: v1
kind: Pod
metadata:
  name: wuhan5-pod
  namespace: default
spec:
  containers:
  - name: wuhan5-pod
    image: nginx:latest
    imagePullPolicy: Never
    volumeMounts:
    - name: ngxconf     --引用別名
      mountPath: /usr/share/nginx/conf     --掛載的目錄
  volumes:
  - name: ngxconf     --定義一個別名
    configMap:
      name: wuhan5      --引用configmap名

[root@k8s01 yaml]# kubectl apply -f configmap.yaml
configmap/wuhan5 created
pod/wuhan5-pod created
[root@k8s01 yaml]# kubectl  exec -it wuhan5-pod bash
root@wuhan5-pod:/# head -5 /usr/share/nginx/conf/nginx.conf      --顯示5行內容
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
events {
  use epoll;
root@wuhan5-pod:/# exit
exit
[root@k8s01 yaml]#

二，Secret儲存卷
5.利用命令方式建立Secret
[root@k8s01 yaml]# kubectl create secret generic mypass --from-literal=username=root --from-literal=password=System135
secret/mypass created
[root@k8s01 yaml]# kubectl  get secrets mypass
NAME     TYPE     DATA   AGE
mypass   Opaque   2      23s
[root@k8s01 yaml]# kubectl  get secrets mypass -o yaml
apiVersion: v1
data:
  password: U3lzdGVtMTM1       --密碼已加密
  username: cm9vdA==               --使用者名稱已加密
kind: Secret
metadata:
  creationTimestamp: "2019-10-26T08:32:18Z"
  name: mypass
  namespace: default
  resourceVersion: "3801721"
  selfLink: /api/v1/namespaces/default/secrets/mypass
  uid: 7a432a31-fe0b-4edc-a507-9f1aa0cd1745
type: Opaque           --如果是Opaque表示就是用Base64加密
[root@k8s01 yaml]# echo U3lzdGVtMTM1 | base64 -d      --顯示密碼明文
System135[root@k8s01 yaml]#