kubernetes存储(一)——Configmap配置管理,Secret配置管理
一Configmap配置管理
1 简介
Configmap用于保存配置数据,以键值对形式存储。
configMap 资源提供了向 Pod 注入配置数据的方法。
旨在让镜像和配置文件解耦,以便实现镜像的可移植性和可复用性。
典型的使用场景:
填充环境变量的值
设置容器内的命令行参数
填充卷的配置文件
2 创建ConfigMap的方式
使用字面值创建
使用文件创建
使用目录创建
编写configmap的yaml文件创建
2.1 使用字面值创建
[root@server1 ~]# kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
configmap/my-config created
[root@server1 ~]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 4d19h
my-config 2 30s
[root@server1 ~]# kubectl get cm my-config -o yaml
apiVersion: v1
data:key1: config1key2: config2
kind: ConfigMap
metadata:creationTimestamp: "2021-07-30T05:30:29Z"name: my-confignamespace: defaultresourceVersion: "144016"uid: 279a6d36-cd78-47eb-a428-87bdaea0c3d8
2.2 使用文件创建
[root@server1 ~]# kubectl create configmap my-config-2 --from-file=/etc/resolv.conf
configmap/my-config-2 created
[root@server1 ~]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 4d19h
my-config 2 2m32s
my-config-2 1 17s
[root@server1 ~]# kubectl get cm my-config-2 -o yaml
apiVersion: v1
data:resolv.conf: |2nameserver 114.114.114.114
kind: ConfigMap
metadata:creationTimestamp: "2021-07-30T05:32:44Z"name: my-config-2namespace: defaultresourceVersion: "144261"uid: 2f320268-8272-45bc-b6fd-0bacaedbed99
2.3 使用目录创建
[root@server1 configmap]# mkdir test
[root@server1 configmap]# cp /etc/passwd test/
[root@server1 configmap]# cp /etc/fstab test/
[root@server1 configmap]# ls
test
[root@server1 configmap]# ls test/
fstab passwd
[root@server1 configmap]# kubectl create configmap my-config-3 --from-file=test
configmap/my-config-3 created
[root@server1 configmap]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 4d19h
my-config 2 10m
my-config-2 1 8m5s
my-config-3 2 11s
[root@server1 configmap]# kubectl describe cm my-config-3
Name: my-config-3
Namespace: default
Labels: <none>
Annotations: <none>Data
====
fstab:
----#
# /etc/fstab
# Created by anaconda on Tue Jun 22 22:40:11 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=39fc2216-aa96-49ff-a5bd-54a864a60822 /boot xfs defaults 0 0
#/dev/mapper/rhel-swap swap swap defaults 0 0passwd:
----
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:997:1000::/home/mysql:/bin/false
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
kubeadm:x:1000:1001::/home/kubeadm:/bin/bashEvents: <none>
2.4 编写configmap的yaml文件创建
编写cm1.yaml
[root@server1 configmap]# vim cm1.yaml
[root@server1 configmap]# cat cm1.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: cm1-config
data:db_host: "172.25.7.250"db_port: "3306"
[root@server1 configmap]# kubectl apply -f cm1.yaml
configmap/cm1-config created
[root@server1 configmap]# kubectl get cm
NAME DATA AGE
cm1-config 2 10s
kube-root-ca.crt 1 4d19h
my-config 2 13m
my-config-2 1 11m
my-config-3 2 3m33s
编写pod1.yaml
[root@server1 configmap]# cat pod1.yaml
apiVersion: v1
kind: Pod
metadata:name: pod1
spec:containers:- name: pod1image: busyboxcommand: ["/bin/sh", "-c", "env"]env:- name: key1valueFrom:configMapKeyRef:name: cm1-configkey: db_host- name: key2valueFrom:configMapKeyRef:name: cm1-configkey: db_portrestartPolicy: Never[root@server1 configmap]# kubectl apply -f pod1.yaml
pod/pod1 created
[root@server1 configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
demo-5b4fc8bb88-5lt6g 1/1 Running 4 2d22h
demo-5b4fc8bb88-whjwj 1/1 Running 4 2d22h
pod1 0/1 Completed 0 7s
replicaset-example-kgkh5 1/1 Running 4 2d21h
[root@server1 configmap]# kubectl logs pod1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=pod1
SHLVL=1
HOME=/root
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
key1=172.25.7.250
KUBERNETES_PORT_443_TCP_PROTO=tcp
key2=3306
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
编写pod2.yaml
[root@server1 configmap]# vim pod2.yaml
[root@server1 configmap]# cat pod2.yaml
apiVersion: v1
kind: Pod
metadata:name: pod2
spec:containers:- name: pod2image: busyboxcommand: ["/bin/sh", "-c", "cat /config/db_host"]volumeMounts:- name: config-volumemountPath: /configvolumes:- name: config-volumeconfigMap:name: cm1-configrestartPolicy: Never[root@server1 configmap]# kubectl apply -f pod2.yaml
pod/pod2 created
[root@server1 configmap]# kubectl logs pod2
172.25.7.250
编写pod3.yaml
[root@server1 configmap]# vim pod3.yaml
[root@server1 configmap]# cat pod3.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: my-nginx
spec:replicas: 1selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: nginxports:- containerPort: 80volumeMounts:- name: config-volumemountPath: /configvolumes:- name: config-volumeconfigMap:name: cm1-config[root@server1 configmap]# kubectl apply -f pod3.yaml
deployment.apps/my-nginx created
[root@server1 configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
demo-5b4fc8bb88-5lt6g 1/1 Running 4 2d23h
demo-5b4fc8bb88-whjwj 1/1 Running 4 2d23h
my-nginx-8694df69f6-cx92x 1/1 Running 0 38s
pod1 0/1 Completed 0 45m
pod2 0/1 Completed 0 34m
replicaset-example-kgkh5 1/1 Running 4 2d22h
[root@server1 configmap]# kubectl describe cm cm1-config
Name: cm1-config
Namespace: default
Labels: <none>
Annotations: <none>Data
====
db_host:
----
172.25.7.250
db_port:
----
3306
Events: <none>
[root@server1 configmap]# kubectl get cm
NAME DATA AGE
cm1-config 2 49m
kube-root-ca.crt 1 4d20h
my-config 2 62m
my-config-2 1 60m
my-config-3 2 52m
configmap热更新
[root@server1 configmap]# vim nginx.conf
[root@server1 configmap]# cat nginx.conf
server {listen 8000;server_name _;location / {root /usr/share/nginx/html;index index.html index.htm;}
}[root@server1 configmap]# kubectl create configmap nginxconf --from-file=nginx.conf
configmap/nginxconf created
[root@server1 configmap]# kubectl describe cm nginxconf
Name: nginxconf
Namespace: default
Labels: <none>
Annotations: <none>Data
====
nginx.conf:
----
server {listen 8000;server_name _;location / {root /usr/share/nginx/html;index index.html index.htm;}
}Events: <none>
[root@server1 configmap]# vim nginx.yaml
[root@server1 configmap]# kubectl apply -f nginx.yaml
deployment.apps/my-nginx configured
[root@server1 configmap]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
demo-5b4fc8bb88-5lt6g 1/1 Running 4 2d23h 10.244.179.71 server2 <none> <none>
demo-5b4fc8bb88-whjwj 1/1 Running 4 2d23h 10.244.22.7 server4 <none> <none>
my-nginx-b9b58dbdf-zwkf4 1/1 Running 0 17s 10.244.141.201 server3 <none> <none>
pod1 0/1 Completed 0 50m 10.244.22.8 server4 <none> <none>
pod2 0/1 Completed 0 39m 10.244.22.9 server4 <none> <none>
replicaset-example-kgkh5 1/1 Running 4 2d22h 10.244.141.200 server3 <none> <none>
二 Secret配置管理
1 介绍
Secret 对象类型用来保存敏感信息,例如密码、OAuth 令牌和 ssh key。
敏感信息放在 secret 中比放在 Pod 的定义或者容器镜像中来说更加安全和灵活
1.1 Pod 可以用两种方式使用 secret
作为 volume 中的文件被挂载到 pod 中的一个或者多个容器里。
当 kubelet 为 pod 拉取镜像时使用。
1.2 Secret的类型
Service Account:Kubernetes 自动创建包含访问 API 凭据的 secret,并自动修改 pod 以使用此类型的 secret。
Opaque:使用base64编码存储信息,可以通过base64 --decode解码获得原始数据,因此安全性弱。
kubernetes.io/dockerconfigjson:用于存储docker registry的认证信息。
2 从文件中创建Secret
[root@server1 configmap]# echo -n 'admin' > ./username.txt
[root@server1 configmap]# echo -n 'westos' > ./password.txt
[root@server1 configmap]# kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
secret/db-user-pass created
[root@server1 configmap]# kubectl get secrets
NAME TYPE DATA AGE
basic-auth Opaque 1 105m
db-user-pass Opaque 2 15s
default-token-75rf9 kubernetes.io/service-account-token 3 4d20h
tls-secret kubernetes.io/tls 2 3h45m
[root@server1 configmap]# kubectl describe secrets db-user-pass
Name: db-user-pass
Namespace: default
Labels: <none>
Annotations: <none>Type: OpaqueData
====
password.txt: 6 bytes
username.txt: 5 bytes
如果密码具有特殊字符,则需要使用 \ 字符对其进行转义,执行以下命令
kubectl create secret generic dev-db-secret --from-literal=username=devuser --from-literal=password=S\!B\\*d\$zDsb
默认情况下 kubectl get和kubectl describe 为了安全是不会显示密码的内容,可以通过以下方式查看:
[root@server1 configmap]# kubectl get secrets default-token-75rf9 -o yaml
apiVersion: v1
data:ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EY3lOREV3TkRVek5Wb1hEVE14TURjeU1qRXdORFV6TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVczCkQ5OGkzL1B5cTVNNTdNVmlEQkJRQzhUbUtrVE1hKzUydHl0NmdSNEF3cml2ZllTWGlndTFUMGM0MlVDRnJUOG0KVkZvLys5Ung4NFEySnBhalVieitsYXVhclJTakR1KzNFRWtDU0pJcUpWUzIzTnBnaUR6WG5nK3dWa3Vma29FYQphLzFXVGVlekt0NVBDNGNRNm1lRG51cktTQXhWcGdDK292WGNZdUdqcElRVThiNWt0bnVvNVdSNnFTOTA5Y0xGCjBDMFB0SmlTa093cTd1TzRCZy9GNXZwWGQvd0dDSDdSdkRNaFhGTVd6TFdRcFNIVEcyWDl1bFhjdWZMR0JlZy8KRHJ1b3Mybks2OFJtT1BSRCtWOVE0b1lqd3hoVEc2NU9uREJXZUFDVXU5T0VhTzlWeGFENzhvS0Q5YjlpOWhSbgo3OFBteUN5ZU9YSHgvUWp0a1hVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOTVovRmhDbjZtcFhMUDBKVUR0RmpRZDI0QVFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDZEJ6dWdUbEV1ZnRkdG1NaVhIQzg2TEFsY3EwdlNLWTBvZHNJUDhKRUZwRWpNd095VApBTlZUMEZSV09qUUlTWnR5SlN5S1BFMWtJcWpHaHFkWHg1UE5POHBzK1o0U01TbGEwa3BHMG9VNjQvYmVZb0UwClpBbVBWOTF3U1RMUkx0bTkrTGF4VlhMUjlJUGdsMXZYTndMWWsza0ZmM3g2dWUxbFlEamVoNW9KOW5INms2UVgKTEw2TjJrOVdCKzloa0pEcTlON245RjBEQW9JTnVSZFlGdzBQdkh5b0drY2tvb1EzMXdoT0dSTGJyUDdBQWdNWApNYVFTd3JvcGp1SHpqeWRXcmtlOGpIdzVTMW5QeUtJUmRSNzNzUWZ0eDJtdU5xTnVGSml5V3g3djNHVlZnb1JYCmUxdHpONE0wdmZsNWdWMFBBNXhqRjhjRTZ6Y2tIQ0F3SjlPegotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==namespace: ZGVmYXVsdA==token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkltTkJOR0U1U0dadE9WbG5RbVZUUkZKd1IyVjRaa3BRVWpSUGFXUnlRV3d5Tm1WR2RVbFJWMVpuZDAwaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbVJsWm1GMWJIUXRkRzlyWlc0dE56VnlaamtpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pWkdWbVlYVnNkQ0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJalZsTnpVek1XRm1MVGs1TWpRdE5EQXdPQzFoTlRObExXSXpZbVF3Tm1Zell6Z3dZU0lzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwa1pXWmhkV3gwT21SbFptRjFiSFFpZlEuWkdwRWJVZzFybVo1WlFHcWxzbzFOaE1fTGRVWmlFZHNSMnYyWDRfSmVvbUFNM2ZFcWtWeEhCZS1XOExZMFBBSjNaQlRIbjFTYXN5SG5PendxNzJQM3hKdWFCVlR3TUJOS0p3cEFkaDdJbDhMa0VteUV6eUdMX2t3ZmhGWm0yQm1TZnRtcUJZc1I0SWJTVS1pZVdTeHh3MG5zUkRXUVZIeHZRNEIxR0otOTVEVDZFOUd0WVhQNE4tUDdySnNLWTR3cnR3UFhIMDNZWmFzNl9OeFRWYVpLUWc2bG1vYWZ5QzdVdl9rYXhVOTVXMDJCMk95eWxjaGp1WFNoSGY5Y3ptcHlZM0dFYVhXaldacGZsX3dNZlk4UVNnX0F3Q1hQd2gyVF90ejV4eHlnRFk5MEd4YzdjU01tLVU5OGw3QVNlbjNmTDNMU1lwdDEzTXR3N0F5TmxGM3V3
kind: Secret
metadata:annotations:kubernetes.io/service-account.name: defaultkubernetes.io/service-account.uid: 5e7531af-9924-4008-a53e-b3bd06f3c80acreationTimestamp: "2021-07-25T10:13:19Z"name: default-token-75rf9namespace: defaultresourceVersion: "405"uid: 9b03274d-d07a-4f4b-82f7-78f12f1c5bfb
type: kubernetes.io/service-account-token
3 编写一个 secret 对象
[root@server1 configmap]# echo -n 'admin' | base64
YWRtaW4=
[root@server1 configmap]# echo -n 'westos' | base64
d2VzdG9z
[root@server1 configmap]# vim secret.yaml
[root@server1 configmap]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:name: mysecret
type: Opaque
data:username: YWRtaW4=password: d2VzdG9z
[root@server1 configmap]# kubectl create -f secret.yaml
secret/mysecret created
[root@server1 configmap]# kubectl get secrets
NAME TYPE DATA AGE
basic-auth Opaque 1 108m
db-user-pass Opaque 2 3m41s
default-token-75rf9 kubernetes.io/service-account-token 3 4d20h
mysecret Opaque 2 20s
tls-secret kubernetes.io/tls 2 3h49m
[root@server1 configmap]# kubectl describe secrets mysecret
Name: mysecret
Namespace: default
Labels: <none>
Annotations: <none>Type: OpaqueData
====
password: 6 bytes
username: 5 bytes
4将Secret挂载到Volume中,向指定路径映射 secret 密钥
[root@server1 configmap]# vim secret.yaml
[root@server1 configmap]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:name: mysecret
type: Opaque
data:username: YWRtaW4=password: d2VzdG9z---
apiVersion: v1
kind: Pod
metadata:name: mysecret
spec:containers:- name: nginximage: nginxvolumeMounts:- name: secretsmountPath: "/secret"readOnly: truevolumes:- name: secretssecret:secretName: mysecretitems:- key: usernamepath: my-group/my-username
[root@server1 configmap]# kubectl apply -f secret.yaml
Warning: resource secrets/mysecret is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
secret/mysecret configured
pod/mysecret created
[root@server1 configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
demo-5b4fc8bb88-5lt6g 1/1 Running 4 2d23h
demo-5b4fc8bb88-whjwj 1/1 Running 4 2d23h
my-nginx-b9b58dbdf-zwkf4 1/1 Running 0 12m
mysecret 1/1 Running 0 26s
pod1 0/1 Completed 0 62m
pod2 0/1 Completed 0 50m
replicaset-example-kgkh5 1/1 Running 4 2d22h
5 将Secret设置为环境变量
[root@server1 configmap]# vim secret.yaml
[root@server1 configmap]# cat secret.yaml
apiVersion: v1
kind: Secret
metadata:name: mysecret
type: Opaque
data:username: YWRtaW4=password: d2VzdG9z---
apiVersion: v1
kind: Pod
metadata:name: mysecret
spec:containers:- name: nginximage: nginxvolumeMounts:- name: secretsmountPath: "/secret"readOnly: truevolumes:- name: secretssecret:secretName: mysecretitems:- key: usernamepath: my-group/my-username---
apiVersion: v1
kind: Pod
metadata:name: secret-env
spec:containers:- name: nginximage: nginxenv:- name: SECRET_USERNAMEvalueFrom:secretKeyRef:name: mysecretkey: username- name: SECRET_PASSWORDvalueFrom:secretKeyRef:name: mysecretkey: password
[root@server1 configmap]# kubectl apply -f secret.yaml
secret/mysecret unchanged
pod/mysecret configured
pod/secret-env created
[root@server1 configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
demo-5b4fc8bb88-5lt6g 1/1 Running 4 2d23h
demo-5b4fc8bb88-whjwj 1/1 Running 4 2d23h
my-nginx-b9b58dbdf-zwkf4 1/1 Running 0 14m
mysecret 1/1 Running 0 2m46s
pod1 0/1 Completed 0 64m
pod2 0/1 Completed 0 53m
replicaset-example-kgkh5 1/1 Running 4 2d22h
secret-env 1/1 Running 0 8s
[root@server1 configmap]# kubectl exec secret-env env
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=secret-env
SECRET_USERNAME=admin
SECRET_PASSWORD=westos
KUBERNETES_SERVICE_HOST=10.96.0.1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NGINX_VERSION=1.19.2
NJS_VERSION=0.4.3
PKG_RELEASE=1~buster
HOME=/root
6 kubernetes.io/dockerconfigjson用于存储docker registry的认证信息
[root@server1 configmap]# kubectl create secret docker-registry myregistrykey --docker-server=reg.westos.org --docker-username=admin --docker-password=westos --docker-email=yakexi007@westos.org
secret/myregistrykey created
[root@server1 configmap]# kubectl get secrets
NAME TYPE DATA AGE
basic-auth Opaque 1 115m
db-user-pass Opaque 2 10m
default-token-75rf9 kubernetes.io/service-account-token 3 4d20h
myregistrykey kubernetes.io/dockerconfigjson 1 34s
mysecret Opaque 2 6m53s
tls-secret kubernetes.io/tls 2 3h55m
[root@server1 configmap]# vim registry.yaml
[root@server1 configmap]# cat registry.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod
spec:containers:- name: game2048image: reg.westos.org/westos/game2048imagePullSecrets:- name: myregistrykey
[root@server1 configmap]# kubectl apply -f registry.yaml
pod/mypod created
[root@server1 configmap]# kubectl get sa
NAME SECRETS AGE
default 1 4d20h
[root@server1 configmap]# kubectl describe sa
Name: default
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: default-token-75rf9
Tokens: default-token-75rf9
Events: <none>
kubernetes存储(一)——Configmap配置管理,Secret配置管理相关推荐
- Kubernetes 存储(Configmap、Secret、Volume、PV-PVC)
Kubernetes 存储 一.ConfigMap 1.ConfigMap描述信息 2.ConfigMap的创建 3.Pod中使用ConfigMap 4.ConfigMap的热更新 二.Secret ...
- kubernetes系列12—二个特色的存储卷configmap和secret
本文收录在容器技术学习系列文章总目录 1.configmap 1.1 认识configmap ConfigMap用于保存配置数据的键值对,可以用来保存单个属性,也可以用来保存配置文件.ConfigMa ...
- Kubernetes笔记(8) - ConfigMap和Secret
ConfigMap 创建ConfigMap对象 基于字面值创建 基于文件创建 基于目录创建 使用配置清单创建 通过环境变量传递ConfigMap数据 envFrom 通过ConfigMap存储卷传递数 ...
- Kubernetes存储之ConfigMap
ConfigMap功能在Kubernetes1.2版本中引入,许多应用程序会从配置文件,命令行参数或环境变量中读取配置信息,ConfigMap API给我们提供了向容器中注入配置信息的机制,Confi ...
- 运维实操——kubernetes(九)存储之Secret配置管理Service Account、Opaque、dockerconfigjson
存储之Secret配置管理Service Account.Opaque.dockerconfigjson 1.什么是Secret? 2.Service Account 3.Opaque (1)从文件中 ...
- kubernetes存储 -- Configmap应用配置管理
简介 生产环境中很多应用程序的配置可能需要通过配置文件,命令行参数和环境变量的组合配置来完成.这些配置应该从image中解耦,以此来保持容器化应用程序的可移植性.在K8S1.2后引入ConfigMap ...
- kubernetes——存储之Volumes配置管理
kubernetes--存储之Volumes配置管理 一.Volumes的简介 二.emptyDir卷 1.emptyDir的引入 2.emptyDir 的使用场景 3.多容器共享volumes 4. ...
- Docker Kubernetes存储>Volumes配置管理
Docker Kubernetes存储>Volumes配置管理 1.简介 2. emptyDir卷 2.1 简介 2.2 emptyDir卷示例配置 2.3 文件超过sizelimit 3. h ...
- Kubernetes 原理剖析与实战08 配置管理:Kubernete 管理业务配置方式有哪些?
通过前面几节课的学习,我们已经对 Kubernetes 中的 Pod 以及一些业务负载有所了解.你可以根据课程中提供的示例,自己动手尝试在集群中实践起来. 在使用过程中,我们常常需要对 Pod 进行一 ...
最新文章
- Windows Embedded Compact 7网络编程概述(上)
- JChartFree创建饼形图
- Python: Console框消失
- linux中的文件,文件夹,链接的权限划分
- 6 只能在公司代码xxxx的期间2020/08和2020/07中记账
- android 获取相机方向,android – 从相机捕捉图像,导致炸毁方向
- 服务器连接池怎么配置文件,服务器连接池怎么配置
- “模板”学习笔记(3)-----为啥函数模板不能重载
- Spring的标签和验证等模块
- [转]winform控件webbrowser和js脚本互调
- 西门子系列PLC教学视频资源4——S7-1200
- [Qt]一个关于galgame的练手项目的总结
- ftl 页面使用java代码_在FTL文件中使用自定义的Java方法
- 马云和卫哲:从不屑到仰慕 从朋友到诀别
- linux 效果器软件下载,盘点丨15款免费又好用的音乐制作软件
- 网站地图是什么,怎么制作和查看网站的地图呢?
- 企业网站防CC攻击软件防火墙和WEB防火墙大比较
- MTK6735 android 驱动修改模块
- 我在百度大脑用数据看《你好,李焕英》
- findbugs常见错误总结