Secret 可以为 Pod 提供密码、Token、私钥等敏感数据;对于一些非敏感数据,比如应用的配置信息,则可以用 ConfigMap。
ConfigMap 的创建和使用方式与 Secret 非常类似,主要的不同是数据以明文的形式存放。
与 Secret几乎一样的使用方法
编写configmap
[root@node1 ~]# vim configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
config1: xxx
config2: yyy
运行configmap
[root@node1 ~]# kubectl apply -f configmap.yml
configmap/myconfigmap created
查看configmap
[root@node1 ~]# kubectl get configmaps
NAME DATA AGE
myconfigmap 2 2m54s
查看configmap的详情
[root@node1 ~]# kubectl describe configmaps myconfigmap
Name: myconfigmap
Namespace: default
Labels: <none>
Annotations:
Data
====
config1:
----
xxx
config2:
----
yyy
Events: <none>
编写一个Pod的文件
[root@node1 ~]# vim mypod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: test
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 3000000
volumeMounts:
- name: foo
mountPath: /etc/foo
readOnly: True
volumes:
- name: foo
configMap:
name: myconfigmap # 指定运行的configmap的name
运行Pod
[root@node1 ~]# kubectl apply -f mypod.yml
pod/mypod created
进入容器查看
[root@node1 ~]# kubectl exec -it mypod -- sh
/ # cat /etc/foo/config1
xxx
/ # cat /etc/foo/config2
yyy
同样也能通过设置变量的方式去做configmap,和secret的方式以及语法几乎一样
ConfigMap管理配置文件
先将之前的内容都删除
[root@node1 ~]# kubectl delete -f mypod.yml
pod "mypod" deleted
[root@node1 ~]# kubectl delete -f configmap.yml
configmap "myconfigmap" deleted
修改configmap文件
[root@node1 ~]# vi configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfigmap
data:
logging.config: | # 配置文件名,以下全是配置文件中的内容
# 如果是nginx的配置文件,可以直接将配置文件复制在这下方
class: cyj
name: shidene
level: good
运行configmap
[root@node1 ~]# kubectl apply -f configmap.yml
configmap/myconfigmap created
修改Pod文件
[root@node1 ~]# vim mypod.yml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: test
image: busybox
args:
- /bin/sh
- -c
- sleep 10; touch /tmp/healthy; sleep 3000000
volumeMounts:
- name: foo
mountPath: /usr/local/nginx # 将logging.config的内容挂载到此路径
volumes:
- name: foo
configMap:
name: myconfigmap
items: # 放到/usr/local/nginx/log/logging.config
- key: logging.config # configmap中的文件名
path: log/logging.config
运行Pod
[root@node1 ~]# kubectl apply -f mypod.yml
pod/mypod created
进入容器查看
[root@node1 ~]# kubectl exec -it mypod -- sh
/ # cat /usr/local/nginx/log/logging.config
class: cyj
name: shidene
level: good