Kubernetes(k8s)的Volume数据存储配置储存类型ConfigMap和Secret的使用

1. ConfigMap 1.1 概述

主要作用是用来存储配置信息的

1.2 资源清单文件

apiVersion: v1
kind: ConfigMap
metadata:
  name: configMap
  namespace: dev
data: 
  filename:
    key1: value1
    key2: value2

1.3 创建ConfigMap

新建configmap.yaml文件，内容如下。然后创建ConfigMap

[root@k8s-master ~]# cat configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap
  namespace: dev
data:
  info:
    username:admin
    password:123
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl apply -f configmap.yaml 
configmap/configmap created
[root@k8s-master ~]#

1.4 创建Pod，查看Pod，进入Pod

新建pod.yaml文件，内容如下。然后运行pod

[root@k8s-master ~]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod
  namespace: dev
spec:
  containers:
    - name: nginx
      image: nginx:latest
      ports:
        - name: nginx-port
          containerPort: 80
          protocol: TCP
      volumeMounts:
        - mountPath: /configmap/config
          name: config
  volumes:
    - name: config
      configMap:
        name: configmap
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl apply -f pod.yaml 
pod/pod created
[root@k8s-master ~]# 

查看Pod

[root@k8s-master ~]# kubectl get pod -n dev -o wide
NAME   READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
pod    1/1     Running   0          30s   10.244.169.185   k8s-node2              
[root@k8s-master ~]#

进入Pod查看配置

[root@k8s-master ~]# kubectl exec -it pod -c nginx -n dev -- /bin/bash
root@pod:/# 
root@pod:/# cat /configmap/config/info 
username:admin password:123root@pod:/# 
root@pod:/#

可以使用命令kubectl edit cm configmap -n dev更新ConfigMap中的内容，容器中的值也会动态更新

2. Secret 2.1 概述

在kubernetes中，还存在一种和ConfigMap非常类似的对象，称为Secret对象，它主要用来存储敏感信息，例如密码、密钥、证书等

2.2 创建Secret

新建secret.yaml文件，内容如下。然后创建Secret

[root@k8s-master ~]# cat secret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: secret
  namespace: dev
type: Opaque        # 用于用户定义的任意数据
stringData:
  username: admin
  password: password123
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl apply -f secret.yaml 
secret/secret created
[root@k8s-master ~]# 

2.3 查看Secret详情

[root@k8s-master ~]# kubectl describe secret secret -n dev
Name:         secret
Namespace:    dev
Labels:       
Annotations:  

Type:  Opaque

Data
====
password:  11 bytes
username:  5 bytes
[root@k8s-master ~]# 

2.4 创建Pod，查看Pod，进入Pod

新建pod.yaml文件，内容如下。然后运行pod

[root@k8s-master ~]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: pod
  namespace: dev
spec:
  containers:
    - name: nginx
      image: nginx:latest
      ports:
        - name: nginx-port
          containerPort: 80
          protocol: TCP
      volumeMounts:
        - mountPath: /secret/config
          name: config
  volumes:
    - name: config
      secret:
        secretName: secret
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl apply -f pod.yaml 
pod/pod created
[root@k8s-master ~]# 

查看Pod

[root@k8s-master ~]# kubectl get pod -n dev -o wide
NAME   READY   STATUS              RESTARTS   AGE   IP       NODE        NOMINATED NODE   READINESS GATES
pod    0/1     ContainerCreating   0          8s       k8s-node2              
[root@k8s-master ~]#

进入Pod查看配置

[root@k8s-master ~]# kubectl exec -it pod -c nginx -n dev -- /bin/bash
root@pod:/# 
root@pod:/# ls /secret/config/ 
password  username
root@pod:/# 
root@pod:/# cat /secret/config/username
adminroot@pod:/# 
root@pod:/#
root@pod:/# cat /secret/config/password
password123root@pod:/# 
root@pod:/# 

查看secret信息，发现已经自动解码了