K8s配置管理Configmap

# K8s 配置管理 Configmap

# 1. Configmap

# 1. 1 基于 from-env-file 创建 Configmap

	# cat cm_env.conf
	podname=nf-flms-system
	podip=192.168.1.100
	env=prod
	nacosaddr=nacos.svc.cluster.local

	#kubectl create cm cmenv --from-env-file=./cm_env.conf

# 1.2 基于 from-literal 创建 Configmap

# kubectl create cm cmliteral --from-literal=level=INFO --from-literal=passwd=Superman*2023

# 1.3 基于 from-file 创建 Configmap

	# cat s.hmallleasing.com.conf
	server {
	listen 80;
	server_name s.hmallleasing.com;
	client_max_body_size 1G;
	location / {
	proxy_pass http://192.168.1.134;
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_connect_timeout 30;
	proxy_send_timeout 60;
	proxy_read_timeout 60;

	proxy_buffering on;
	proxy_buffer_size 32k;
	proxy_buffers 4 128k;
	proxy_temp_file_write_size 10240k;
	proxy_max_temp_file_size 10240k;
	}
	}

	server {
	listen 80;
	server_name s.hmallleasing.com;
	return 302 https://$server_name$request_uri;
	}

	# kubectl create cm nginxconfig --from-file=./s.hmallleasing.com.conf

# 1.4 Deployment 挂载 configmap 示例

	[root@k8s-master01 cm]# cat deploy.yaml
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx-deploy
	name: nginx-deploy
	spec:
	replicas: 3
	selector:
	matchLabels:
	app: nginx-deploy
	template:
	metadata:
	labels:
	app: nginx-deploy
	spec:
	imagePullSecrets:
	- name: harboradmin
	containers:
	- image: nginx
	name: nginx
	ports:
	- name: http
	containerPort: 80
	protocol: TCP
	envFrom: # 1. 批量挂载 ConfigMap 生成环境变量
	- configMapRef:
	name: cmenv
	env:
	- name: MYSQL_ADDR # 2. 自定义环境变量
	value: "192.168.40.150"
	- name: MYSQL_PASSWD
	value: Superman*2022
	- name: LOG_LEVEL # 3. 挂载单个 ConfigMap 生成环境变量，这里和 ConfigMap 中的键名是不一样的
	valueFrom:
	configMapKeyRef:
	name: cmliteral # 这个值来自 ConfigMap
	key: level # 来自 ConfigMap 的 key
	volumeMounts:
	- name: nginx-config
	mountPath: "/etc/nginx/conf.d"
	readOnly: true
	volumes:
	- name: nginx-config
	configMap:
	name: nginxconfig # 提供你想要挂载的 ConfigMap 的名字

# 1.5 重命名挂载的 configmaq key 的名称

	[root@k8s-master01 cm]# cat deploy.yaml
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx-deploy
	name: nginx-deploy
	spec:
	replicas: 3
	selector:
	matchLabels:
	app: nginx-deploy
	template:
	metadata:
	labels:
	app: nginx-deploy
	spec:
	imagePullSecrets:
	- name: harboradmin
	containers:
	- image: nginx
	name: nginx
	ports:
	- name: http
	containerPort: 80
	protocol: TCP
	envFrom: # 1. 批量挂载 ConfigMap 生成环境变量
	- configMapRef:
	name: cmenv
	env:
	- name: MYSQL_ADDR # 2. 自定义环境变量
	value: "192.168.40.150"
	- name: MYSQL_PASSWD
	value: Superman*2022
	- name: LOG_LEVEL # 3. 挂载单个 ConfigMap 生成环境变量，这里和 ConfigMap 中的键名是不一样的
	valueFrom:
	configMapKeyRef:
	name: cmliteral # 这个值来自 ConfigMap
	key: level # 来自 ConfigMap 的 key
	volumeMounts:
	- name: nginx-config
	mountPath: "/etc/nginx/conf.d"
	readOnly: true
	volumes:
	- name: nginx-config
	configMap:
	name: nginxconfig # 提供你想要挂载的 ConfigMap 的名字
	items: # 重命名挂载的 configmaq key 的名称为 nginx.conf
	- key: s.hmallleasing.com.conf
	path: nginx.conf

	#查看挂载的 configmaq key 的名称重命名为 nginx.conf
	[root@k8s-master01 cm]# kubectl get pods
	NAME READY STATUS RESTARTS AGE
	nginx-deploy-bc476bc56-flln4 1/1 Running 0 10h
	nginx-deploy-bc476bc56-jhsh6 1/1 Running 0 10h
	nginx-deploy-bc476bc56-splv9 1/1 Running 0 10h
	[root@k8s-master01 cm]# kubectl exec -it nginx-deploy-bc476bc56-flln4 -- bash
	root@nginx-deploy-bc476bc56-flln4:/# ls /etc/nginx/conf.d/
	nginx.conf

# 1.6 修改挂载的 configmaq 权限

	[root@k8s-master01 cm]# cat deploy.yaml
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx-deploy
	name: nginx-deploy
	spec:
	replicas: 3
	selector:
	matchLabels:
	app: nginx-deploy
	template:
	metadata:
	labels:
	app: nginx-deploy
	spec:
	imagePullSecrets:
	- name: harboradmin
	containers:
	- image: nginx
	name: nginx
	ports:
	- name: http
	containerPort: 80
	protocol: TCP
	envFrom: # 1. 批量挂载 ConfigMap 生成环境变量
	- configMapRef:
	name: cmenv
	env:
	- name: MYSQL_ADDR # 2. 自定义环境变量
	value: "192.168.40.150"
	- name: MYSQL_PASSWD
	value: Superman*2022
	- name: LOG_LEVEL # 3. 挂载单个 ConfigMap 生成环境变量，这里和 ConfigMap 中的键名是不一样的
	valueFrom:
	configMapKeyRef:
	name: cmliteral # 这个值来自 ConfigMap
	key: level # 来自 ConfigMap 的 key
	volumeMounts:
	- name: nginx-config
	mountPath: "/etc/nginx/conf.d"
	readOnly: true
	volumes:
	- name: nginx-config
	configMap:
	name: nginxconfig # 提供你想要挂载的 ConfigMap 的名字
	items: # 重命名挂载的 configmaq key 的名称为 nginx.conf
	- key: s.hmallleasing.com.conf
	path: nginx.conf
	mode: 0644 # 配置挂载权限，针对单个 key 生效
	defaultMode: 0666 # 配置挂载权限，针对整个 key 生效

	#查看挂载权限
	root@nginx-deploy-7657fbffc7-k75l5:/# ls -l /etc/nginx/conf.d/nginx.conf
	lrwxrwxrwx 1 root root 17 Apr 16 13:37 /etc/nginx/conf.d/nginx.conf -> ..data/nginx.conf
	root@nginx-deploy-7657fbffc7-k75l5:/# ls -l /etc/nginx/conf.d/..data/nginx.conf
	-rw-rw-rw- 1 root root 722 Apr 16 13:37 /etc/nginx/conf.d/..data/nginx.conf

# 1.7 subpath 解决挂载覆盖问题

	#1. 创建 configmap
	[root@k8s-master01 cm]# cat nginx.conf

	user nginx;
	worker_processes 1;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;


	events {
	worker_connections 512;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	#tcp_nopush on;

	keepalive_timeout 65;

	#gzip on;

	include /etc/nginx/conf.d/*.conf;
	}

	[root@k8s-master01 cm]# kubectl create cm nginx-config --from-file=./nginx.conf

	#subpath 解决挂载覆盖问题
	[root@k8s-master01 study]# cat cm-deploy.yaml
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx-deploy
	name: nginx-deploy
	spec:
	replicas: 3
	selector:
	matchLabels:
	app: nginx-deploy
	template:
	metadata:
	labels:
	app: nginx-deploy
	spec:
	imagePullSecrets:
	- name: harboradmin
	containers:
	- image: nginx
	name: nginx
	ports:
	- name: http
	containerPort: 80
	protocol: TCP
	envFrom: # ①批量挂载 ConfigMap 生成环境变量
	- configMapRef:
	name: cmenv
	env:
	- name: MYSQL_ADDR # ②自定义环境变量
	value: "192.168.40.150"
	- name: MYSQL_PASSWD
	value: Superman*2022
	- name: LOG_LEVEL # ③挂载单个 ConfigMap 生成环境变量，这里和 ConfigMap 中的键名是不一样的
	valueFrom:
	configMapKeyRef:
	name: cmliteral # 这个值来自 ConfigMap
	key: level # 来自 ConfigMap 的 key
	volumeMounts:
	- name: config
	mountPath: "/etc/nginx/nginx.conf" #只挂在 nginx.conf 一个文件，不覆盖目录
	subPath: nginx.conf
	volumes:
	- name: config
	configMap:
	name: nginx-config # 提供你想要挂载的 ConfigMap 的名字

# 2. Secret

# 2.1 Secret 拉取私有仓库镜像

	# kubectl create secret docker-registry harboradmin \
	--docker-server=s.hmallleasing.com \
	--docker-username=admin \
	--docker-password=Superman*2023

# 2.2 创建 ssl Secret

# kubectl create secret tls dev.hmallleasig.com --key *.hmallleasing.com_key.key --cert *.hmallleasing.com_chain.crt -n dev

# 2.3 基于命令创建 generic Secret

	#1. 通过 from-env-file 创建
	# cat db.conf
	username=xuyong
	passwd=Superman*2023

	# kubectl create secret generic dbconf --from-env-file=./db.conf

	#2. 通过 from-literal 创建
	kubectl create secret generic db-user-pass \
	--from-literal=username=admin \
	--from-literal=password='S!B\*d$zDsb='

# 2.4 Secret 加密、解密

	1.加密
	# echo -n "Superman*2023" \| base64
	U3VwZXJtYW4qMjAyMw==

	2.解密
	# echo "U3VwZXJtYW4qMjAyMw==" \| base64 --decode

# 2.5 基于文件创建非加密 generic Secret

	# kubectl get secret dbconf -oyaml
	apiVersion: v1
	data:
	passwd: U3VwZXJtYW4qMjAyMw==
	username: eHV5b25n
	kind: Secret
	metadata:
	name: dbconf
	namespace: default
	type: Opaque

# 2. 6 基于 yaml 创建加密 generic Secret

	# cat mysql-secret.yaml
	apiVersion: v1
	kind: Secret
	metadata:
	name: mysql-secret
	namespace: dev
	stringData:
	MYSQL_ROOT_PASSWORD: Superman*2023
	type: Opaque

# 2.7 Deployment 挂载 Secret 示例

	[root@k8s-master01 study]# cat cm-deploy.yaml
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx-deploy
	name: nginx-deploy
	spec:
	replicas: 3
	selector:
	matchLabels:
	app: nginx-deploy
	template:
	metadata:
	labels:
	app: nginx-deploy
	spec:
	imagePullSecrets:
	- name: harboradmin
	containers:
	- image: nginx
	name: nginx
	ports:
	- name: http
	containerPort: 80
	protocol: TCP
	- name: MYSQL_ROOT_PASSWORD
	valueFrom:
	secretKeyRef:
	name: mysql-secret
	key: MYSQL_ROOT_PASSWORD

# 3. ConfigMap&Secret 热更新

# kubectl create cm nginxconfig --from-file=nginx.conf --dry-run=client -oyaml | kubectl replace -f -

本文出自于：https://edu.51cto.com/course/23845.html

Kubernetes

# K8s 配置管理 Configmap

# 1. Configmap

# 1. 1 基于 from-env-file 创建 Configmap

# 1.2 基于 from-literal 创建 Configmap

# 1.3 基于 from-file 创建 Configmap

# 1.4 Deployment 挂载 configmap 示例

# 1.5 重命名挂载的 configmaq key 的名称

# 1.6 修改挂载的 configmaq 权限

# 1.7 subpath 解决挂载覆盖问题

# 2. Secret

# 2.1 Secret 拉取私有仓库镜像

# 2.2 创建 ssl Secret

# 2.3 基于命令创建 generic Secret

# 2.4 Secret 加密、解密

# 2.5 基于文件创建非加密 generic Secret

# 2. 6 基于 yaml 创建加密 generic Secret

# 2.7 Deployment 挂载 Secret 示例

# 3. ConfigMap&Secret 热更新

K8s服务发布Service

K8s持久化存储