k8s 之 configMap

configMap 是一种快捷的修改容器内 变量的方式，由k-v组成，当修改configmap时 容器中的变量也会相应修改。
查看帮助文档

[root@node-1 ~]# kubectl explain pod.spec.containers.env.valueFrom.configMapKeyRef[root@node-1 ~]# kubectl explain configmap

configmap 可以直接用命令创建也可以把value保存到文件中,此时文件名为key ,文件中的内容为value.
直接用命令：

[root@node-1 ~]# kubectl create configmap --help kubectl create configmap nginx-nc --from-literal=nginx_port=80 --from-literal=nginx_server=erick.com 查看创建的cm[root@node-1 ~]# kubectl get cmNAME       DATA   AGEnginx-nc   2      60s[root@node-1 cm]# kubectl get cm nginx-nc -o yamlapiVersion: v1data:  nginx_port: "80"  nginx_server: erick.comkind: ConfigMapmetadata:  creationTimestamp: "2019-06-20T22:34:44Z"  name: nginx-nc  namespace: default  resourceVersion: "432545"  selfLink: /api/v1/namespaces/default/configmaps/nginx-nc  uid: 9a180b6e-93ab-11e9-b0ae-080027edb92f[root@node-1 cm]# 

把value以文件的方式存放

[root@node-1 cm]# cat www.conf server {        server_name myapp.com;        port 80;        root /data/web/html;}[root@node-1 cm]# kubectl create configmap nginx-cm-from-file --from-file=./www.conf configmap/nginx-cm-from-file created[root@node-1 cm]# kubectl get cmNAME                 DATA   AGEnginx-cm-from-file   1      7snginx-nc             2      9m7s[root@node-1 cm]# kubectl get cm nginx-cm-from-file -o yamlapiVersion: v1data:  www.conf: "server {\n\tserver_name myapp.com;\n\tport 80;\n\troot /data/web/html;\n\n}\n"kind: ConfigMapmetadata:  creationTimestamp: "2019-06-20T22:43:44Z"  name: nginx-cm-from-file  namespace: default  resourceVersion: "433432"  selfLink: /api/v1/namespaces/default/configmaps/nginx-cm-from-file  uid: dbd2aa33-93ac-11e9-b0ae-080027edb92f[root@node-1 cm]# 也可以用describe 看[root@node-1 cm]# kubectl describe cm nginx-ncName:         nginx-ncNamespace:    defaultLabels:       Annotations:  Data====nginx_port:----80nginx_server:----erick.comEvents:  [root@node-1 cm]# kubectl describe cm nginx-cm-from-fileName:         nginx-cm-from-fileNamespace:    defaultLabels:       Annotations:  Data====www.conf:----server {  server_name myapp.com;  port 80;  root /data/web/html;}Events:  

可以看到用这种方式创建，key为文件名， key 为文件中的内容.

创建一个pod 关联刚刚创建的cm

[root@node-1 cm]# cat cm-1.yml apiVersion: v1kind: Podmetadata:  name: myapp-cm-1  namespace: default  annotations:    erick: "by erick"spec:  containers:  - name: myapp-cm-1    image: ikubernetes/myapp:v1    ports:    - name: http      containerPort: 80    env:    - name: nginx_port      valueFrom:         configMapKeyRef:          name: nginx-nc          key: nginx_port    - name: nginx_server      valueFrom:         configMapKeyRef:          name: nginx-nc          key: nginx_server[root@node-1 cm]# 

进入容器并查看环境变量

[root@node-1 cm]# kubectl get podNAME                           READY   STATUS              RESTARTS   AGEmyapp-cm-1                     1/1     Running             0          2m16s[root@node-1 cm]# kubectl exec -it myapp-cm-1 -- /bin/sh/ # env|grep nginx_portnginx_port=80/ # env|grep nginx_servernginx_server=erick.com/ # 

我们把cm 的环境变量修改下

[root@node-1 cm]# kubectl edit  configmap  nginx-nc# Please edit the object below. Lines beginning with a '#' will be ignored,# and an empty file will abort the edit. If an error occurs while saving this file will be# reopened with the relevant failures.#apiVersion: v1data:  nginx_port: "8080"  nginx_server: erick.comkind: ConfigMapmetadata:  creationTimestamp: "2019-06-20T22:34:44Z"  name: nginx-nc  namespace: default  resourceVersion: "436267"  selfLink: /api/v1/namespaces/default/configmaps/nginx-nc  uid: 9a180b6e-93ab-11e9-b0ae-080027edb92f~                                          把port修改成8080再次查看环境变量是否更改[root@node-1 cm]# kubectl exec -it myapp-cm-1 -- /bin/sh/ # env|grep nginx_portnginx_port=80/ # 

结论： pod中的环境变量只会在第一次创建时生效，即使 重启pod也不会生效，后期修改不会生效。

2。基于存储卷的的 pod 引用环境变量。

apiVersion: v1kind: Podmetadata:  name: myappcmwww  namespace: default  annotations:    erick: "by erick"spec:  containers:  - name: myappcmwww    image: ikubernetes/myapp:v1    ports:    - name: http      containerPort: 80    volumeMounts:    - name: nginx-conf      mountPath: /etc/nginx/conf.d/  volumes:  - name: nginx-conf    configMap:      name: nginx-cm-from-file[root@node-1 cm]# 进入容器查看 环境变量[root@node-1 cm]# kubectl exec -it myappcmwww -- /bin/sh/ # cat /etc/nginx/conf.d/..2019_06_22_09_11_04.278015527/  ..data/                           www.conf/ # cat /etc/nginx/conf.d/www.conf server {        server_name myapp.com;        listen 80;        root /data/web/html;}/ # 

修改configmap 的端口为8080

[root@node-1 ~]# kubectl edit cm nginx-cm-from-file# Please edit the object below. Lines beginning with a '#' will be ignored,# and an empty file will abort the edit. If an error occurs while saving this file will be# reopened with the relevant failures.#apiVersion: v1data:  www.conf: "server {\n\tserver_name myapp.com;\n\tlisten 8080;\n\troot /data/web/html;\n\n}\n"kind: ConfigMapmetadata:  creationTimestamp: "2019-06-20T22:43:44Z"  name: nginx-cm-from-file  namespace: default  resourceVersion: "494403"  selfLink: /api/v1/namespaces/default/configmaps/nginx-cm-from-file  uid: dbd2aa33-93ac-11e9-b0ae-080027edb92f在容器内查看环境变量是否更改。/ # cat /etc/nginx/conf.d/www.conf server {        server_name myapp.com;        listen 8080;        root /data/web/html;}/ # 

已经动态的发生了改变。

secret
secret 是用base64 进行编码的格式

[root@node-1 cm]# kubectl create secret --help[root@node-1 cm]# kubectl create secret --helpCreate a secret using specified subcommand.Available Commands:  docker-registry Create a secret for use with a Docker registry ## 链接私有镜像时  generic         Create a secret from a local file, directory or literal value  ## 储存密码时  tls             Create a TLS secret ## 放入证书时Usage:  kubectl create secret [flags] [options]Use "kubectl  --help" for more information about a given command.Use "kubectl options" for a list of global command-line options (applies to all commands).[root@node-1 cm]# 

secrete 是 用bash74 加密的， 可以被反向解密。