List of articles

Kubernetes To configure

One 、Secret

1、Secret species

2、Pod How to quote

3、 experiment

Two 、ConfigMap

1、 Use mount ConfigMap

Kubernetes To configure

Configure best practice :

• Cloud native application 12 elements in , Configuration separation is proposed .

• Before pushing to the cluster , The configuration file should be stored in version control in . This allows you to quickly roll back configuration changes if necessary . It also helps cluster re creation and recovery .

• Use YAML instead of JSON Writing configuration files . Although these formats can be used interchangeably in almost all scenarios , but YAML Often more user-friendly .

• It is recommended that related objects be grouped into one file . such as guestbook-all-in-one.yaml

• Unless necessary , Otherwise, no default value is specified ： A simple minimal configuration reduces the likelihood of errors .

• Put the object description in the comment , In order to better introspect .

One 、Secret

• Secret Object types are used to Keep sensitive information , For example, password 、OAuth Token and SSH secret key . Put this information in secret Put the middle ratio in Pod It is more secure and flexible for the definition of or container image .

• Secret Is a method that contains a small amount of sensitive information, such as passwords 、 The object of the token or key . Users can create Secret, At the same time, the system also creates some Secret.

1、Secret species

• Subdivision type

2、Pod How to quote

To use Secret,Pod Need to quote Secret. Pod You can use it in one of three ways Secret：

• As a file in a volume mounted on one or more containers .（volume Mount ）

• Environment variables as containers （envFrom Field reference ）

• from kubelet For Pod Use when pulling the mirror image （ here Secret yes docker-registry Type of ）

Secret The name of the object must be legal DNS subdomain . Creating for Secret When writing a configuration file , You can set data And / or stringData Field . data and stringData Fields are optional .data All key values in the field must be base64 Encoded string . If you don't want to do this base64 String conversion operation , You can choose to set stringData Field , Any string can be used as its value .

3、 experiment

3.1、 establish Secret

generic type

##  Command line 
#### 1、 Use basic string 
kubectl create secret generic dev-db-secret \
  --from-literal=username=devuser \
  --from-literal=password='S!B\*d$zDsb='
  
##  Refer to the following yaml
apiVersion: v1
kind: Secret
metadata:
  name: dev-db-secret  
data:
  password: UyFCXCpkJHpEc2I9  ## base64 I coded it 
  username: ZGV2dXNlcg==


#### 2、 Use file content 
echo -n 'admin' > ./username.txt
echo -n '1f2d1e2e67df' > ./password.txt

kubectl create secret generic db-user-pass \
  --from-file=./username.txt \
  --from-file=./password.txt



#  The default key name is the file name .  You can choose to use  --from-file=[key=]source  To set the key name . as follows 
kubectl create secret generic db-user-pass-02 \
  --from-file=un=./username.txt \
  --from-file=pd=./password.txt

## Use yaml
dev-db-secret yaml The contents are as follows

• obtain Secret Content

kubectl get secret dev-db-secret -o jsonpath='{.data}'

3.2、 Use Secret

Environment variable reference

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never

The way environment variables are referenced is not automatically updated

Volume mount

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret

  Mounted secret stay secret It will be updated automatically when it changes （ Except for subpath references ）

Two 、ConfigMap

• ConfigMap To separate your configuration data from the application code .

• ConfigMap It's a kind of API object , Used to save non confidential data to key value pairs . When using ,Pods You can use it as an environment variable 、 Command line parameters or configuration files in the storage volume .

apiVersion: v1
kind: ConfigMap
metadata:
  name: game-demo
data:
  #  Class attribute key ; Each key is mapped to a simple value 
  player_initial_lives: "3"
  ui_properties_file_name: "user-interface.properties"

  #  Class file key 
  game.properties: |
    enemy.types=aliens,monsters
    player.maximum-lives=5    
  user-interface.properties: |
    color.good=purple
    color.bad=yellow
    allow.textmode=true

You can use... In four ways ConfigMap To configure Pod In the container ：

•   In container commands and parameters

• Container's environment variables

• Add a file to a read-only volume , Let the app read

• Write code in Pod Run in , Use Kubernetes API To read ConfigMap 

apiVersion: v1
kind: Pod
metadata:
  name: configmap-demo-pod
spec:
  containers:
    - name: demo
      image: alpine
      command: ["sleep", "3600"]
      env:
        #  Define environment variables 
        - name: PLAYER_INITIAL_LIVES #  Please note here and  ConfigMap  The key names in are different 
          valueFrom:
            configMapKeyRef:
              name: game-demo           #  This value comes from  ConfigMap
              key: player_initial_lives #  The key that needs to take value 
        - name: UI_PROPERTIES_FILE_NAME
          valueFrom:
            configMapKeyRef:
              name: game-demo
              key: ui_properties_file_name
      volumeMounts:
      - name: config
        mountPath: "/config"
        readOnly: true
  volumes:
    #  You can  Pod  Level setting volume , Then mount it to  Pod  Inside the container 
    - name: config
      configMap:
        #  Provide what you want to mount  ConfigMap  Name 
        name: game-demo
        #  come from  ConfigMap  A set of keys , Will be created as a file 
        items:
        - key: "game.properties"
          path: "game.properties"
        - key: "user-interface.properties"
          path: "user-interface.properties"

1、 Use mount ConfigMap

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    configMap:
      name: myconfigmap

ConfigMap Modification of , It can trigger the automatic update of the mounted file

• Blog home page ：https://lansonli.blog.csdn.net
• Welcome to thumb up Collection Leaving a message. Please correct any mistakes ！
• This paper is written by Lansonli original , First appeared in CSDN Blog
• When you stop to rest, don't forget that others are still running , I hope you will seize the time to learn , Go all out for a better life