Kubernetes----ストレージボリューム(ConfigMap、secret)
6751 ワード
特殊なタイプのストレージボリューム:
configMap:Podのコンテナ注入変数に変数注入で構成を変更する;ボリュームを格納するようにPodにマウントされ、プロファイルは指定された場所に格納されてPodに構成を提供する.明文でデータを格納します.
secret:ConfigMap機能と一致するが、その内容はbase 64符号化方式で格納される.
Podにおける容器参照環境変数:ConfigMap:pods.containers.spec.env.envFrom.configMapKeyRef ConfigMapに保存されているデータはすべてキー値モードで、名前空間のリソースに属します.
コマンドライン方式configmapの作成
# ConfigMap
$ kubectl explain cm
$ kubectl create configmap --help
Usage:
kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run] [options]
$ kubectl create configmap nginx-cofnig --from-literal=nginx_port=80 --from-literal=server_name=myapp.kfree.com
$ kubectl get cm
NAME DATA AGE
nginx-config 2 2s
$ kubectl describe cm nginx-config
Name: nginx-config
Namespace: default
Labels:
Annotations:
Data
====
nginx_port:
----
80
server_name:
----
myapp.kfree.com
Events:
ファイル方式configmapの作成
$ vim www.conf
server {
server_name myapp.kfree.com;
listen 80;
root /data/web/html/;
}
$ kubectl create configmap nginx-www --from-file=./www.conf
$ kubectl get cm
NAME DATA AGE
nginx-www 1 41s
$ kubectl describe cm nginx-www
Name: nginx-www
Namespace: default
Labels:
Annotations:
Data
====
www.conf( ):
----
( )
server {
server_name myapp.kfree.com;
listen 80;
root /data/web/html/;
}
Events:
定義したconfigmapをPodに注入し、Podを定義し、作成時にのみ有効であり、後続の変更はリアルタイムで更新できません。
$ vim pod-cm-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-1
namespace: default
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
env:
- name: NGINX_SERVER_PORT
valueFrom:
configMapKeyRef:
name: nginx-config
key: nginx_port
- name: NGINX_SERVER_NAME
valueFrom:
configMapKeyRef:
name: nginx-config
key: server_name
$ kubectl apply -f pod-cm-1.yaml
$ kubectl exec pod-cm-1 -- env
....
NGINX_SERVER_PORT=80
NGINX_SERVER_NAME=myapp.kfree.com
....
手動で作成したconfigmapをpodにファイルに変換します(実際には作成したconfigmapをPodにマウントします)
キー名:ファイル名キー値ファイル内容$ vim pod-cm-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-2
namespace: default
spec:
containers:
- name: pod-cm-2
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/conf.d/
readonly: true
volumes:
- name: nginxconf
configMap:
name: nginx-www
$ kubectl apply -f pod-cm-2.yaml
$ kubectl exec pod-cm-2 -- ls /etc/nginx/conf.d/
www.conf
$ kubectl exec -it pod-cm-2 -- /bin/sh
# / mkdir -p /data/web/html/
# / echo "hello cm nginx" > /data/web/html/index.html
# / exit
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-cm-2 1/1 Running 0 25m 10.244.2.144 node2
# vim /etc/hosts
10.244.2.144 myapp.kfree.com
# curl myapp.kfree.com
hello cm nginx
動的にcm情報を修正するPodが動的にcmの内容に応じて変化することを検証する
$ kubectl edit cm nginx-www
....
nginx_port: 8080
....
$ kubectl exec pod-cm-2 -- nginx -s reload
$ curl myapp.kfree.com:8080
hello cm nginx
secret:
$ kubectl create secret --help
Usage:
kubectl create secret [flags] [options]
Available Commands:
docker-registry Create a secret for use with a Docker registry(docker )
generic Create a secret from a local file, directory or literal value( , .)
tls Create a TLS secret( )
$ kubectl create secret generic mysql-root-password --from-literal=password=Mypass123
$ kubectl get secret
NAME TYPE DATA AGE
default-token-ppzsj kubernetes.io/service-account-token 3 21d
mysql-root-password Opaque 1 4s
$ kubectl describe secret mysql-root-password
Name: mysql-root-password
Namespace: default
Labels:
Annotations:
Type: Opaque
Data
====( )
password: 9 bytes
# secret Pod
$ vim pod-secret-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-1
namespace: default
spec:
containers:
- name: pod-secret-1
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-root-password
key: password
$ kubectl exec pod-secret-1 -- env
....
MYSQL_ROOT_PASSWORD=Mypass1234
....
# ConfigMap
$ kubectl explain cm
$ kubectl create configmap --help
Usage:
kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run] [options]
$ kubectl create configmap nginx-cofnig --from-literal=nginx_port=80 --from-literal=server_name=myapp.kfree.com
$ kubectl get cm
NAME DATA AGE
nginx-config 2 2s
$ kubectl describe cm nginx-config
Name: nginx-config
Namespace: default
Labels:
Annotations:
Data
====
nginx_port:
----
80
server_name:
----
myapp.kfree.com
Events:
$ vim www.conf
server {
server_name myapp.kfree.com;
listen 80;
root /data/web/html/;
}
$ kubectl create configmap nginx-www --from-file=./www.conf
$ kubectl get cm
NAME DATA AGE
nginx-www 1 41s
$ kubectl describe cm nginx-www
Name: nginx-www
Namespace: default
Labels:
Annotations:
Data
====
www.conf( ):
----
( )
server {
server_name myapp.kfree.com;
listen 80;
root /data/web/html/;
}
Events:
$ vim pod-cm-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-1
namespace: default
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
env:
- name: NGINX_SERVER_PORT
valueFrom:
configMapKeyRef:
name: nginx-config
key: nginx_port
- name: NGINX_SERVER_NAME
valueFrom:
configMapKeyRef:
name: nginx-config
key: server_name
$ kubectl apply -f pod-cm-1.yaml
$ kubectl exec pod-cm-1 -- env
....
NGINX_SERVER_PORT=80
NGINX_SERVER_NAME=myapp.kfree.com
....
$ vim pod-cm-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-2
namespace: default
spec:
containers:
- name: pod-cm-2
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/conf.d/
readonly: true
volumes:
- name: nginxconf
configMap:
name: nginx-www
$ kubectl apply -f pod-cm-2.yaml
$ kubectl exec pod-cm-2 -- ls /etc/nginx/conf.d/
www.conf
$ kubectl exec -it pod-cm-2 -- /bin/sh
# / mkdir -p /data/web/html/
# / echo "hello cm nginx" > /data/web/html/index.html
# / exit
$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-cm-2 1/1 Running 0 25m 10.244.2.144 node2
# vim /etc/hosts
10.244.2.144 myapp.kfree.com
# curl myapp.kfree.com
hello cm nginx
$ kubectl edit cm nginx-www
....
nginx_port: 8080
....
$ kubectl exec pod-cm-2 -- nginx -s reload
$ curl myapp.kfree.com:8080
hello cm nginx
$ kubectl create secret --help
Usage:
kubectl create secret [flags] [options]
Available Commands:
docker-registry Create a secret for use with a Docker registry(docker )
generic Create a secret from a local file, directory or literal value( , .)
tls Create a TLS secret( )
$ kubectl create secret generic mysql-root-password --from-literal=password=Mypass123
$ kubectl get secret
NAME TYPE DATA AGE
default-token-ppzsj kubernetes.io/service-account-token 3 21d
mysql-root-password Opaque 1 4s
$ kubectl describe secret mysql-root-password
Name: mysql-root-password
Namespace: default
Labels:
Annotations:
Type: Opaque
Data
====( )
password: 9 bytes
# secret Pod
$ vim pod-secret-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-1
namespace: default
spec:
containers:
- name: pod-secret-1
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-root-password
key: password
$ kubectl exec pod-secret-1 -- env
....
MYSQL_ROOT_PASSWORD=Mypass1234
....