一、Secret
作用:
- 加密数据存在
etcd里面,让pod容器以挂载Volume方式进行访问
场景: 凭证
1.创建secret加密
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: d3V6aGl4dWFu
password: MTIzNDU2
查看secret
kubectl get secret
2.以变量的形式挂载到pod
kind: Pod
metadata:
name: secret-pod
spec:
containers:
- name: nginx
image: nginx
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name:
valueFrom:
secretKeyRef:
name: mysecret
key: password
3.以Volume形式挂载pod容器中
apiVersion: v1
kind: Pod
metadata:
name: secret-pod
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
二、ConfigMap
作用:存储不加密数据到etcd,让pod以变量或者Volume挂载到容器中
场景:配置文件
1.创建配置文件
# vim redis.properties
redis.host=127.0.0.1
redis.port=6379
redis.password=123456
# kubectl create configmap redis-config --from-file=redis.properties
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh","-c","cat /etc/config/redis.properties"]
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: redis-config
restartPolicy: Never
apiVersion: v1
kind: ConfigMap
metadata:
name: myconfig
namespace: default
data:
special.level: info
special.type: hello
~