本文主要是介绍90、k8s之secret+configMap,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一、secret配置管理
配置管理:
加密配置:保存密码,token,其他敏感信息的k8s资源
应用配置:我们需要定制化的给应用进行配置,我们需要把定制好的配置文件同步到pod当中容器
1.1、加密配置:
secret:
[root@master01 ~]# kubectl get secrets ##查看加密配置
[root@master01 ~]# kubectl get secrets -n kube-system ##查看加密配置
1.2、secret三种类型:
1、service-account-token:k8s集群自建,用来访问APIserver的secret,pod的默认使用这secret和APIserver进行通信。
自动挂载到pod的目录/run/secrets/kubernets.io/serviceaccount目录。
2、Opaque:用户自定义的密码,密钥等等,默认类型就是opaque。generic(语法)
3、kubernets.io/dockerconfigison:配置docker私有仓库的认证信息。
4、TLS:用来存储TLS或者SSL证书和私钥。
1、创建文件-----基于文件创建secret,目的进行加密
[root@master01 ~]# cd /opt/
[root@master01 opt]# mkdir secret
[root@master01 opt]# cd secret/
[root@master01 secret]# echo "xy102" > username.txt
[root@master01 secret]# echo "123456" > passwd.txt
[root@master01 secret]# echo "123456" > password.txt##创建加密文件secret1,基于Opaque类型创建,文件来自于本目录路径[root@master01 secret]# kubectl create secret generic secret1 --from-file=username.txt --from-file=password.txt ##查看secret配置文件
[root@master01 secret]# kubectl get secrets
secret1 Opaque 2 11s##查看secret1的详细信息,类型
[root@master01 secret]# kubectl describe secrets secret1
Name: secret1
Namespace: default
Labels: <none>
Annotations: <none>Type: OpaqueData
====
password.txt: 7 bytes
username.txt: 6 bytes2、对指定内容进行加密-----#yaml文件实现----生成secret2加密文件
##对指定内容进行加密
[root@master01 configmap]# echo -n xy102 | base64
eHkxMDI=
[root@master01 configmap]# echo -n 123456 | base64
MTIzNDU2[root@master01 secret]# vim secret1.yamlapiVersion: v1
kind: Secret
metadata:name: secret2
type: Opaque
#声明类型
data: ##指定文件来自于加密过的文件username: eHkxMDI=password: MTIzNDU2[root@master01 secret]# kubectl apply -f secret1.yaml
secret/secret2 created3、#如何把secret挂载到pod当中
[root@master01 secret]# vim secret1.yamlapiVersion: v1
kind: Secret
metadata:name: secret2
type: Opaque
#声明类型
data:username: eHkxMDI=password: MTIzNDU2
----------------------------------------------
##以上已经创建好secret2加密文件[root@master01 secret]# kubectl apply -f secret1.yaml
secret/secret2 created[root@master01 secret]# vim test1.yaml#如何把secrert挂载到pod当中
apiVersion: v1
kind: Pod
metadata:name: pod1labels:app: test
spec:containers:- name: nginximage: nginx:1.22volumeMounts:- name: sec-testmountPath: "/etc/secrets" ##容器里面的目录readOnly: true ##只读模式,默认就是只读volumes:- name: sec-test ##名称自定义secret: ##引用加密文件格式声明secretName: secret2 ##通过secret加密文件名称,把secret2文件挂载到容器##查看加密文件详情
[root@master01 secret]# kubectl get secrets
secret2 Opaque 2 13m##拉取pod,进行加密文件从宿主机到pod容器的挂载
[root@master01 secret]# kubectl apply -f test1.yaml
pod/pod1 created
[root@master01 secret]# kubectl get pod
pod1 1/1 Running 0 14s
[root@master01 secret]# kubectl exec -it pod1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod1:/# cd /etc/
root@pod1:/etc# cd secrets/
root@pod1:/etc/secrets# ls
password username4、环境变量
[root@master01 secret]# vim test1.yaml #如何把secrert挂载到pod当中
#把secret作为环境变量传到pod当中
apiVersion: v1
kind: Pod
metadata:name: pod1labels:app: test
spec:containers:- name: nginximage: nginx:1.22env:
#给pod容器定义环境变量- name: USER
#环境变量的变量名valueFrom:
#user变量的值从哪里来?secretKeyRef:
##引用secret的某一个加密文件,采用key形式,进行捕捉,此处捕捉usernamename: secret2key: username- name: PASSWORDvalueFrom:secretKeyRef:name: secret2key: password
##引用secret的某一个加密文件,采用key形式,进行捕捉,此处捕捉password[root@master01 secret]# kubectl apply -f test1.yaml --force
pod/pod1 configured[root@master01 secret]# kubectl exec -it pod1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod1:/# echo $USER
xy102
root@pod1:/# echo $PASSWORD
123456##-- 查看容器里面的文件
[root@master01 secret]# kubectl exec -it pod1 -- cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin5、免密登录harbor仓库流程
1、创建secret文件harbor1,声明仓库地址,用户admin,密码123456
[root@master01 opt]# kubectl create secret docker-registry harbor1 --docker-server=192.168.168.84 --docker-username=admin --docker-password=123456
secret/harbor1 created[root@master01 secret]# vim test1.yaml #如何把secrert挂载到pod当中
#把secret作为环境变量传到pod当中
apiVersion: v1
kind: Pod
metadata:name: pod1labels:app: test
spec:containers:- name: nginximage: hub.test.com/test1/nginx:v1imagePullSecrets:
#指定docker私有仓库的加密的secret配置,和containers对齐- name: harbor1
##使用harbor1文件进行免密登录[root@master01 secret]# kubectl apply -f test1.yaml --force
pod/pod1 configured
[root@master01 secret]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs1-76f66b958-68wpl 1/1 Running 0 3d
pod1 1/1 Running 0 52s6、上传镜像tomcat到仓库,使用免密登录进行拉取
[root@k8s4 ~]# vim /etc/docker/daemon.json
[root@k8s4 ~]# systemctl daemon-reload
{"registry-mirrors": ["https://hub-mirror.c.163.com","https://docker.m.daocloud.io","https://ghcr.io","https://mirror.baidubce.com","https://docker.nju.edu.cn"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"}
}
[root@k8s4 ~]# systemctl restart docker
[root@k8s4 ~]# docker pull tomcat
[root@k8s4 ~]# docker tag tomcat:latest hub.test.com/test1/tomcat:v1
[root@k8s4 ~]# docker login -u admin -p 123456 https://hub.test.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
[root@k8s4 ~]# docker push hub.test.com/test1/tomcat:v1 [root@master01 secret]# vim test1.yaml #如何把secrert挂载到pod当中
#把secret作为环境变量传到pod当中
apiVersion: v1
kind: Pod
metadata:name: pod1labels:app: test
spec:containers:- name: nginximage: hub.test.com/test1/tomcat:v1imagePullSecrets:
#指定docker私有仓库的加密的secret配置,和containers对齐- name: harbor1[root@master01 secret]# kubectl apply -f test1.yaml
[root@node02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 5ef79149e0ec 3 weeks ago 188MB
hub.test.com/test1/tomcat v1 c2a444ea6cd7 4 weeks ago 508MB二、configMap:(面试会问)
语法和secret一致,但是configMap保存的不是加密信息,就是用于应用的配置信息。
2.1、创建方式:
1、命令行------创建文件-----创建configMap
2、基于configMap,yaml文件进行使用名称进行匹配挂载使用
[root@master01 opt]# mkdir configmap
[root@master01 opt]# cd configmap/
[root@master01 configmap]# echo 123 > test1
[root@master01 configmap]# echo 456 > test2
[root@master01 configmap]# kubectl create configmap con1 --from-file=/opt/configmap/
configmap/con1 created
[root@master01 configmap]# kubectl describe configmaps con1
Name: con1
Namespace: default
Labels: <none>
Annotations: <none>Data
====
test1:
----
123test2:
----
456Events: <none>3、yaml文件创建configMap
[root@master01 configmap]# vim configmap1.yamlapiVersion: v1
kind: ConfigMap
metadata:name: con2
data: test1: "123"test2: "456"
[root@master01 configmap]# kubectl apply -f configmap1.yaml
configmap/con2 created
#yaml文件默认都是字符串,出现数字时,要引起来[root@master01 configmap]# kubectl get cm
con2 2 2m7s2.2、使用configmap
#pod里面用configmap做的pod的环境变量
[root@master01 configmap]# vim con2.yamlapiVersion: v1
kind: Pod
metadata:name: pod1labels:app: test
spec:containers:- name: nginximage: nginx:1.22env:- name: ABCvalueFrom:configMapKeyRef:name: con1key: test1- name: DEFvalueFrom:configMapKeyRef:name: con1key: test2[root@master01 configmap]# kubectl apply -f con2.yaml --force
pod/pod1 configured[root@master01 configmap]# kubectl apply -f con2.yaml --force
pod/pod1 configured
[root@master01 configmap]# kubectl exec -it pod1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod1:/# echo $ABC
123
root@pod1:/# echo $DEF
456拉取pod容器
[root@master01 configmap]# vim con2.yamlapiVersion: v1
kind: Pod
metadata:name: pod1labels:app: test
spec:containers:- name: nginximage: nginx:1.221、本地写好配置文件,用于后续创建configMap文件,给pod容器提供配置文件
[root@master01 configmap]# vim nginx.confworker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 8081;server_name localhost;charset utf-8;location / {root html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}##创建configMap,基于本地文件nginx.conf[root@master01 configmap]# kubectl create configmap nginx-con --from-file=/opt/configmap/nginx.conf
configmap/nginx-con created
[root@master01 configmap]# kubectl get cm
NAME DATA AGE
con1 2 16m
con2 2 12m
kube-root-ca.crt 1 13d
nginx-con 1 71s
redis-config 2 20h
redis-config-master 3 26h2、命令行创建configMap文件
##创建configMap,基于本地文件nginx.conf[root@master01 configmap]# kubectl create configmap nginx-con --from-file=/opt/configmap/nginx.conf
configmap/nginx-con created
[root@master01 configmap]# kubectl get cm
NAME DATA AGE
con1 2 16m
con2 2 12m
kube-root-ca.crt 1 13d
nginx-con 1 71s
redis-config 2 20h
redis-config-master 3 26h
3、通过yaml配置文件进行创建(注意格式,有些可以不要)
[root@master01 configmap]# kubectl get cm nginx-con -o yaml
apiVersion: v1
data:nginx.conf: |worker_processes 2;events {worker_connections 1024;}http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;charset utf-8;location / {root /usr/share/nginx/html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}}
kind: ConfigMap
metadata:creationTimestamp: "2024-09-09T03:28:45Z"managedFields:- apiVersion: v1fieldsType: FieldsV1fieldsV1:f:data: {}manager: kubectl-createoperation: Updatetime: "2024-09-09T03:28:45Z"- apiVersion: v1fieldsType: FieldsV1fieldsV1:f:data:f:nginx.conf: {}manager: kubectl-editoperation: Updatetime: "2024-09-09T04:37:54Z"name: nginx-connamespace: defaultresourceVersion: "732623"selfLink: /api/v1/namespaces/default/configmaps/nginx-conuid: 11452970-5f50-474e-8954-94812f9089c44、yaml文件创建configMap
apiVersion: v1
kind: ConfigMap
metadata:name: redis-config
data:redis.conf: |bind 0.0.0.0protected-mode noport 6379dir /dataappendonly yessentinel.conf: |sentinel monitor mymaster redis-master 6379 2sentinel down-after-milliseconds mymaster 5000sentinel failover-timeout mymaster 10000sentinel parallel-syncs mymaster 1
5、拉取容器进行挂载,宿主机通过configMap把nginx-con的nginx.conf配置文件,通过name相同,挂载到容器的/etc/nginx目录下;
把节点的/opt/html11目录和容器/usr/share/nginx/html目录进行挂载,可以进行配置页面访问
[root@master01 configmap]# vim con1-test.yamlapiVersion: apps/v1
kind: Deployment
metadata:name: nginx1labels:app: test
spec:replicas: 1selector:matchLabels:app: testtemplate:metadata:labels:app: testspec:containers:- name: nginximage: nginx:1.22ports:- containerPort: 8081volumeMounts:- name: nginx-con1mountPath: /etc/nginx- name: html-1mountPath: /usr/share/nginx/htmlvolumes:- name: nginx-con1configMap:name: nginx-con
--------------------------------------------------
kubectl create configmap nginx-con --from-file=/opt/configmap/nginx.conf
configmap/nginx-con created ##从此处可以发现nginx-con来自哪里,传到/etc/nginx目录中去
[root@master01 configmap]# ll
总用量 24
-rw-r--r--. 1 root root 665 9月 9 12:29 con1-test.yaml
-rw-r--r--. 1 root root 130 9月 9 11:26 con2.yaml
-rw-r--r--. 1 root root 158 9月 9 11:19 configmap1.yaml
-rw-r--r--. 1 root root 475 9月 9 11:27 nginx.conf
-rw-r--r--. 1 root root 4 9月 9 11:12 test1
-rw-r--r--. 1 root root 4 9月 9 11:12 test2
[root@master01 configmap]# cat nginx.conf
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 8081;server_name localhost;charset utf-8;location / {root html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}
##发现源文件没有更改
##查看cm的文件
[root@master01 configmap]# kubectl get cm
NAME DATA AGE
con1 2 120m
con2 2 116m
kube-root-ca.crt 1 13d
nginx-con 1 105m
redis-config 2 22h
redis-config-master 3 28h
[root@master01 configmap]# kubectl describe cm nginx-con
Name: nginx-con
Namespace: default
Labels: <none>
Annotations: <none>Data
====
nginx.conf:
----
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;charset utf-8;location / {root /usr/share/nginx/html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}Events: <none>##kubectl edit cm nginx-con
##edit cm nginx-con相当于更改cm下的nginx-con--------------------------------------------------- name: html-1hostPath:path: /opt/html11type: DirectoryOrCreate
2.3、操作配置文件查看实际效果,中间有小问题
[root@master01 configmap]# vim con1-test.yamlapiVersion: apps/v1
kind: Deployment
metadata:name: nginx1labels:app: test
spec:replicas: 1selector:matchLabels:app: testtemplate:metadata:labels:app: testspec:containers:- name: nginximage: nginx:1.22ports:- containerPort: 8081volumeMounts:- name: nginx-con1mountPath: /etc/nginx- name: html-1mountPath: /usr/share/nginx/htmlvolumes:- name: nginx-con1configMap:name: nginx-con- name: html-1hostPath:path: /opt/html11type: DirectoryOrCreate[root@master01 configmap]# kubectl apply -f con1-test.yaml
deployment.apps/nginx1 configured
[root@master01 configmap]# kubectl get pod
[root@master01 configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs1-76f66b958-68wpl 1/1 Running 0 3d2h
nginx1-fbc555f4b-srvxb 1/1 Running 0 29s
pod1 1/1 Running 0 65m[root@master01 configmap]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 3d2h 10.244.2.173 node02 <none> <none>
nginx1-fbc555f4b-srvxb 1/1 Running 0 2m43s 10.244.2.233 node02 <none> <none>
pod1 1/1 Running 0 67m 10.244.2.232 node02 <none> <none>[root@master01 configmap]# curl 10.244.2.233
curl: (7) Failed connect to 10.244.2.233:80; 拒绝连接
[root@master01 configmap]# curl 10.244.2.233:8081
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@master01 configmap]# kubectl logs -f nginx1-fbc555f4b-srvxb /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/09/09 04:32:50 [error] 20#20: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 10.244.0.0, server: localhost, request: "GET / HTTP/1.1", host: "10.244.2.233:8081"
10.244.0.0 - - [09/Sep/2024:04:32:50 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.29.0"[root@master01 configmap]# kubectl exec -it nginx1-fbc555f4b-srvxb bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx1-fbc555f4b-srvxb:/# cd /etc/nginx/
root@nginx1-fbc555f4b-srvxb:/etc/nginx# ls
nginx.conf
root@nginx1-fbc555f4b-srvxb:/etc/nginx# cat nginx.conf
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 8081;server_name localhost;charset utf-8;location / {root html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}##config的热跟新
[root@master01 configmap]# kubectl edit cm nginx-con ##在k8s外面更改cm配置文件server {listen 80;server_name localhost;charset utf-8;location / {root /usr/local/nginx/html;configmap/nginx-con edited##外部使用命令查看pod容器的文件内容
[root@master01 configmap]# kubectl exec -it nginx1-fbc555f4b-srvxb -- cat /etc/nginx/nginx.conf
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;charset utf-8;location / {root /usr/local/nginx/html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}##滚动更新
[root@master01 configmap]# kubectl patch deployments.apps nginx1 --patch '{"spec": {"template": {"metadata": {"annotations": {"version/config": "20240909" }}}}}'
deployment.apps/nginx1 patched##查看pod更新后的信息
[root@master01 configmap]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 3d2h 10.244.2.173 node02 <none> <none>
nginx1-bf65f8864-qdxbp 1/1 Running 0 30s 10.244.1.237 node01 <none> <none>
pod1 1/1 Running 0 79m 10.244.2.232 node02 <none> <none>
[root@master01 configmap]# curl 10.244.1.237
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>##进入节点,进行挂载目录添加访问页面
[root@node01 opt]# cd html11/
[root@node01 html11]# ll
总用量 0
[root@node01 html11]# echo 123 > index.html
[root@node01 html11]# ll
总用量 4
-rw-r--r--. 1 root root 4 9月 9 12:45 index.html
[root@master01 configmap]# curl 10.244.1.237
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>#访问还是404,根据404判断,应该页面没找到,查看挂载pod业务容器的挂载目录,发现挂载错误,为/usr/local/nginx/html,访问的应该是/usr/share/nginx/html;[root@master01 configmap]# kubectl exec -it nginx1-bf65f8864-qdxbp -- cat /etc/nginx/nginx.conf
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;charset utf-8;location / {root /usr/local/nginx/html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}#重新更改并查看pod容器内部的文件
[root@master01 configmap]# kubectl edit cm nginx-con
configmap/nginx-con edited
[root@master01 configmap]# kubectl exec -it nginx1-bf65f8864-qdxbp -- cat /etc/nginx/nginx.conf
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;charset utf-8;location / {root /usr/share/nginx/html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}##改完需要重启,读取配置文件
[root@master01 configmap]# kubectl patch deployments.apps nginx1 --patch '{"spec": {"template": {"metadata": {"annotations": {"version/config": "20240909" }}}}}'
deployment.apps/nginx1 patched (no change)
##没有改变,重启不了
##使用大招##重启
[root@master01 configmap]# kubectl delete pod nginx1-bf65f8864-qdxbp
pod "nginx1-bf65f8864-qdxbp" deleted
##查看pod的容器详细信息,发现调度到节点2上了,进入节点node02更改配置文件
[root@master01 configmap]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfs1-76f66b958-68wpl 1/1 Running 0 3d2h 10.244.2.173 node02 <none> <none>
nginx1-bf65f8864-l5htm 1/1 Running 0 16s 10.244.2.234 node02 <none> <none>
pod1 1/1 Running 0 85m 10.244.2.232 node02 <none> <none>[root@master01 configmap]# curl 10.244.2.234
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>##添加访问页面设置
[root@node02 opt]# cd /opt/html11/
[root@node02 html11]# ll
总用量 0
[root@node02 html11]# echo 123 > index.html
[root@master01 configmap]# curl 10.244.2.234
123[root@master01 configmap]# kubectl exec -it nginx1-bf65f8864-l5htm bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx1-bf65f8864-l5htm:/# cd /etc/nginx/
root@nginx1-bf65f8864-l5htm:/etc/nginx# ls
nginx.conf
root@nginx1-bf65f8864-l5htm:/etc/nginx# cat nginx.conf
worker_processes 2;
events {worker_connections 1024;
}
http {default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;charset utf-8;location / {root /usr/share/nginx/html;index index.html index.php;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}
}
}##根据name分别进行pod容器内和节点目录进行挂载
root@nginx1-bf65f8864-l5htm:/etc/nginx# cd /usr/share/nginx/html/
root@nginx1-bf65f8864-l5htm:/usr/share/nginx/html# ls
index.htmlconfigmap的挂载点目录,权限是只读权限
课后思考?
怎么传configMap文件
怎么更改更新配置文件
这篇关于90、k8s之secret+configMap的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
