以下内容均来自个人笔记并重新梳理,如有错误欢迎指正!
如果对您有帮助,烦请点赞、关注、转发!如果您有其他想要了解的,欢迎私信联系我~
ConfigMap 使用方式
1、注入环境变量
在 deployment.yaml 的 env 部分,通过 configMapKeyRef 方式注入指定的环境变量。
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: demo-configmap
data:
RUN_ENV: prod
RUN_MODE: allinone
...
---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: demo-deployment
template:
metadata:
labels:
app: demo-deployment
spec:
containers:
- name: demo-container
image: demo-image:latest
ports:
- containerPort: 80
env:
- name: RUN_ENV
valueFrom:
configMapKeyRef:
name: demo-configmap
key: RUN_ENV
- name: RUN_MODE
valueFrom:
configMapKeyRef:
name: demo-configmap
key: RUN_MODE
在 deployment.yaml 的 envFrom 部分,通过 configMapRef 方式注入所有环境变量。
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: demo-deployment
template:
metadata:
labels:
app: demo-deployment
spec:
containers:
- name: demo-container
image: demo-image:latest
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: demo-configmap
2、挂载配置文件
在 deployment.yaml 中,通过 volume 方式挂载为容器配置文件 /etc/config/conf_A 和 /etc/config/conf_B。
# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: demo-configmap
data:
conf_A: |
host: hostA
name: nameA
conf_B: |
host: hostB
name: nameB
---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: demo-deployment
template:
metadata:
labels:
app: demo-deployment
spec:
containers:
- name: demo-container
image: demo-image:latest
ports:
- containerPort: 80
volumeMounts:
- name: conf
mountPath: /etc/config
volumes:
- name: conf
configMap:
name: demo-configmap
defaultMode: 420
Secret 使用方式
1、注入环境变量
在 deployment.yaml 的 env 部分,通过 secretKeyRef 方式注入指定环境变量。
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: demo-secret
type: Opaque
data:
password: MTIzNDU2Cg==
...
---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: demo-deployment
template:
metadata:
labels:
app: demo-deployment
spec:
containers:
- name: demo-container
image: demo-image:latest
ports:
- containerPort: 80
env:
- name: password
valueFrom:
secretKeyRef:
name: demo-secret
key: password
在 deployment.yaml 的 envFrom 部分,通过 secretRef 方式注入所有环境变量。
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: demo-deployment
template:
metadata:
labels:
app: demo-deployment
spec:
containers:
- name: demo-container
image: demo-image:latest
ports:
- containerPort: 80
envFrom:
- secretRef:
name: demo-secret
2、设置镜像密钥
在 deployment.yaml 中,通过 imagePullSecrets 指定下载镜像所需的镜像仓库密钥。
# 创建 docker-registry 对象
kubectl create secret docker-registry demo-secret \
--docker-server=DOCKER_SERVER \
--docker-username=DOCKER_USER \
--docker-password=DOCKER_PASSWORD
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-deployment
spec:
replicas: 1
selector:
matchLabels:
app: demo-deployment
template:
metadata:
labels:
app: demo-deployment
spec:
containers:
- name: demo-container
image: demo-image:latest
ports:
- containerPort: 80
imagePullSecrets:
name: demo-secret
3、设置 TLS 凭据
在 ingress.yaml 中的 tls 部分,指定域名证书对应的 Secret 对象。
# 创建 TLS 对象
kubectl create secret tls demo-secret --cert=tls.crt --key=tls.key
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-ingress
spec:
rules:
...
tls:
- hosts:
- demo.com
secretName: demo-secret
说明:后续文章将详细介绍 ingress 对象