012.Kubernetes的configmap和secret配置
使用configmap对多有的配置文件进行统一管理
1.1 检查mysql的配置
[root@docker-server1 storage]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox-674bd96f74-8d7ml 0/1 Pending 0 4d16h
hello-daemonset-gmmz7 1/1 Running 0 112m
hello-deployment-5fdb46d67c-gw2t6 1/1 Running 0 4d15h
hello-deployment-5fdb46d67c-s68tf 1/1 Running 0 5d17h
hello-deployment-5fdb46d67c-vzb4f 1/1 Running 0 4d15h
mysql-7767cffc57-jth7j 1/1 Running 0 24m
nginx 2/2 Running 50 8d
wordpress-6cbb67575d-6zgx7 1/1 Running 0 107m
[root@docker-server1 storage]# kubectl exec -it mysql-7767cffc57-jth7j /bin/bash
root@mysql-7767cffc57-jth7j:/# cat /etc/mysql/my.cnf
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License, version 2.0,
as published by the Free Software Foundation.
This program is also distributed with certain software (including
but not limited to OpenSSL) that is licensed under separate terms,
as designated in a particular file or component or in included license
documentation. The authors of MySQL hereby grant you an additional
permission to link the program and your derivative works with the
separately licensed software that they have included with MySQL.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License, version 2.0, for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
root@mysql-7767cffc57-jth7j:/# cat /etc/mysql/conf.d/docker.cnf
[mysqld]
skip-host-cache
skip-name-resolve
root@mysql-7767cffc57-jth7j:/# cat /etc/mysql/conf.d/mysql.cnf
[mysql]
1.2 通过configmap修改MySQL配置文件
[root@docker-server1 ingress]# mkdir /yamls/configmaps
[root@docker-server1 ingress]# cd /yamls/configmaps
[root@docker-server1 configmaps]# vim mysql-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
namespace: default
data:
mysql-pass: "RedHat123"
mysql-database: "wordpress"
custom.cnf: |
[mysqld]
log-bin = mysql-bin
server-id = 1
1.3 运行
[root@docker-server1 configmaps]# kubectl apply -f mysql-config.yaml
[root@docker-server1 configmaps]# kubectl get configmap
NAME DATA AGE
mysql-config 3 19s
[root@docker-server1 configmaps]# kubectl describe configmap mysql-config
Name: mysql-config
Namespace: default
Labels:
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","data":{"custom.cnf":"[mysqld]\nlog-bin = mysql-bin\nserver-id = 1\n","mysql-database":"wordpress","mysql-pass":"RedHat…
Data
custom.cnf:
[mysqld]
log-bin = mysql-bin
server-id = 1
mysql-database:
wordpress
mysql-pass:
RedHat123
Events:
1.4 修改deployment发布文件
[root@docker-server1 configmaps]# vim /yamls/deployment/mysql-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
# volumes:
# - name: mydata
# nfs:
# server: 192.168.132.133
# path: /data/mysql
volumes:
- name: mydata
persistentVolumeClaim:
claimName: pvc-rwo
- name: config-volume
configMap:
name: mysql-config
items:
- key: custom.cnf
path: custom.cnf
containers:
- name: mysql
image: mysql:5.7
volumeMounts:
- name: mydata
mountPath: /var/lib/mysql
- name: config-volume
mountPath: /etc/mysql/conf.d
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
configMapKeyRef:
name: mysql-config
key: mysql-pass
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: mysql-config
key: mysql-database
1.6 验证
[root@docker-server1 configmaps]# kubectl exec -it mysql-d7dfdd964-gs726 /bin/bash
root@mysql-d7dfdd964-gs726:/# mysql -uroot -pRedHat123
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wordpress |
+--------------------+
root@mysql-d7dfdd964-gs726:/# cd /etc/mysql/conf.d/
root@mysql-d7dfdd964-gs726:/etc/mysql/conf.d# ls
custom.cnf
root@mysql-d7dfdd964-gs726:/etc/mysql/conf.d# cat custom.cnf
[mysqld]
log-bin = mysql-bin
server-id = 1
pods已经读取配置中心的定义的文件
2.1 拉取镜像仓库harbor
[root@docker-server3 ~]# cd /usr/local/harbor/
[root@docker-server3 harbor]# ls
ommon docker-compose.yml harbor.yml install.sh LICENSE pki prepare
[root@docker-server3 harbor]# ./install.sh
----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://darren.yutian.com.
For more details, please visit https://github.com/goharbor/harbor .
2.2 使用私有仓库部署一个nginx
复制镜像pull命令
docker pull darren.yutian.com/library/nginx:1.15
[root@docker-server1 deployment]# vi harbor-nginx-daemonset.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-secret
namespace: default
spec:
selector:
matchLabels:
name: hello-secret
template:
metadata:
labels:
name: hello-secret
spec:
containers:
- name: webserver
image: darren.yutian.com/library/nginx:1.15
[root@docker-server1 deployment]# cat /etc/hosts
192.168.132.133 darren.yutian.com hello.example.com
[root@docker-server1 deployment]# cat /etc/docker/daemon.json
{
"insecure-registries":["http://192.168.132.133:5000","https://darren.yutian.com"],
"registry-mirrors":["https://o0o4czij.mirror.aliyuncs.com"]
}
2.3 删除掉本地的密码文件
[root@docker-server3 harbor]# cat /root/.docker/config.json
{
"auths": {
"darren.yutian.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.5 (linux)"
}
}
[root@docker-server3 harbor]# rm -rf /root/.docker/config.json
同时删除本地的nginx镜像
[root@docker-server3 harbor]# docker image ls|grep nginx|awk '{print $3}' |xargs docker rmi -f
2.4 运行deployment
[root@docker-server1 deployment]# kubectl apply -f harbor-nginx-daemonset.yaml
deployment.apps/hello-secret created
[root@docker-server1 deployment]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox-674bd96f74-8d7ml 0/1 Pending 0 4d17h
hello-deployment-5fdb46d67c-2zt5z 1/1 Running 0 10m
hello-deployment-5fdb46d67c-jc27w 1/1 Running 0 10m
hello-deployment-5fdb46d67c-x6k8n 1/1 Running 0 10m
hello-secret-689dc66f44-vrdhv 0/1 ErrImagePull 0 3s
mysql-d7dfdd964-gs726 1/1 Running 0 64m
nginx 2/2 Running 51 8d
wordpress-6cbb67575d-6zgx7 1/1 Running 0 3h16m
2.5 查看详细信息
[root@docker-server1 deployment]# kubectl describe pods hello-secret-689dc66f44-vrdhv
Name: hello-secret-689dc66f44-vrdhv
Namespace: default
Priority: 0
Node: 192.168.132.133/192.168.132.133
Start Time: Sat, 18 Jan 2020 02:40:40 -0500
Labels: name=hello-secret
pod-template-hash=689dc66f44
Annotations:
Status: Pending
IP: 10.244.2.32
IPs:
IP: 10.244.2.32
Controlled By: ReplicaSet/hello-secret-689dc66f44
Containers:
webserver:
Container ID:
Image: darren.yutian.com/library/nginx:1.15
Image ID:
Port:
Host Port:
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-bwbrn (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-bwbrn:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-bwbrn
Optional: false
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled
Normal Pulling 29s (x4 over 109s) kubelet, 192.168.132.133 Pulling image "darren.yutian.com/library/nginx:1.15"
Warning Failed 29s (x4 over 109s) kubelet, 192.168.132.133 Failed to pull image "darren.yutian.com/library/nginx:1.15": rpc error: code = Unknown desc = Error response from daemon: pull access denied for darren.yutian.com/library/nginx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 29s (x4 over 109s) kubelet, 192.168.132.133 Error: ErrImagePull
Normal BackOff 14s (x5 over 109s) kubelet, 192.168.132.133 Back-off pulling image "darren.yutian.com/library/nginx:1.15"
Warning Failed 14s (x5 over 109s) kubelet, 192.168.132.133 Error: ImagePullBackOff
拉取镜像失败,是因为没有验证
2.6 创建secret的yaml文件
当生产中节点较多,需要从自己的私有仓库拉取镜像,需要每个登陆拉取。就可以使用secret文件
可以把 /root/.docker/config.json文件放进secret中
{
"auths": {
"darren.yutian.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.5 (linux)"
}
}
加密
[root@docker-server1 secrets]# docker login darren.yutian.com
[root@docker-server1 secrets]# cat /root/.docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSJkYXJyZW4ueXV0aWFuLmNvbSI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
[root@docker-server1 secrets]# vim hub.yaml
apiVersion: v1
kind: Secret
metadata:
name: hub-secret
namespace: default
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJkYXJyZW4ueXV0aWFuLmNvbSI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
2.7 生成secret
[root@docker-server1 secrets]# kubectl apply -f hub.yaml
secret/hub-secret created
[root@docker-server1 secrets]# kubectl get secret
NAME TYPE DATA AGE
default-token-bwbrn kubernetes.io/service-account-token 3 8d
hub-secret kubernetes.io/dockerconfigjson 1 7s
[root@docker-server1 secrets]# rm -rf /root/.docker/config.json
2.8 应用secret验证
[root@docker-server1 secrets]# vi ../deployment/harbor-nginx-daemonset.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-secret
namespace: default
spec:
selector:
matchLabels:
name: hello-secret
template:
metadata:
labels:
name: hello-secret
spec:
imagePullSecrets:
- name: hub-secret
containers:
- name: webserver
image: darren.yutian.com/library/nginx:1.15
ports:
- containerPort: 80
[root@docker-server1 secrets]# kubectl apply -f ../deployment/harbor-nginx-daemonset.yaml
deployment.apps/hello-secret configured
[root@docker-server1 secrets]# kubectl get pods
[root@docker-server1 secrets]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox-674bd96f74-8d7ml 0/1 Pending 0 4d18h
hello-deployment-5fdb46d67c-2zt5z 1/1 Running 0 29m
hello-deployment-5fdb46d67c-jc27w 1/1 Running 0 28m
hello-deployment-5fdb46d67c-x6k8n 1/1 Running 0 29m
hello-secret-5858858899-m4c7t 1/1 Running 0 10s
mysql-d7dfdd964-gs726 1/1 Running 0 83m
nginx 2/2 Running 52 8d
wordpress-6cbb67575d-6zgx7 1/1 Running 0 3h35m
secret验证方式试验成功
博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(
手机扫一扫
移动阅读更方便
你可能感兴趣的文章