90、k8s之secret+configMap

发布于:2024-09-18 ⋅ 阅读:(55) ⋅ 点赞:(0)

一、secret配置管理

配置管理:

加密配置:保存密码,token,其他敏感信息的k8s资源

应用配置:我们需要定制化的给应用进行配置,我们需要把定制好的配置文件同步到pod当中容器

1.1、加密配置:

secret:

[root@master01 ~]# kubectl get secrets   ##查看加密配置
[root@master01 ~]# kubectl get secrets -n kube-system   ##查看加密配置

1.2、secret三种类型:

1、service-account-token:k8s集群自建,用来访问APIserver的secret,pod的默认使用这secret和APIserver进行通信。

自动挂载到pod的目录/run/secrets/kubernets.io/serviceaccount目录。

2、Opaque:用户自定义的密码,密钥等等,默认类型就是opaque。generic(语法)

3、kubernets.io/dockerconfigison:配置docker私有仓库的认证信息。

4、TLS:用来存储TLS或者SSL证书和私钥。

1、创建文件-----基于文件创建secret,目的进行加密

[root@master01 ~]# cd /opt/
[root@master01 opt]# mkdir secret
[root@master01 opt]# cd secret/
[root@master01 secret]# echo "xy102" > username.txt
[root@master01 secret]# echo "123456" > passwd.txt
[root@master01 secret]# echo "123456" > password.txt

##创建加密文件secret1,基于Opaque类型创建,文件来自于本目录路径

[root@master01 secret]# kubectl create secret generic secret1 --from-file=username.txt --from-file=password.txt 


##查看secret配置文件
[root@master01 secret]# kubectl get secrets 
secret1                              Opaque                                2      11s

##查看secret1的详细信息,类型
[root@master01 secret]# kubectl describe secrets secret1             
Name:         secret1
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password.txt:  7 bytes
username.txt:  6 bytes

2、对指定内容进行加密-----#yaml文件实现----生成secret2加密文件

##对指定内容进行加密
[root@master01 configmap]# echo -n xy102 | base64 
eHkxMDI=
[root@master01 configmap]# echo -n 123456 | base64
MTIzNDU2

[root@master01 secret]# vim secret1.yaml

apiVersion: v1
kind: Secret
metadata:
  name: secret2
type: Opaque
#声明类型
data:             ##指定文件来自于加密过的文件
  username: eHkxMDI=
  password: MTIzNDU2

[root@master01 secret]# kubectl apply -f secret1.yaml 
secret/secret2 created

3、#如何把secret挂载到pod当中

[root@master01 secret]# vim secret1.yaml

apiVersion: v1
kind: Secret
metadata:
  name: secret2
type: Opaque
#声明类型
data:
  username: eHkxMDI=
  password: MTIzNDU2
----------------------------------------------
##以上已经创建好secret2加密文件

[root@master01 secret]# kubectl apply -f secret1.yaml 
secret/secret2 created

[root@master01 secret]# vim test1.yaml

#如何把secrert挂载到pod当中
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: nginx:1.22
    volumeMounts:
    - name: sec-test
      mountPath: "/etc/secrets"  ##容器里面的目录
      readOnly: true          ##只读模式,默认就是只读
  volumes:
  - name: sec-test           ##名称自定义
    secret:                  ##引用加密文件格式声明
      secretName: secret2        ##通过secret加密文件名称,把secret2文件挂载到容器

##查看加密文件详情
[root@master01 secret]# kubectl get secrets
secret2                              Opaque                                2      13m

##拉取pod,进行加密文件从宿主机到pod容器的挂载
[root@master01 secret]# kubectl apply -f test1.yaml 
pod/pod1 created
[root@master01 secret]# kubectl get pod
pod1                   1/1     Running   0          14s
[root@master01 secret]# kubectl exec -it pod1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod1:/# cd /etc/
root@pod1:/etc# cd secrets/
root@pod1:/etc/secrets# ls
password  username

4、环境变量

[root@master01 secret]# vim test1.yaml 

#如何把secrert挂载到pod当中
#把secret作为环境变量传到pod当中
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: nginx:1.22
    env:
#给pod容器定义环境变量
    - name: USER
#环境变量的变量名
      valueFrom:
#user变量的值从哪里来?
        secretKeyRef:   
##引用secret的某一个加密文件,采用key形式,进行捕捉,此处捕捉username
          name: secret2
          key: username
    - name: PASSWORD
      valueFrom:
        secretKeyRef:
          name: secret2
          key: password
##引用secret的某一个加密文件,采用key形式,进行捕捉,此处捕捉password


[root@master01 secret]# kubectl apply -f test1.yaml --force
pod/pod1 configured

[root@master01 secret]# kubectl exec -it pod1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod1:/# echo $USER
xy102
root@pod1:/# echo $PASSWORD
123456

##--  查看容器里面的文件
[root@master01 secret]# kubectl exec -it pod1 -- cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin



5、免密登录harbor仓库流程

1、创建secret文件harbor1,声明仓库地址,用户admin,密码123456
[root@master01 opt]# kubectl create secret docker-registry harbor1 --docker-server=192.168.168.84 --docker-username=admin --docker-password=123456
secret/harbor1 created



[root@master01 secret]# vim test1.yaml 

#如何把secrert挂载到pod当中
#把secret作为环境变量传到pod当中
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: hub.test.com/test1/nginx:v1
  imagePullSecrets:
#指定docker私有仓库的加密的secret配置,和containers对齐
  - name: harbor1  
##使用harbor1文件进行免密登录


[root@master01 secret]# kubectl apply -f test1.yaml --force
pod/pod1 configured
[root@master01 secret]# kubectl get pod
NAME                   READY   STATUS    RESTARTS   AGE
nfs1-76f66b958-68wpl   1/1     Running   0          3d
pod1                   1/1     Running   0          52s

6、上传镜像tomcat到仓库,使用免密登录进行拉取

[root@k8s4 ~]# vim /etc/docker/daemon.json 
[root@k8s4 ~]# systemctl daemon-reload 
{
  "registry-mirrors": [
                "https://hub-mirror.c.163.com",
                "https://docker.m.daocloud.io",
                "https://ghcr.io",
                "https://mirror.baidubce.com",
                "https://docker.nju.edu.cn"
   ],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}
[root@k8s4 ~]# systemctl restart docker
[root@k8s4 ~]# docker pull tomcat
[root@k8s4 ~]# docker tag tomcat:latest hub.test.com/test1/tomcat:v1
[root@k8s4 ~]# docker login -u admin -p 123456 https://hub.test.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@k8s4 ~]# docker push hub.test.com/test1/tomcat:v1 

[root@master01 secret]# vim test1.yaml 

#如何把secrert挂载到pod当中
#把secret作为环境变量传到pod当中
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: hub.test.com/test1/tomcat:v1
  imagePullSecrets:
#指定docker私有仓库的加密的secret配置,和containers对齐
  - name: harbor1
  
[root@master01 secret]# kubectl apply -f test1.yaml 
[root@node02 ~]# docker images
REPOSITORY                                           TAG        IMAGE ID       CREATED         SIZE
nginx                                                latest     5ef79149e0ec   3 weeks ago     188MB
hub.test.com/test1/tomcat                            v1         c2a444ea6cd7   4 weeks ago     508MB

二、configMap:(面试会问)

语法和secret一致,但是configMap保存的不是加密信息,就是用于应用的配置信息。

2.1、创建方式:

1、命令行------创建文件-----创建configMap

2、基于configMap,yaml文件进行使用名称进行匹配挂载使用

[root@master01 opt]# mkdir configmap
[root@master01 opt]# cd configmap/
[root@master01 configmap]# echo 123 > test1
[root@master01 configmap]# echo 456 > test2
[root@master01 configmap]# kubectl create configmap con1 --from-file=/opt/configmap/
configmap/con1 created
[root@master01 configmap]# kubectl describe configmaps con1 
Name:         con1
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
test1:
----
123

test2:
----
456

Events:  <none>

3、yaml文件创建configMap

[root@master01 configmap]# vim configmap1.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: con2
data:  
  test1: "123"
  test2: "456"
[root@master01 configmap]# kubectl apply -f configmap1.yaml 
configmap/con2 created
#yaml文件默认都是字符串,出现数字时,要引起来

[root@master01 configmap]# kubectl get cm
con2                  2      2m7s


2.2、使用configmap

#pod里面用configmap做的pod的环境变量

[root@master01 configmap]# vim con2.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod1
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: nginx:1.22
    env:
    - name: ABC
      valueFrom:
        configMapKeyRef:
          name: con1
          key: test1
    - name: DEF
      valueFrom:
        configMapKeyRef:
          name: con1
          key: test2

[root@master01 configmap]# kubectl apply -f con2.yaml --force
pod/pod1 configured

[root@master01 configmap]# kubectl apply -f con2.yaml --force
pod/pod1 configured
[root@master01 configmap]# kubectl exec -it pod1 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@pod1:/# echo $ABC
123
root@pod1:/# echo $DEF
456

拉取pod容器

[root@master01 configmap]# vim con2.yaml

apiVersion: v1
kind: Pod
metadata:
  name: pod1
  labels:
    app: test
spec:
  containers:
  - name: nginx
    image: nginx:1.22

1、本地写好配置文件,用于后续创建configMap文件,给pod容器提供配置文件

[root@master01 configmap]# vim nginx.conf

worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       8081;
        server_name  localhost;
        charset utf-8;
        location / {
            root   html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}

##创建configMap,基于本地文件nginx.conf

[root@master01 configmap]# kubectl create configmap nginx-con --from-file=/opt/configmap/nginx.conf 
configmap/nginx-con created
[root@master01 configmap]# kubectl get cm
NAME                  DATA   AGE
con1                  2      16m
con2                  2      12m
kube-root-ca.crt      1      13d
nginx-con             1      71s
redis-config          2      20h
redis-config-master   3      26h

2、命令行创建configMap文件

##创建configMap,基于本地文件nginx.conf

[root@master01 configmap]# kubectl create configmap nginx-con --from-file=/opt/configmap/nginx.conf 
configmap/nginx-con created
[root@master01 configmap]# kubectl get cm
NAME                  DATA   AGE
con1                  2      16m
con2                  2      12m
kube-root-ca.crt      1      13d
nginx-con             1      71s
redis-config          2      20h
redis-config-master   3      26h

3、通过yaml配置文件进行创建(注意格式,有些可以不要)

[root@master01 configmap]# kubectl get cm nginx-con -o yaml
apiVersion: v1
data:
  nginx.conf: |
    worker_processes  2;
    events {
        worker_connections  1024;
    }
    http {
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
            charset utf-8;
            location / {
                root   /usr/share/nginx/html;
                index  index.html index.php;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
    }
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2024-09-09T03:28:45Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data: {}
    manager: kubectl-create
    operation: Update
    time: "2024-09-09T03:28:45Z"
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        f:nginx.conf: {}
    manager: kubectl-edit
    operation: Update
    time: "2024-09-09T04:37:54Z"
  name: nginx-con
  namespace: default
  resourceVersion: "732623"
  selfLink: /api/v1/namespaces/default/configmaps/nginx-con
  uid: 11452970-5f50-474e-8954-94812f9089c4

4、yaml文件创建configMap

apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-config
data:
  redis.conf: |
    bind 0.0.0.0
    protected-mode no
    port 6379
    dir /data
    appendonly yes

  sentinel.conf: |
    sentinel monitor mymaster redis-master 6379 2
    sentinel down-after-milliseconds mymaster 5000
    sentinel failover-timeout mymaster 10000
    sentinel parallel-syncs mymaster 1

5、拉取容器进行挂载,宿主机通过configMap把nginx-con的nginx.conf配置文件,通过name相同,挂载到容器的/etc/nginx目录下;

把节点的/opt/html11目录和容器/usr/share/nginx/html目录进行挂载,可以进行配置页面访问

[root@master01 configmap]# vim con1-test.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx1
  labels:
    app: test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      containers:
      - name: nginx
        image: nginx:1.22
        ports:
        - containerPort: 8081
        volumeMounts:
        - name: nginx-con1
          mountPath: /etc/nginx
        - name: html-1
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nginx-con1
        configMap:
          name: nginx-con
--------------------------------------------------
kubectl create configmap nginx-con --from-file=/opt/configmap/nginx.conf 
configmap/nginx-con created ##从此处可以发现nginx-con来自哪里,传到/etc/nginx目录中去
[root@master01 configmap]# ll
总用量 24
-rw-r--r--. 1 root root 665 9月   9 12:29 con1-test.yaml
-rw-r--r--. 1 root root 130 9月   9 11:26 con2.yaml
-rw-r--r--. 1 root root 158 9月   9 11:19 configmap1.yaml
-rw-r--r--. 1 root root 475 9月   9 11:27 nginx.conf
-rw-r--r--. 1 root root   4 9月   9 11:12 test1
-rw-r--r--. 1 root root   4 9月   9 11:12 test2
[root@master01 configmap]# cat nginx.conf 
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       8081;
        server_name  localhost;
        charset utf-8;
        location / {
            root   html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}
##发现源文件没有更改
##查看cm的文件
[root@master01 configmap]# kubectl get cm
NAME                  DATA   AGE
con1                  2      120m
con2                  2      116m
kube-root-ca.crt      1      13d
nginx-con             1      105m
redis-config          2      22h
redis-config-master   3      28h
[root@master01 configmap]# kubectl describe cm nginx-con 
Name:         nginx-con
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
nginx.conf:
----
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        charset utf-8;
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}

Events:  <none>

##kubectl edit cm nginx-con
##edit cm nginx-con相当于更改cm下的nginx-con

--------------------------------------------------
      - name: html-1
        hostPath:
          path: /opt/html11
          type: DirectoryOrCreate

2.3、操作配置文件查看实际效果,中间有小问题

[root@master01 configmap]# vim con1-test.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx1
  labels:
    app: test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test
  template:
    metadata:
      labels:
        app: test
    spec:
      containers:
      - name: nginx
        image: nginx:1.22
        ports:
        - containerPort: 8081
        volumeMounts:
        - name: nginx-con1
          mountPath: /etc/nginx
        - name: html-1
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nginx-con1
        configMap:
          name: nginx-con
      - name: html-1
        hostPath:
          path: /opt/html11
          type: DirectoryOrCreate

[root@master01 configmap]# kubectl apply -f con1-test.yaml 
deployment.apps/nginx1 configured
[root@master01 configmap]# kubectl get pod
[root@master01 configmap]# kubectl get pod
NAME                     READY   STATUS    RESTARTS   AGE
nfs1-76f66b958-68wpl     1/1     Running   0          3d2h
nginx1-fbc555f4b-srvxb   1/1     Running   0          29s
pod1                     1/1     Running   0          65m

[root@master01 configmap]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP             NODE     NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl     1/1     Running   0          3d2h    10.244.2.173   node02   <none>           <none>
nginx1-fbc555f4b-srvxb   1/1     Running   0          2m43s   10.244.2.233   node02   <none>           <none>
pod1                     1/1     Running   0          67m     10.244.2.232   node02   <none>           <none>

[root@master01 configmap]# curl 10.244.2.233
curl: (7) Failed connect to 10.244.2.233:80; 拒绝连接
[root@master01 configmap]# curl 10.244.2.233:8081
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>
[root@master01 configmap]# kubectl logs -f nginx1-fbc555f4b-srvxb 


/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/09/09 04:32:50 [error] 20#20: *1 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 10.244.0.0, server: localhost, request: "GET / HTTP/1.1", host: "10.244.2.233:8081"
10.244.0.0 - - [09/Sep/2024:04:32:50 +0000] "GET / HTTP/1.1" 404 153 "-" "curl/7.29.0"

[root@master01 configmap]# kubectl exec -it nginx1-fbc555f4b-srvxb bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx1-fbc555f4b-srvxb:/# cd /etc/nginx/
root@nginx1-fbc555f4b-srvxb:/etc/nginx# ls
nginx.conf
root@nginx1-fbc555f4b-srvxb:/etc/nginx# cat nginx.conf 
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       8081;
        server_name  localhost;
        charset utf-8;
        location / {
            root   html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}


##config的热跟新
[root@master01 configmap]# kubectl edit cm nginx-con  ##在k8s外面更改cm配置文件

        server {
            listen       80;
            server_name  localhost;
            charset utf-8;
            location / {
                root   /usr/local/nginx/html;

configmap/nginx-con edited

##外部使用命令查看pod容器的文件内容
[root@master01 configmap]# kubectl exec -it nginx1-fbc555f4b-srvxb -- cat /etc/nginx/nginx.conf
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        charset utf-8;
        location / {
            root   /usr/local/nginx/html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}



##滚动更新
[root@master01 configmap]# kubectl patch deployments.apps nginx1 --patch '{"spec": {"template": {"metadata": {"annotations": {"version/config": "20240909" }}}}}' 
deployment.apps/nginx1 patched

##查看pod更新后的信息
[root@master01 configmap]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP             NODE     NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl     1/1     Running   0          3d2h   10.244.2.173   node02   <none>           <none>
nginx1-bf65f8864-qdxbp   1/1     Running   0          30s    10.244.1.237   node01   <none>           <none>
pod1                     1/1     Running   0          79m    10.244.2.232   node02   <none>           <none>
[root@master01 configmap]# curl 10.244.1.237
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>


##进入节点,进行挂载目录添加访问页面
[root@node01 opt]# cd html11/
[root@node01 html11]# ll
总用量 0
[root@node01 html11]# echo 123 > index.html
[root@node01 html11]# ll
总用量 4
-rw-r--r--. 1 root root 4 9月   9 12:45 index.html
[root@master01 configmap]# curl 10.244.1.237
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>

#访问还是404,根据404判断,应该页面没找到,查看挂载pod业务容器的挂载目录,发现挂载错误,为/usr/local/nginx/html,访问的应该是/usr/share/nginx/html;


[root@master01 configmap]# kubectl exec -it nginx1-bf65f8864-qdxbp -- cat /etc/nginx/nginx.conf
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        charset utf-8;
        location / {
            root   /usr/local/nginx/html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}

#重新更改并查看pod容器内部的文件
[root@master01 configmap]# kubectl edit cm nginx-con 
configmap/nginx-con edited
[root@master01 configmap]# kubectl exec -it nginx1-bf65f8864-qdxbp -- cat /etc/nginx/nginx.conf
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        charset utf-8;
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}


##改完需要重启,读取配置文件
[root@master01 configmap]# kubectl patch deployments.apps nginx1 --patch '{"spec": {"template": {"metadata": {"annotations": {"version/config": "20240909" }}}}}' 
deployment.apps/nginx1 patched (no change)
##没有改变,重启不了
##使用大招##重启
[root@master01 configmap]# kubectl delete pod nginx1-bf65f8864-qdxbp 
pod "nginx1-bf65f8864-qdxbp" deleted
##查看pod的容器详细信息,发现调度到节点2上了,进入节点node02更改配置文件
[root@master01 configmap]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP             NODE     NOMINATED NODE   READINESS GATES
nfs1-76f66b958-68wpl     1/1     Running   0          3d2h   10.244.2.173   node02   <none>           <none>
nginx1-bf65f8864-l5htm   1/1     Running   0          16s    10.244.2.234   node02   <none>           <none>
pod1                     1/1     Running   0          85m    10.244.2.232   node02   <none>           <none>

[root@master01 configmap]# curl 10.244.2.234
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>


##添加访问页面设置
[root@node02 opt]# cd /opt/html11/
[root@node02 html11]# ll
总用量 0
[root@node02 html11]# echo 123 > index.html
[root@master01 configmap]# curl 10.244.2.234
123

[root@master01 configmap]# kubectl exec -it nginx1-bf65f8864-l5htm bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@nginx1-bf65f8864-l5htm:/# cd /etc/nginx/
root@nginx1-bf65f8864-l5htm:/etc/nginx# ls
nginx.conf
root@nginx1-bf65f8864-l5htm:/etc/nginx# cat nginx.conf 
worker_processes  2;
events {
    worker_connections  1024;
}
http {
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        charset utf-8;
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.php;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
}
}

##根据name分别进行pod容器内和节点目录进行挂载
root@nginx1-bf65f8864-l5htm:/etc/nginx# cd /usr/share/nginx/html/
root@nginx1-bf65f8864-l5htm:/usr/share/nginx/html# ls
index.html

configmap的挂载点目录,权限是只读权限

课后思考?

怎么传configMap文件

怎么更改更新配置文件