一、实验configMap 和 hostPath挂载
1.创建configmap
一般情况,很少选用hostPath挂载外部配置文件的方式(有特殊需求除外),一般会选用configMap方式。
所以多数企业选用configMap资源类型挂载外部配置文件的方式:
apiVersion: v1
data:
app.conf: |
appname = go-dingding
httpport = 8096
runmode = prod
copyrequestbody = true
EnableDocs = true
sessionon = true
log_level = debug
DingtalkURL = "https://oapi.dingtalk.com/robot/send?access_token=xxxxxx"
DingtalkName = "dingding"
kind: ConfigMap
metadata:
name: go-dingding-cm
namespace: learn
实操提示:ConfigMap挂载配置文件,需写全配置参数,因为挂载到POD里只有ConfigMap,没有默认配置参数
# 创建configMap,简称CM
kubectl apply -f go-dingding-cm.yaml # 创建成功,查看CM
kubectl get cm -o wide -n learn
kubectl get cm go-dingding-cm -o yaml -n learn
创建工作负载,并挂载configmap和宿主机目录
创建deployment和serivce
2.deployment
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: go-dingding
version: 1.0.0
name: go-dingding
namespace: learn
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: go-dingding
version: 1.0.0
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
name: go-dingding
version: 1.0.0
spec:
containers:
- env:
- name: dingding-config
value: /learn/config/config.json
image: registry.yunlearn.org:5000/release/go-dingding:test
imagePullPolicy: Always
name: go-dingding
ports:
- containerPort: 8096
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/conf/
name: app-conf
- mountPath: /learn/config
name: dingding-config
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: go-dingding-cm
name: app-conf
- hostPath:
path: /data/go-dingding/config
type: ""
name: dingding-config
3.servcie
apiVersion: v1
kind: Service
metadata:
name: go-dingding
namespace: learn
labels:
name: go-dingding
spec:
type: NodePort
ports:
- name: http
nodePort: 8096
port: 8096
protocol: TCP
targetPort: 8096
selector:
name: go-dingding
二、实验secret挂载
1.选用docker私有镜像仓库docker证书做案例,创建新secret
cd /root/kubeadm/registry
kubectl create secret -n learn generic secret-cert --from-file=./docker.key --from-file=./docker.csr --from-file=./docker.crt
2.在kubernetes集群启动一个使用secret应用POD,验证应用POD运行状态和日志
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: secret-cert
version: 1.0.0
name: secret-cert
namespace: learn
spec:
replicas: 1
selector:
matchLabels:
name: secret-cert
version: 1.0.0
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: secret-cert
version: 1.0.0
spec:
containers:
- env:
image: registry.yunlearn.org:5000/release/nginx:1.19.6
imagePullPolicy: Always
name: secret-cert
ports:
- containerPort: 8089
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/nginx/cert
name: secret-cert
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: secret-cert
secret:
defaultMode: 420
secretName: secret-cert
网友评论