配置容器化應用的方式:自定義命令行參數:args、把配置文件直接配進鏡像、環境變量、存儲卷
1,configmap
help命令:
[root@master ~]# kubectl create configmap --h
使用命令創建:
[root@master ~]# kubectl create configmap nginx --from-literal=nginx_port=80 --from-literal=server_name=myapp
configmap/nginx created
[root@master ~]# kubectl get cm
NAME DATA AGE
nginx 2 6s
[root@master ~]# kubectl describe cm
Name: nginx
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
nginx_port:
----
80
server_name:
----
myapp
Events: <none>
[root@master ~]#
使用file創建:
編寫file
[root@master configmap]# vi www.conf
server {
server_name myapp
listen 80
root /data/web/html
}
創建nginx-www:
[root@master configmap]# kubectl create configmap nginx-www --from-file=./www.conf
configmap/nginx-www created
查看:
[root@master configmap]# kubectl get cm nginx-www -o yaml
apiVersion: v1
data:
www.conf: |
server {
server_name myapp
listen 80
root /data/web/html
}
kind: ConfigMap
metadata:
creationTimestamp: "2019-09-26T00:53:44Z"
name: nginx-www
namespace: default
resourceVersion: "207974"
selfLink: /api/v1/namespaces/default/configmaps/nginx-www
uid: 010e958f-d2e8-44af-a75e-75e290957971
[root@master configmap]# kubectl describe cm nginx-www
Name: nginx-www
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
www.conf:
----
server {
server_name myapp
listen 80
root /data/web/html
}
Events: <none>
[root@master configmap]#
使用pod創建:
[root@master configmap]# vi pod-configmap.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-1
namespace: default
labels:
app: myapp
tier: frontend
annotations:
magedu.com/craete-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
env:
- name: NGINX_SERVER_PORT
valueFrom:
configMapKeyRef:
name: nginx
key: nginx_port
- name: NGINX_SERVER_NAME
valueFrom:
configMapKeyRef:
name: nginx
key: server_name
注:name與key需要和之前用命令創建的configmap對應。
查看:
[root@master configmap]# kubectl exec -it pod-cm-1 -- /bin/sh
/ # print evc
pods編寫可以同步:
[root@master configmap]# vi pod-configmap-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-2
namespace: default
labels:
app: myapp
tier: frontend
annotations:
magedu.com/craete-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/config.d/
readOnly: true
volumes:
- name: nginxconf
configMap:
name: nginx
進入容器:
[root@master configmap]# kubectl exec -it pod-cm-2 -- /bin/sh
/ # cd /etc/nginx/config.d/
/etc/nginx/config.d # ls
nginx_port server_name
/etc/nginx/config.d # cat nginx_port
/etc/nginx/config.d # cat nginx_port
/etc/nginx/config.d # cat nginx_port
80/etc/nginx/config.d #
修改nginx:
[root@master ~]# kubectl edit cm nginx
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
nginx_port: "8080"
server_name: myapp
kind: ConfigMap
metadata:
creationTimestamp: "2019-09-26T00:50:13Z"
name: nginx
namespace: default
resourceVersion: "207617"
selfLink: /api/v1/namespaces/default/configmaps/nginx
uid: 7b748162-a3fc-41c6-9e0a-aae7ffba549e
查看容器是否同步:
/etc/nginx # cd config.d/
/etc/nginx/config.d # cat nginx_port
8080/etc/nginx/config.d #
2,自制證書
[root@master pki]# (umask 007; openssl genrsa -out wagedu.key 2048)
Generating RSA private key, 2048 bit long modulus
...................+++
.....+++
e is 65537 (0x10001)
[root@master pki]# openssl req -new -key wagedu.key -out wagedu.csr -subj "/CN=wage"
[root@master pki]# openssl x509 -req -in wagedu.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out wagedu.crt -days 365
Signature ok
subject=/CN=wage
Getting CA Private Key
查看證書:
[root@master pki]# openssl x509 -in wagedu.crt -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ea:2d:b4:d5:8f:4c:04:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: Sep 26 02:57:03 2019 GMT
Not After : Sep 25 02:57:03 2020 GMT
Subject: CN=wage
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ca:00:87:3d:4c:75:f7:fc:b9:85:91:f7:52:e5:
21:38:32:38:79:6f:d7:9f:a5:1e:ba:36:78:14:ce:
de:94:28:b8:8f:35:0c:d6:6f:3a:6b:7f:fc:ca:b7:
2a:a5:3a:f0:43:ed:57:a2:5d:82:9f:16:c7:d9:80:
63:a6:e8:fb:44:15:08:7c:64:46:ff:1b:10:68:d8:
7c:60:bc:db:1a:34:5c:bf:38:6f:30:c4:29:da:d7:
52:0b:7b:58:03:62:3c:9b:9a:ad:c9:dd:be:0b:f1:
45:33:cb:c9:46:b7:89:a2:f6:35:6c:00:22:88:e5:
df:ea:f6:50:0d:23:ce:5c:aa:79:3a:0d:5d:35:ae:
0e:2e:47:16:24:25:bb:0b:7b:e0:79:3e:68:fc:5e:
1f:0b:34:2a:5a:ec:17:5a:f4:8e:12:11:d9:a5:f2:
de:a5:09:7c:c9:32:10:05:51:31:9d:57:2d:5e:51:
96:df:2d:3b:77:db:7e:9a:6f:a8:3f:52:b0:06:06:
e5:4f:6e:5d:09:a7:73:2a:9e:2e:06:d8:c6:f9:07:
69:0e:6e:2e:13:03:d4:00:55:d7:0e:d7:04:a7:48:
7b:f1:50:30:97:2f:6d:da:64:89:26:0b:62:ce:5c:
b9:f9:06:1c:27:c9:12:f6:78:7f:20:a6:17:1c:35:
cc:1d
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
29:b8:29:26:0e:03:01:b2:0b:9c:85:ee:ba:15:6f:9a:56:0d:
74:43:d6:aa:af:ad:69:91:a5:a4:f4:e4:ba:f1:6a:55:96:90:
08:f1:54:b9:d1:e0:1f:6e:a6:1b:5f:05:aa:03:fe:ab:eb:32:
a8:2e:fd:37:89:d4:00:cb:84:9d:bd:30:2a:e2:60:9b:58:81:
29:18:14:95:2a:ab:27:47:f1:85:b3:be:6e:8c:53:cf:d2:b8:
5b:1c:88:13:df:bd:90:0d:41:a6:ec:40:e3:df:a6:c3:c2:46:
df:79:1c:d5:92:34:0e:68:4f:3e:fe:37:9d:93:cd:b1:2d:62:
4a:3a:ea:10:37:f4:bb:6a:b0:49:29:dd:5e:20:1f:3f:14:c8:
da:bc:f2:7b:9f:00:d0:08:e3:2e:41:fb:66:38:aa:cd:2f:47:
64:28:54:1a:54:0a:cb:29:fa:5d:ba:31:9e:68:e2:16:dc:9e:
6b:cc:da:87:74:bf:87:e0:6f:0f:67:b3:68:46:76:68:f9:dd:
3b:df:e3:96:02:f5:2a:9a:86:93:eb:3f:3e:3a:31:ef:77:c7:
b6:4b:c1:5b:23:3a:43:8b:ed:96:52:51:5c:40:76:09:71:ef:
76:2b:3f:e1:3f:a9:9d:2f:66:41:62:92:6a:07:7a:7e:55:ce:
32:4c:4b:03
[root@master pki]#
help命令:
[root@master pki]# kubectl config view
[root@master pki]#kubectl config set-credentials -h
添加給用戶:
[root@master pki]# kubectl config set-credentials wagedu --client-certificate=wagedu.crt --client-key=wagedu.key --embed-certs=true
User "wagedu" set.
[root@master pki]#
#檢查:
[root@master pki]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.200.129:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
- name: wagedu
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
[root@master pki]#
在添加:
[root@master pki]# kubectl config set-context wagedu@kubernetes --cluster=kubernetes --user=wagedu
Context "wagedu@kubernetes" created.
測試(切換用戶沒有權限):
[root@master pki]# kubectl config use-context wagedu@kubernetes
Switched to context "wagedu@kubernetes".
[root@master pki]# kubectl get pods
Error from server (Forbidden): pods is forbidden: User "wage" cannot list resource "pods" in API group "" in the namespace "default"
[root@master pki]#
3,k8s網絡通信
容器間通信、pod間通信、pod與service通信、service與集羣外部通信