首页 > 其他分享 >[Kubernetes] Managing Application with Kubernetes - ConfigMaps and Secrets

[Kubernetes] Managing Application with Kubernetes - ConfigMaps and Secrets

时间:2024-03-28 11:23:03浏览次数:35  
标签:ConfigMap Kubernetes environment Managing value volume Application key data

Identify important ConfigMap characteristics:

  1. Helps developers avoid hard-coding configuration variables into the application code.
  2. Is an API object used to store non-confidential data in key-value pairs.
  3. Does not provide secrecy or encryption; meant for non-sensitive information.
  4. Provides configuration data to pods and deployments, decoupling environment from deployments.
  5. Limited to 1 MB of data; larger amounts require mounting a volume or using a separate service.
  6. Has optional data and binaryData fields; no "spec" field in the template.
  7. Name must be a valid DNS subdomain name.

Describe ConfigMap capabilities: ConfigMap capabilities include:

  1. Configuring environment variables for pods and deployments.
  2. Providing configuration data to applications without hard-coding it into the application code.
  3. Decoupling configuration settings from the application logic, enhancing flexibility and maintainability.

Consume a ConfigMap in a deployment or pod in two primary ways:

  1. Environment Variables:

    • Define environment variables in the pod or deployment configuration referencing the key-value pairs from the ConfigMap.
    • Kubernetes automatically injects these environment variables into the pod's container.
    • Use the env field in the pod or deployment YAML file with the configMapKeyRef attribute to specify the ConfigMap and the key whose value should be used as the environment variable.

 

...
env:
  - name: MY_CONFIG_KEY
    valueFrom:
      configMapKeyRef:
        name: my-configmap
        key: config-key
...

  2. Volume Mounts:

    • Mount the ConfigMap as a volume inside the pod.
    • Kubernetes creates files for each key-value pair in the ConfigMap inside the mounted volume.
    • The application running in the pod can then access these files to read the configuration data.
    • Use the volumes and volumeMounts fields in the pod or deployment YAML file to define the volume and mount paths.
...
volumes:
  - name: config-volume
    configMap:
      name: my-configmap
...
containers:
  - name: my-container
    volumeMounts:
      - name: config-volume
        mountPath: /etc/config
...

 

Example:

 

Describe three ways to create a ConfigMap:

  1. Configure ConfigMap using a string literal:

    • Directly specify key-value pairs in the command line or script to create a ConfigMap.
  2. Configuration: ConfigMap properties file:

    • Create a ConfigMap from an existing properties file containing key-value pairs.
  3. Configuration: ConfigMap YAML:

    • Create a ConfigMap using a YAML descriptor file that defines the key-value pairs for the ConfigMap.

Describe three ways to create a Secret:

  1. Secret: Use with string literals:

    • Directly create a secret by specifying sensitive information (like passwords) in the command line or script.
    • kubectl create secret generic my-secret --from-literal=my-key=my-value

       

  2. Use with environment variables:

    • Create a secret using environment variables, which are then injected into pods or deployments securely.
  3. Use with volume mounts:

    • Store sensitive data in a secret and mount it as a file into pods using volume mounts, allowing applications to access the secret data securely.

 

标签:ConfigMap,Kubernetes,environment,Managing,value,volume,Application,key,data
From: https://www.cnblogs.com/jbite9057/p/18101155

相关文章

  • Kubernetes之存储原理和应用——资源对象与Node本地存储卷
    容器内部存储的生命周期是短暂的,会随着容器环境的销毁而销毁,具有不稳定性。如果多个容器希望共享同一份存储,则仅仅依赖容器本身是很难实现的。Kubernetes系统中,将对容器应用所需的存储资源抽象为存储卷(Volume)概念来解决这些问题。Volume是与Pod绑定的(独立于容器)与Po......
  • 记录一次通过aspnetboilerplate站点常见的abp框架,访问application层设定的既定接口,get
     1publicIServiceProviderConfigureServices(IServiceCollectionservices)2{3services.AddControllersWithViews(options=>4{5options.Filters.Add(newAbpAutoValidateAntiforgeryTokenAttribute());6});7}......
  • [Kubernetes] Managing Application with Kubernetes - Autoscaling
    Defineautoscaling:AutoscalingisthedynamicadjustmentofresourcesinaKubernetesclusterbasedonworkloaddemand.Itoptimizesresourceusageandcostsbyautomaticallyscalingresourcesupordowntomatchdemand.Autoscalingcanoccurattheclu......
  • Fluid 携手 Vineyard,打造 Kubernetes 上的高效中间数据管理
    作者:曹野车漾背景介绍和面临的挑战随着Kubernetes在AI/大数据领域的普及和业务场景变得越来越复杂,数据科学家在研发效率和运行效率上遇到了新的挑战。当下的应用,往往需要使用端到端的流水线来实现,以下图所示的一个风控作业数据操作流为例:首先,需要从数据库中导出订单相关数据......
  • [Kubernetes] ReplicaSet
    DefineaReplicaSet:AReplicaSetisaKubernetescontrollerresponsibleforensuringaspecifiednumberofpodreplicasarerunningatalltimes.Itmaintainsthedesiredstateofpodsbycreatingordeletingreplicasasnecessary.ReplicaSetshelpinsc......
  • kubernetes三种方式实现金丝雀发布
    目录使用service实现使用ingress特性实现使用istio实现使用service实现        金丝雀发布的核心是让Service同时指向v1和v2版本的DeploymentPod,通过调整两个Deployment的副本数来逐步迁移流量。1、创建当前版本的Deploymentv1和Service apiVers......
  • Flink Native Kubernetes实战,索引为什么能提供查询性能
    关于FlinkNativeKubernetes先对比官方的1.9和1.10版本文档,如下图和红框和蓝框所示,可见FlinkNativeKubernetes是1.10版本才有的新功能:看看NativeKubernetes是如何运行的,如下图,创建sessioncluster的命令来自Flink安装包:更有趣的是,提交任务的命令也来自Flink安装包,......
  • Building an Automatically Scaling Web Application
    2024年春季云计算课业1:构建一个自动伸缩的Web应用程序截止日期:2024年4月15日,星期一1目标和范围在这项任务中,我们将为(非常)琐碎的Web构建一个小型的自动伸缩测试平台应用任务的目标是熟悉伸缩Web的各个方面应用程序,这将提高您对低级/基本实现的理解云系统的详细信息。正如我们在......
  • 云原生周刊:Kubernetes v1.30 一瞥 | 2024.3.25
    开源项目推荐RetinaRetina是一个与云无关的开源Kubernetes网络可观测平台,它提供了一个用于监控应用程序运行状况、网络运行状况和安全性的集中中心。它为集群网络管理员、集群安全管理员和DevOps工程师提供可操作的见解,帮助他们了解DevOps、SecOps和合规性用例。Retina......
  • Kubernetes网络原理
    Kubernetes的网络依赖于Docker,Docker的网络又离不开Linux操作系统内核特性的支持,所以在学习Kubernetes网络原理之前,有必要先深入了解Docker相关的网络基础知识,以及Docker的网络实现原理,详见《Docker的Linux网络基础》与《Docker网络原理》。 一、Kubernetes网......