k8s 持久化存储及configmap、secret挂载
1、挂载主机目录,常用于日志文件挂载和hosts文件挂载
volumeMounts:
- mountPath: /etc/hosts
name: hosts
subPath: hosts
- mountPath: /www/logs/
name: clife-sleep-commons-web-push-business-logs
volumes:
- hostPath:
path: /etc/
type: ""
name: hosts
- hostPath:
path: /data/services/logs/new-county/
type: ""
name: clife-sleep-commons-web-push-business-logs
2、挂载configmap
创建configmap资源
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql-config
data:
my.cnf: |
[mysqld]
datadir=/var/lib/mysql
log-error=/var/log/mysql/error.log
slow_query_log=ON
slow_query_log_file=/var/log/mysql/tmp_slow.log
default-storage-engine=INNODB
character_set_server=utf8
lower_case_table_names=1
table_open_cache=128
max_connections=2000
max_connect_errors=6000
innodb_file_per_table=1
innodb_buffer_pool_size=1G
max_allowed_packet=64M
transaction_isolation=READ-COMMITTED
innodb_flush_method=O_DIRECT
innodb_lock_wait_timeout=1800
innodb_flush_log_at_trx_commit=0
sync_binlog=0
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
skip-name-resolve
[mysql]
default-character-set=utf8
[mysql.server]
default-character-set=utf8
init.sql: |
CREATE DATABASE `metersphere` /*!40100 DEFAULT CHARACTER SET utf8 */;
挂载配置:
volumeMounts:
- mountPath: /etc/mysql/conf.d/my.cnf
name: opt-metersphere-config
subPath: my.cnf
- mountPath: /docker-entrypoint-initdb.d/init.sql
name: init-mysql
subPath: init.sql
volumes:
- configMap:
defaultMode: 420
name: mysql-config
name: opt-metersphere-config
- configMap:
defaultMode: 420
name: mysql-config
name: init-mysql
3、挂载pvc
先创建pvc资源
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: mysql-data-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
storageClassName: nfs-client
挂载配置:
volumeMounts:
- mountPath: /var/lib/mysql
name: mysql-data
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: mysql-data-pvc
若想把同一个pvc挂载多个文件或目录,可以使用 subPath,
同时挂载 mysql data和log目录
volumeMounts:
- mountPath: /var/lib/mysql
name: mysql
subPath: mysql
- mountPath: /var/log/mysql
name: mysql
subPath: log
volumes:
- name: mysql
persistentVolumeClaim:
claimName: mysql-data-pvc
4、挂载nfs文件系统
volumeMounts:
- mountPath: /usr/share/nginx/html
name: test-volume
volumes:
- name: test-volume
nfs:
server: 172.25.254.4
path: /nfsdata
5、挂载secert
创建secert资源
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: YWRtaW4=
a.将Secret挂载到Volume中的配置:
volumeMounts:
- name: secrets
mountPath: "/secret"
readOnly: true
volumes:
- name: secrets
secret:
secretName: mysecret
b.将Secret设置为环境变量挂载配置:
spec:
containers:
- name: nginx
image: nginx
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
--------------------------------------------
将镜像仓库认证信息配置为Secret:
kubectl create secret docker-registry myharborkey --docker-server=https://10.8.16.16 --docker-username=admin --docker-password=Admin123
# kubectl get secrets myharborkey -o yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJodHRwczovLzEwLjguMTYuMTYiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiQWRtaW4xMjMiLCJhdXRoIjoiWVdSdGFXNDZRV1J0YVc0eE1qTT0ifX19
kind: Secret
metadata:
creationTimestamp: "2022-05-12T02:51:40Z"
name: myharborkey
namespace: default
resourceVersion: "4252534"
selfLink: /api/v1/namespaces/default/secrets/myharborkey
uid: 2c4473a1-f548-4360-af36-3bc8065d3f7a
type: kubernetes.io/dockerconfigjson
挂载配置:
spec:
containers:
- name: game2048
image: https://10.8.16.16/private/game2048
imagePullSecrets:
- name: myharborkey