k8s 持久化存储及configmap、secret挂载

1、挂载主机目录,常用于日志文件挂载和hosts文件挂载

        volumeMounts:
        - mountPath: /etc/hosts
          name: hosts
          subPath: hosts
        - mountPath: /www/logs/
          name: clife-sleep-commons-web-push-business-logs

      volumes:
      - hostPath:
          path: /etc/
          type: ""
        name: hosts
      - hostPath:
          path: /data/services/logs/new-county/
          type: ""
        name: clife-sleep-commons-web-push-business-logs
        
        
2、挂载configmap

创建configmap资源
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config
data:
  my.cnf: |
    [mysqld]
    datadir=/var/lib/mysql
    
    log-error=/var/log/mysql/error.log
    slow_query_log=ON
    slow_query_log_file=/var/log/mysql/tmp_slow.log
    
    default-storage-engine=INNODB
    character_set_server=utf8
    lower_case_table_names=1
    table_open_cache=128
    max_connections=2000
    max_connect_errors=6000
    innodb_file_per_table=1
    innodb_buffer_pool_size=1G
    max_allowed_packet=64M
    transaction_isolation=READ-COMMITTED
    innodb_flush_method=O_DIRECT
    innodb_lock_wait_timeout=1800
    innodb_flush_log_at_trx_commit=0
    sync_binlog=0

    sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

    skip-name-resolve

    [mysql]
    default-character-set=utf8

    [mysql.server]
    default-character-set=utf8
  init.sql: |
    CREATE DATABASE `metersphere` /*!40100 DEFAULT CHARACTER SET utf8 */;

挂载配置:    
          volumeMounts:
            - mountPath: /etc/mysql/conf.d/my.cnf
              name: opt-metersphere-config
              subPath: my.cnf
            - mountPath: /docker-entrypoint-initdb.d/init.sql
              name: init-mysql
              subPath: init.sql

      volumes:
        - configMap:
            defaultMode: 420
            name: mysql-config
          name: opt-metersphere-config
        - configMap:
            defaultMode: 420
            name: mysql-config
          name: init-mysql

3、挂载pvc

先创建pvc资源

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: mysql-data-pvc
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
  storageClassName: nfs-client

挂载配置:
          volumeMounts:
            - mountPath: /var/lib/mysql
              name: mysql-data  
      volumes:
        - name: mysql-data
          persistentVolumeClaim:
            claimName: mysql-data-pvc

            
若想把同一个pvc挂载多个文件或目录,可以使用 subPath,

同时挂载 mysql data和log目录

          volumeMounts:
            - mountPath: /var/lib/mysql
              name: mysql
              subPath: mysql
            - mountPath: /var/log/mysql
              name: mysql
              subPath: log
              
      volumes:
        - name: mysql
          persistentVolumeClaim:
            claimName: mysql-data-pvc


            
4、挂载nfs文件系统

    volumeMounts:
    - mountPath: /usr/share/nginx/html
      name: test-volume
  volumes:
  - name: test-volume
    nfs:
      server: 172.25.254.4
      path: /nfsdata


5、挂载secert

创建secert资源
apiVersion: v1 
kind: Secret 
metadata:  
  name: mysecret 
type: Opaque 
data:  
  username: YWRtaW4=  
  password: YWRtaW4=
  
a.将Secret挂载到Volume中的配置:
    volumeMounts:    
    - name: secrets      
      mountPath: "/secret"      
      readOnly: true  
  volumes:  
  - name: secrets    
    secret:      
      secretName: mysecret
  
b.将Secret设置为环境变量挂载配置:
spec:
  containers:
  - name: nginx
    image: nginx
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
--------------------------------------------
将镜像仓库认证信息配置为Secret:
kubectl create secret docker-registry  myharborkey --docker-server=https://10.8.16.16 --docker-username=admin --docker-password=Admin123

# kubectl get  secrets myharborkey -o yaml
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovLzEwLjguMTYuMTYiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiQWRtaW4xMjMiLCJhdXRoIjoiWVdSdGFXNDZRV1J0YVc0eE1qTT0ifX19
kind: Secret
metadata:
  creationTimestamp: "2022-05-12T02:51:40Z"
  name: myharborkey
  namespace: default
  resourceVersion: "4252534"
  selfLink: /api/v1/namespaces/default/secrets/myharborkey
  uid: 2c4473a1-f548-4360-af36-3bc8065d3f7a
type: kubernetes.io/dockerconfigjson


挂载配置:
spec:  
  containers:    
    - name: game2048 
      image: https://10.8.16.16/private/game2048
  imagePullSecrets:    
    - name: myharborkey