以下内容均来自个人笔记并重新梳理，如有错误欢迎指正！如果对您有帮助，烦请点赞、关注、转发！欢迎扫码关注个人公众号！

---

目录

一、ConfigMap 使用方式

1、注入环境变量

2、挂载配置文件

二、Secret 使用方式

1、注入环境变量

2、设置镜像密钥

3、设置TLS凭据

---

一、ConfigMap 使用方式

1、注入环境变量

• 方式一（指定）

在 deployment.yaml 的 env 部分，通过 configMapKeyRef 方式注入指定的环境变量。

# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: demo-configmap
data:RUN_ENV: prodRUN_MODE: allinone...---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: demo-deployment
spec:replicas: 1selector:matchLabels:app: demo-deploymenttemplate:metadata:labels:app: demo-deploymentspec:containers:- name: demo-containerimage: demo-image:latestports:- containerPort: 80env:- name: RUN_ENVvalueFrom:configMapKeyRef:name: demo-configmapkey: RUN_ENV- name: RUN_MODEvalueFrom:configMapKeyRef:name: demo-configmapkey: RUN_MODE

• 方式二

在 deployment.yaml 的 envFrom 部分，通过 configMapRef 方式注入所有环境变量。

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: demo-deployment
spec:replicas: 1selector:matchLabels:app: demo-deploymenttemplate:metadata:labels:app: demo-deploymentspec:containers:- name: demo-containerimage: demo-image:latestports:- containerPort: 80envFrom:- configMapRef:name: demo-configmap

2、挂载配置文件

在 deployment.yaml 中，通过 volume 方式挂载为容器配置文件 /etc/config/conf_A 和 /etc/config/conf_B。

# configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: demo-configmap
data:conf_A: |host: hostAname: nameAconf_B: |host: hostBname: nameB---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: demo-deployment
spec:replicas: 1selector:matchLabels:app: demo-deploymenttemplate:metadata:labels:app: demo-deploymentspec:containers:- name: demo-containerimage: demo-image:latestports:- containerPort: 80volumeMounts:- name: confmountPath: /etc/configvolumes:- name: confconfigMap:name: demo-configmapdefaultMode: 420

---

二、Secret 使用方式

1、注入环境变量

• 方式一

在 deployment.yaml 的 env 部分，通过 secretKeyRef 方式注入指定环境变量。

# secret.yaml
apiVersion: v1
kind: Secret
metadata:name: demo-secret
type: Opaque
data:password: MTIzNDU2Cg==...---
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: demo-deployment
spec:replicas: 1selector:matchLabels:app: demo-deploymenttemplate:metadata:labels:app: demo-deploymentspec:containers:- name: demo-containerimage: demo-image:latestports:- containerPort: 80env:- name: passwordvalueFrom:secretKeyRef:name: demo-secretkey: password

• 方式二

在 deployment.yaml 的 envFrom 部分，通过 secretRef 方式注入所有环境变量。

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: demo-deployment
spec:replicas: 1selector:matchLabels:app: demo-deploymenttemplate:metadata:labels:app: demo-deploymentspec:containers:- name: demo-containerimage: demo-image:latestports:- containerPort: 80envFrom:- secretRef:name: demo-secret

2、设置镜像密钥

在 deployment.yaml 中，通过 imagePullSecrets 指定下载镜像所需的镜像仓库密钥。

# 创建 docker-registry 对象
kubectl create secret docker-registry demo-secret \
--docker-server=DOCKER_SERVER \
--docker-username=DOCKER_USER \
--docker-password=DOCKER_PASSWORD# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: demo-deployment
spec:replicas: 1selector:matchLabels:app: demo-deploymenttemplate:metadata:labels:app: demo-deploymentspec:containers:- name: demo-containerimage: demo-image:latestports:- containerPort: 80imagePullSecrets:name: demo-secret

3、设置 TLS 凭据

在 ingress.yaml 中的 tls 部分，指定域名证书对应的 Secret 对象。

# 创建 TLS 对象
kubectl create secret tls demo-secret --cert=tls.crt --key=tls.key# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: demo-ingress
spec:rules:
...tls:- hosts:- demo.comsecretName: demo-secret

说明：后续文章将详细介绍 ingress 对象