3. Manage Storage for Application Configuration and Data Flashcards
- Create and use secrets
Create the secrets like you used to do with kubectl
oc create secret
# from literal
oc create secret generic mysec –from-literal key1=secret1 –from-literal key2=secret2
# from env file
oc create secret generic mysec –from-env-file /path/to/file.env
# …
# tls secret
oc create secret tls mysec-tls –cert /path-to-certificate –key /path-to-key
Use Secrets in imperative mode with existing deployment
# mount the secret as volume in existing deployment
oc set volume deployment/demo –add –type secret -secret-name mysec –mount-path /app-secrets
# inject secret as env variables in existing deployment
oc set env deployment/demo –from secret/mysec –prefix MYSQL_
Update Secrets
As well as oc edit secret/xx you can use oc extract and oc set data secret/xx to update your secret
Extract - Set Data
# extract data to /tmp/demo
oc extract secret/demo-secrets -n demo –to /tmp/demo –confirm
ls /tmp/demo/
user root_password
# update root_password
echo xxx > /tmp/demo/root_password
# apply the password change
oc set data secret/demo-secrets -n demo –from-file /tmp/demo/root_password
- Create and use configuration maps
Create the configmaps like you used to do with kubectl
oc create configmap
# from literal
kubectl create configmap myconfig –from-literal key1=config1 –from-literal key2=config2
# from env file
oc create configmap myconfig-env –from-env-file /path/to/file.env
# from file
oc create configmap myconfig_f –from-file /path/to/config-files/httpd.conf
Use configmap in imperative mode with existing deployment
# mount the configmap in existing deployment
oc set volume deployment/demo –add –type configmap –configmap-name demo-map –mount-path /app-secrets –name myvol
# To confirm that the volume is attached to the deployment
oc set volume deployment/demo
demo
configMap/demo-map as myvol
mounted at /app-secrets
# remove the volume
oc set volume deployment/demo –remove –name myvol
You can add this annotation configmap.reloader.stakater.com/reload: <configmap_name> in your deployment,
so that the controller can roll out deployments automaticall when the config-app configuration map changes.</configmap_name>
- Provision Persistent Storage volumes for block and file-based data
To add a pvc/pv volume to an deployment, use the oc set volumes as well
Volumes
oc set volumes deployment/example-application \
–add \
–name example-pv-storage \ # volume name
–type persistentVolumeClaim \ # -t pvc
–claim-mode rwo \
–claim-size 15Gi \
–claim-name example-pv-claim # PVC name
–mount-path /var/lib/example-app \ 7
# mount existing pvc
oc set volume deployment/existing-pvc
–add \
–name exisiting-pvc-vol
–claim-name my-exisiting-pvc
–mount-path /var/tmp
# claim mode
# rwo : ReadWriteOnce
# ROX: readOnlyMany
# RWX: ReadWriteMany
Here is the Persistent Storage documentation.
- Use storage classes
Add the option –claim-class when you mount a pvc with oc set volumes.
Volumes - StorageClass
oc set volumes deployment/db-pod \
–add –name odf-lvm-storage –type pvc \
–claim-mode rwo –claim-size 1Gi –mount-path /var/lib/mysql \
–claim-class lvms-vg1 \ # storageclass
–claim-name db-pod-odf-pv
- Manage non-shared storage with StatefulSets
Add a volumeClaimTemplates block in your statefulset manifest
volumeClaimTemplate
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: dbserver
spec:
selector:
matchLabels:
app: database
replicas: 2
template:
metadata:
labels:
app: database
spec:
terminationGracePeriodSeconds: 10
containers:
- name: dbserver
image: registry.ocp4.example.com:8443/redhattraining/mysql-app:v1
ports:
- name: database
containerPort: 3306
env:
- name: MYSQL_USER
value: “redhat”
- name: MYSQL_PASSWORD
value: “redhat123”
- name: MYSQL_DATABASE
value: “sakila”
volumeMounts: # mount volume
- name: data
mountPath: /var/lib/mysql
volumeClaimTemplates: # add volumeclaimtemplate
- metadata:
name: data
spec:
accessModes: [ “ReadWriteOnce” ]
storageClassName: “lvms-vg1”
resources:
requests:
storage: 1Gi
