13.kubernetes笔记|13.kubernetes笔记 Volume存储卷(四) configMap
前言
核心资源类型存储卷,PV、PVC、SC、CSI(Longhorn)
特殊类型的插件:ConfigMap、Secret、downwardAPI
如何为容器化应用提供配置信息:
- 启动容器时,直接向应用程序传递参数,args: []
- 将定义好的配置文件焙进镜像之中;
- 通过环境变量向容器传递配置数据:有个前提要求,应用得支持从环境变量加载配置信息;
制作镜像时,使用entrypoint脚本来预处理变量,常见的做法就是使用非交互式编辑工具,将环境变量的值替换到应用的配置文件中; - 基于存储卷向容器传递配置文件;
运行中的改变,需要由应用程序重载;
ConfigMap 通过env环境变量引用
通过环境变量的配置容器化应用时,需要在容器配置段中嵌套使用env字段,它的值是一个由环境变量构建的列表。每个环项变量通常由name和value(或valueFron)字段构成
- name :环境变量的名称,必选字段;
- value :环境变量的值,通过 $(VAR_NAME)引用,逃逸格式为“$$(VAR_NAME)" 默认值为空;
- valueFrom
- valueFron: 字段可引用的值有多种来源,包括当前Pod资源的属性值,容器相关的系统资源配置、ConfigMap对象中的key以及Secret对象中的Key,它们分别要使用不同的嵌套字段进行定义。
- fieldRef
:当前Pod资源的指定字段,目前支持使用的字段包括metadata.mime、metadata.namespce、 metadata.labels、metadeta.annotations、spesc.nodeName、spec.serviceAccountName、status.hostIP和status.podIP等; - configMapKeyRef
- secretKeyRef
- resourceFieldRef
[root@k8s-master ~]# kubectl create configmap --help#查看示例
...Examples:
# Create a new configmap named my-config based on folder bar
kubectl create configmap my-config --from-file=path/to/bar# Create a new configmap named my-config with specified keys instead of file basenames on disk
kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt# Create a new configmap named my-config with key1=config1 and key2=config2
kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2# Create a new configmap named my-config from the key=value pairs in the file
kubectl create configmap my-config --from-file=path/to/bar# Create a new configmap named my-config from an env file
kubectl create configmap my-config --from-env-file=path/to/bar.envOptions:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
...
示例1:comfigMap创建
[root@k8s-master nginx-conf.d]# cat myserver.conf
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
[root@k8s-master nginx-conf.d]# cat myserver-gzip.cfg
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/cssapplication/xml text/javascript;
[root@k8s-master nginx-conf.d]# cat myserver-status.cfg
location /nginx-status {
stub_status on;
access_log off;
}[root@k8s-master nginx-conf.d]# ls#一共3个配置文件
myserver.confmyserver-gzip.cfgmyserver-status.cfg[root@k8s-master ~]# kubectl create configmap demoapp-config --from-literal=host=0.0.0.0--from-literal=port=8080#创建host=0.0.0.0、literal=port=8080为两个val
configmap/demoapp-config created
[root@k8s-master ~]# kubectl get cm
NAMEDATAAGE
demoapp-config25s#可以看到DATA为2 2个数据项
my-grafana134d
my-grafana-test134d
[root@k8s-master ~]# kubectl describe cm demoapp-config
Name:demoapp-config
Namespace:default
Labels:
Annotations:Data
=https://www.it610.com/article/===
port:#数据项1Port:8080
----
8080
host:#数据项2host: 0.0.0.
----
0.0.0.0
Events:[root@k8s-master ~]# kubectl get cm demoapp-config-o yaml
apiVersion: v1
data:
host: 0.0.0.0
port: "8080"
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-05T09:16:15Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:host: {}
f:port: {}
manager: kubectl-create
operation: Update
time: "2021-08-05T09:16:15Z"
name: demoapp-config
namespace: default
resourceVersion: "6906130"
selfLink: /api/v1/namespaces/default/configmaps/demoapp-config
uid: 625c38a9-02bc-43c7-b351-b2ce7387cab7[root@k8s-master nginx-conf.d]# kubectl create configmap nginx-config --from-file=./myserver.conf--from-file=status.cfg=./myserver-status.cfg#创建2个数据项指定文件,默认以文件名为键名 第2个文件指定status.cfg为键名
configmap/nginx-config created
[root@k8s-master nginx-conf.d]# kubectl get cm
NAMEDATAAGE
demoapp-config218m
my-grafana134d
my-grafana-test134d
nginx-config217s[root@k8s-master nginx-conf.d]# kubectl get cm nginx-config -o yaml
apiVersion: v1
data:
myserver.conf: |# |为多行键值分隔符 为了保存多行数据使用了|和缩进
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
status.cfg: |
location /nginx-status {
stub_status on;
access_log off;
}
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-06T06:35:41Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:myserver.conf: {}
f:status.cfg: {}
manager: kubectl-create
operation: Update
time: "2021-08-06T06:35:41Z"
name: nginx-config
namespace: default
resourceVersion: "7159858"
selfLink: /api/v1/namespaces/default/configmaps/nginx-config
uid: 8dbd637a-fb23-447a-8bb5-9e722d7e871d
[root@k8s-master nginx-conf.d]# ls
myserver.confmyserver-gzip.cfgmyserver-status.cfg[root@k8s-master configmap]# kubectl create configmap nginx-config-files --from-file=./nginx-conf.d/
configmap/nginx-config-file created[root@k8s-master configmap]# kubectl get cm
NAMEDATAAGE
demoapp-config221h
my-grafana135d
my-grafana-test135d
nginx-config218m
nginx-config-files33s#3个数据项[root@k8s-master nginx-conf.d]# kubectl get cm nginx-config-files -o yaml
apiVersion: v1
data:
myserver-gzip.cfg: |
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/cssapplication/xml text/javascript;
myserver-status.cfg: |
location /nginx-status {
stub_status on;
access_log off;
}
myserver.conf: |
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-06T08:02:34Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:myserver-gzip.cfg: {}
f:myserver-status.cfg: {}
f:myserver.conf: {}
manager: kubectl-create
operation: Update
time: "2021-08-06T08:02:34Z"
name: nginx-config-files
namespace: default
resourceVersion: "7177123"
selfLink: /api/v1/namespaces/default/configmaps/nginx-config-files
uid: 2fd21dc3-5e61-4413-bcd5-35337b1ce286
示例2: configMap引用
[root@k8s-master configmap]# cat configmaps-env-demo.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: demoapp-config
namespace: default
data:
demoapp.port: "8080"
demoapp.host: 0.0.0.0
---
apiVersion: v1
kind: Pod
metadata:
name: configmaps-env-demo
namespace: default
spec:
containers:
- image: ikubernetes/demoapp:v1.0
name: demoapp
env:
- name: PORT
valueFrom:
configMapKeyRef:#引用configMap 键值
name: demoapp-config
key: demoapp.port
optional: false#是否为可有可无项 false 为必选项
- name: HOST
valueFrom:
configMapKeyRef:
name: demoapp-config
key: demoapp.host
optional: true#是否可有可无 ture 非必选项[root@k8s-master configmap]# kubectl apply -f configmaps-env-demo.yaml
[root@k8s-master configmap]# kubectl get pod
NAMEREADYSTATUSRESTARTSAGE
centos-deployment-66d8cd5f8b-95brg1/1Running046h
configmaps-env-demo1/1Running0118s
my-grafana-7d788c5479-bpztz1/1Running146h
volumes-pvc-longhorn-demo1/1Running027h
[root@k8s-master comfigmap]# kubectl exec configmaps-env-demo-- netstat -tnl#查看配置是否生效
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local AddressForeign AddressState
tcp00 0.0.0.0:80800.0.0.0:*LISTEN[root@k8s-master configmap]# cat configmaps-volume-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmaps-volume-demo
namespace: default
spec:
containers:
- image: nginx:alpine
name: nginx-server
volumeMounts:
- name: ngxconfs
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes :
- name: ngxconfs
configMap:
name: nginx-config-files#引用前面定义的configmap
optional: false[root@k8s-master configmap]# kubectl get pod
NAMEREADYSTATUSRESTARTSAGE
centos-deployment-66d8cd5f8b-95brg1/1Running046h
configmaps-env-demo1/1Running035m
configmaps-volume-demo1/1Running06m8s
my-grafana-7d788c5479-bpztz1/1Running146h
volumes-pvc-longhorn-demo1/1Running028h[root@k8s-master configmap]# kubectl exec configmaps-volume-demo-it -- /bin/sh
/ # nginx -T......
# configuration file /etc/nginx/conf.d/myserver.conf:#看容器配置文件是否加载configmap配置
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}# configuration file /etc/nginx/conf.d/myserver-gzip.cfg:
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/cssapplication/xml text/javascript;
# configuration file /etc/nginx/conf.d/myserver-status.cfg:
location /nginx-status {
stub_status on;
access_log off;
}[root@k8s-master configmap]# kubectl get pods configmaps-volume-demo -o go-template={{.status.podIP}}
10.244.1.177
[root@k8s-master configmap]# curl 10.244.1.177:8080#默认页面
...
Welcome to nginx![root@k8s-master configmap]# curl -H "Host:www.ik8s.io" 10.244.1.177:8080/nginx-status#自定义页面
Active connections: 1
server accepts handled requests
2 2 2
Reading: 0 Writing: 1 Waiting: 0
挂载configMap一部分资源时有两种方法
1.挂载卷时通过items:参数 指定允许输出到卷的键
2.在容器挂载卷时,指定挂载哪些卷
示例3 configMap items:指定输出key
1.挂载卷时通过items:参数 指定允许输出到卷的键
[root@k8s-master configmap]# ls demoapp-conf.d/#3个配置文件
envoy.yamllds.confmyserver.conf[root@k8s-master configmap]# cat demoapp-conf.d/envoy.yaml
node:
id: sidecar-proxy
cluster: demoapp-clusteradmin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }dynamic_resources:
lds_config:
path: '/etc/envoy/lds.conf'static_resources:
clusters:
- name: local_service
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: local_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 8080[root@k8s-master configmap]# cat demoapp-conf.d/lds.conf
{
"version_info": "0",
"resources": [
{
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "listener_0",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 80
}
},
"filter_chains": [
{
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"stat_prefix": "ingress_http",
"codec_type": "AUTO",
"route_config": {
"name": "local_route",
"virtual_hosts": [
{
"name": "local_service",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "local_service"
}
}
]
}
]
},
"http_filters": [
{
"name": "envoy.router"
}
]
}
}
]
}
]
}
]
}[root@k8s-master configmap]# cat configmaps-volume-demo2.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmaps-volume-demo2
namespace: default
spec:
containers:
- name: proxy
image: envoyproxy/envoy-alpine:v1.14.1
command: ['/bin/sh','-c','envoy -c /etc/envoy/..data/envoy.yaml']
volumeMounts:
- name: appconfs#通过挂载卷引用comfigmap
mountPath: /etc/envoy
readOnly: true
- name: demo
image: ikubernetes/demoapp:v1.0
imagePullPolicy: IfNotPresent
env:#通过环境变量引用 但这里引用的comfigmap文件中并没有定义
- name: PORT
valueFrom:
configMapKeyRef:
name: demoapp-confs
key: demoapp.port
optional: false
- name: HOST
valueFrom:
configMapKeyRef:
name: demoapp-confs
key: demoapp.host
optional: true
volumes:
- name: appconfs
configMap:
name: demoapp-confs#这里只引用的2个文件
items:#默认只允许哪些键 输出给存储卷
- key: envoy.yaml#挂载的键名
path: envoy.yaml#挂载的文件名可以和上面不一样
mode: 0644#挂载后的权限
- key: lds.conf
path: lds.conf
mode: 0644
optional: false[root@k8s-master configmap]# kubectl createcm demoapp-confs --from-literal=demoapp.host=127.0.0.1 --from-literal=demoapp.port="8080" --from-file=./demoapp-conf.d/#创建时定义demoapp.host、demoapp.port[root@k8s-master ~]# kubectl describe cm demoapp-confs
Name:demoapp-confs
Namespace:default
Labels:
Annotations:Data
=https://www.it610.com/article/===
demoapp.host:
----
127.0.0.1
demoapp.port:
----
8080
envoy.yaml:
----
node:
id: sidecar-proxy
cluster: demoapp-clusteradmin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }dynamic_resources:
lds_config:
path:'/etc/envoy/lds.conf'static_resources:
clusters:
- name: local_service
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: local_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 8080lds.conf:
----
{
"version_info": "0",
"resources": [
{
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "listener_0",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 80
}
},
"filter_chains": [
{
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"stat_prefix": "ingress_http",
"codec_type": "AUTO",
"route_config": {
"name": "local_route",
"virtual_hosts": [
{
"name": "local_service",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "local_service"
}
}
]
}
]
},
"http_filters": [
{
"name": "envoy.router"
}
]
}
}
]
}
]
}
]
}Events:[root@k8s-master configmap]# kubectl apply-f configmaps-volume-demo2.yaml
pod/configmaps-volume-demo2 created[root@k8s-master ~]# kubectl get pod -o wide
NAMEREADYSTATUSRESTARTSAGEIPNODENOMINATED NODEREADINESS GATES
configmaps-volume-demo1/1Running06h47m10.244.1.177k8s-node1
configmaps-volume-demo22/2Running035m10.244.1.182k8s-node1
my-grafana-7d788c5479-bpztz1/1Running12d5h10.244.2.120k8s-node2
volumes-pvc-longhorn-demo1/1Running035h10.244.2.124k8s-node2[root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c demo -- netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local AddressForeign AddressStatePID/Program name
tcp00 0.0.0.0:99010.0.0.0:*LISTEN-
tcp00 127.0.0.1:80800.0.0.0:*LISTEN1/python3
tcp00 0.0.0.0:800.0.0.0:*LISTEN-[root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c proxy -- netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local AddressForeign AddressStatePID/Program name
tcp00 0.0.0.0:99010.0.0.0:*LISTEN1/envoy
tcp00 127.0.0.1:80800.0.0.0:*LISTEN-
tcp00 0.0.0.0:800.0.0.0:*LISTEN1/envoy[root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c proxy -- ls /etc/envoy
envoy.yaml
lds.conf
示例4: configMap subPath挂载指定键
【13.kubernetes笔记|13.kubernetes笔记 Volume存储卷(四) configMap】2.在容器挂载卷时,指定挂载哪些键
[root@k8s-master configmap]# cat configmaps-volume-demo3.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-volume-demo3
namespace: default
spec:
containers:
- image: nginx:alpine
name: nginx-server
volumeMounts:
- name: ngxconfs
mountPath: /etc/nginx/conf.d/myserver.conf#本机挂载目录
subPath: myserver.conf#挂载configMap中的子项 目录或某个值
readOnly: true
- name: ngxconfs
mountPath: /etc/nginx/conf.d/myserver-gzip.cfg
subPath: myserver-gzip.cfg
readOnly: true
volumes:
- name: ngxconfs
configMap:
name: nginx-config-files#之前示例中已经创建 包含3个DATA数据项[root@k8s-master configmap]# kubectl apply-f configmaps-volume-demo3.yaml
pod/configmap-volume-demo3 created[root@k8s-master configmap]# kubectl exec configmap-volume-demo3 -it -- /bin/sh#只引用了其中2项数据
/ # ls /etc/nginx/conf.d/
default.confmyserver-gzip.cfgmyserver.conf
configMap 文件的引用、重载
[root@k8s-master configmap]# kubectl get pod -o wide
NAMEREADYSTATUSRESTARTSAGEIPNODENOMINATED NODEREADINESS GATES
centos-deployment-66d8cd5f8b-95brg1/1Running02d18h10.244.2.117k8s-node2
configmap-volume-demo31/1Running011m10.244.1.186k8s-node1
configmaps-env-demo1/1Running020h10.244.1.173k8s-node1
configmaps-volume-demo1/1Running019h10.244.1.177k8s-node1
configmaps-volume-demo22/2Running013h10.244.1.182k8s-node1
my-grafana-7d788c5479-bpztz1/1Running12d18h10.244.2.120k8s-node2
volumes-pvc-longhorn-demo1/1Running02d10.244.2.124k8s-node2
[root@k8s-master configmap]# curl -H "Host:www.ik8s.io" 10.244.1.177:8080/nginx-status
Active connections: 1
server accepts handled requests
4 4 4
Reading: 0 Writing: 1 Waiting: 0
[root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls -lA#引用的comfigMap实际指向是一个隐藏时间戳文件
total 0
drwxr-xr-x2 rootroot79 Aug6 08:02 ..2021_08_06_08_02_41.172956995
lrwxrwxrwx1 rootroot31 Aug6 08:02 ..data -> ..2021_08_06_08_02_41.172956995
lrwxrwxrwx1 rootroot24 Aug6 08:02 myserver-gzip.cfg -> ..data/myserver-gzip.cfg
lrwxrwxrwx1 rootroot26 Aug6 08:02 myserver-status.cfg -> ..data/myserver-status.cfg
lrwxrwxrwx1 rootroot20 Aug6 08:02 myserver.conf -> ..data/myserver.conf/etc/nginx/conf.d # cd ..data/#里面才是真实的配置文件
/etc/nginx/conf.d/..2021_08_06_08_02_41.172956995 # ls
myserver-gzip.cfgmyserver-status.cfgmyserver.conf
/etc/nginx/conf.d # exit[root@k8s-master configmap]# kubectl get cm
NAMEDATAAGE
demoapp-config442h
demoapp-confs413h
nginx-config221h
nginx-config-files319h
[root@k8s-master configmap]# kubectl edit cm nginx-config-files#修改对应的configMap
apiVersion: v1
data:
myserver-gzip.cfg: |
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/cssapplication/xml text/javascript;
myserver-status.cfg: |
location /nginx-status {
stub_status on;
access_log off;
allow 127.0.0.0/8;
#随便添加2行配置
deny all;
}
...
configmap/nginx-config-files edited
[root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh
/ # cd /etc/nginx/conf.d/..
..2021_08_06_08_02_41.172956995/..data/
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls -lA
total 0
drwxr-xr-x2 rootroot79 Aug7 03:58 ..2021_08_07_03_58_59.548609753
lrwxrwxrwx1 rootroot31 Aug7 03:58 ..data -> ..2021_08_07_03_58_59.548609753#链接的时间戳文件已经发生改变 重载的时间会在短时间内随机生成 并不是所有Pod同一时间重载
lrwxrwxrwx1 rootroot24 Aug6 08:02 myserver-gzip.cfg -> ..data/myserver-gzip.cfg
lrwxrwxrwx1 rootroot26 Aug6 08:02 myserver-status.cfg -> ..data/myserver-status.cfg
lrwxrwxrwx1 rootroot20 Aug6 08:02 myserver.conf -> ..data/myserver.conf/ # nginx -T#应用是否支持热加载和自动重载需要看具体的应用,一般云原生应用都会支持热加载当检测到配置有更新之后会自动重载,一般非原生应用可能需要重启Pod
# configuration file /etc/nginx/conf.d/myserver-gzip.cfg:
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/cssapplication/xml text/javascript;
# configuration file /etc/nginx/conf.d/myserver-status.cfg:
location /nginx-status {
stub_status on;
access_log off;
allow 127.0.0.0/8;
deny all;
}/etc/nginx/conf.d # exit
推荐阅读
- EffectiveObjective-C2.0|EffectiveObjective-C2.0 笔记 - 第二部分
- Android中的AES加密-下
- 【读书笔记】贝叶斯原理
- 【韩语学习】(韩语随堂笔记整理)
- 人性的弱点-笔记
- 读书笔记:博登海默法理学|读书笔记:博登海默法理学 —— 正义的探索(1)
- D034+3组苏曼+《写作这回事》读书笔记
- 《自我的追寻》读书笔记3
- 最有效的时间管理工具(赢效率手册和总结笔记)
- 机器学习|机器学习 Andrew Ng《Machine Learning》课程笔记1