kubernetes(k8s):configmap配置管理
文章目录
- 1. configmap的作用
- 2.创建configmap的四种方式:
- 2.1 使用字面值创建
- 2.2 使用文件创建
- 2.3 使用目录创建
- 2.4 编写configmap的yaml文件
- 3. 如何使用configmap
- 3.1 使用configmap设置环境变量
- 3.2 使用configmap设置命令行参数
- 3.3 作为volume的方式挂载到pod内
- 3.4 configmap热更新
1. configmap的作用
configmap和secret是两种特殊的存储卷,它们不是给pod提供存储空间用的,而是给管理员或者用户提供了从外部向pod内部注入信息的方式.
configmap:把配置文件放在配置中心上,然后多个pod读取配置中心的配置文件,不过,configmap中的配置信息都是明文的,所以不安全;
secret:功能和configmap一样,只不过配置中心存储的配置文件不是明文的.configmap和secret也是专属于某个名称空间的.
- Configmap用于保存配置数据,以
键值对形式存储。 - configMap 资源提供了向 Pod 注入配置数据的方法。
- 旨在让镜像和配置文件解耦,以便实现镜像的可移植性和可复用性。
典型的使用场景:
- 填充环境变量的值
- 设置容器内的命令行参数
- 填充卷的配置文件
2.创建configmap的四种方式:
创建ConfigMap的方式有4种:
- 使用字面值创建
- 使用文件创建
- 使用目录创建
- 编写configmap的yaml文件创建
2.1 使用字面值创建
[kubeadm@server2 ~]$ kubectl create configmap cm1 --from-literal=key1=vules1 #cm1是名字,key1是键,vules1是值
configmap/cm1 created
[kubeadm@server2 ~]$ kubectl get cm
NAME DATA AGE
cm1 1 4s
[kubeadm@server2 ~]$ kubectl describe cm cm1
Name: cm1
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
key1:
----
vules1
Events: <none>
[kubeadm@server2 ~]$ kubectl get cm -o yaml
apiVersion: v1
items:
- apiVersion: v1
data:
key1: vules1
kind: ConfigMap
metadata:
creationTimestamp: "2020-04-25T03:39:08Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:key1: {}
manager: kubectl
operation: Update
time: "2020-04-25T03:39:08Z"
name: cm1
namespace: default
resourceVersion: "652706"
selfLink: /api/v1/namespaces/default/configmaps/cm1
uid: dc90d656-0d27-4e94-ab7e-3b3ef9096c68
kind: List
metadata:
resourceVersion: ""
selfLink: ""
[kubeadm@server1 configmap]$ kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
configmap/my-config created
[kubeadm@server1 configmap]$ kubectl get cm
NAME DATA AGE
my-config 2 10s
[kubeadm@server1 configmap]$
2.2 使用文件创建
key的名称是文件名称,value的值是文件的内容
[kubeadm@server2 ~]$ kubectl create configmap cm2 --from-file=/etc/resolv.conf # key的名称是文件名称,value的值是这个文件的内容
configmap/cm2 created
[kubeadm@server2 ~]$ kubectl get cm
NAME DATA AGE
cm1 1 5m2s
cm2 1 7s
[kubeadm@server2 ~]$ kubectl describe cm cm2
Name: cm2
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
resolv.conf:
----
nameserver 114.114.114.114
Events: <none>
2.3 使用目录创建
目录中的文件名为key,文件内容是value
[kubeadm@server2 manifest]$ mkdir cm
[kubeadm@server2 manifest]$ cd cm
[kubeadm@server2 cm]$ cp /etc/resolv.conf .
[kubeadm@server2 cm]$ cp /etc/hosts .
[kubeadm@server2 cm]$ ls
hosts resolv.conf
[kubeadm@server2 cm]$ cd ..
[kubeadm@server2 manifest]$ kubectl create configmap cm3 --from-file=cm
# 目录中的文件名为key,文件内容是value
configmap/cm3 created
[kubeadm@server2 manifest]$ kubectl describe cm cm3
Name: cm3
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
hosts:
----
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.60.1 server1 reg.westos.org
172.25.60.2 server2
172.25.60.3 server3
172.25.60.4 server4
172.25.60.5 server5
127.0.1.1 server2
172.25.60.250 foundation60.ilt.example.com
resolv.conf:
----
nameserver 114.114.114.114
Events: <none>
2.4 编写configmap的yaml文件
[kubeadm@server2 cm]$ cat cm4.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: cm4
data:
db_host: "172.25.60.250"
db_port: "3306"
[kubeadm@server2 cm]$ kubectl apply -f cm4.yaml
configmap/cm4 created
[kubeadm@server2 cm]$ kubectl describe cm cm4
Name: cm4
Namespace: default
Labels: <none>
Annotations:
Data
====
db_host:
----
172.25.60.250
db_port:
----
3306
Events: <none>
3. 如何使用configmap
- 通过环境变量的方式直接传递给pod
- 通过在pod的命令行下运行的方式
- 作为volume的方式挂载到pod内
3.1 使用configmap设置环境变量
通过环境变量的方式直接传递给pod
方式1:定义key
[kubeadm@server2 cm]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: pod1
image: busybox
command: ["/bin/sh","-c","env"]
env:
- name: key1
valueFrom:
configMapKeyRef:
name: cm4
key: db_host
- name: key2
valueFrom:
configMapKeyRef:
name: cm4
key: db_port
restartPolicy: Never
[kubeadm@server2 cm]$ kubectl apply -f pod.yaml
pod/pod1 created
[kubeadm@server2 manifest]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
pod1 0/1 Completed 0 5m51s
[kubeadm@server2 manifest]$ kubectl logs pod1
MYSERVICE_SERVICE_HOST=10.111.9.105
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=pod1
SHLVL=1
HOME=/root
MYSERVICE_SERVICE_PORT=80
MYSERVICE_PORT=tcp://10.111.9.105:80
MYSERVICE_PORT_80_TCP_ADDR=10.111.9.105
MYSERVICE_PORT_80_TCP_PORT=80
MYSERVICE_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
key1=172.25.60.250 //key1
KUBERNETES_PORT_443_TCP_PROTO=tcp
key2=3306 //key2
MYSERVICE_PORT_80_TCP=tcp://10.111.9.105:80
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
方式2:直接导入
[kubeadm@server2 cm]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: pod1
image: busybox
command: ["/bin/sh","-c","env"]
envFrom: //直接导入环境变量
- configMapRef:
name: cm4
restartPolicy: Never
[kubeadm@server2 cm]$ kubectl apply -f pod.yaml
pod/pod1 created
[kubeadm@server2 cm]$ kubectl logs pod1
MYSERVICE_SERVICE_HOST=10.111.9.105
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=pod1
SHLVL=1
db_port=3306 //刚刚导入的configmap配置信息db_port=3306
HOME=/root
MYSERVICE_PORT=tcp://10.111.9.105:80
MYSERVICE_SERVICE_PORT=80
MYSERVICE_PORT_80_TCP_ADDR=10.111.9.105
MYSERVICE_PORT_80_TCP_PORT=80
MYSERVICE_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
MYSERVICE_PORT_80_TCP=tcp://10.111.9.105:80
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
db_host=172.25.60.250 //刚刚导入的configmap配置信息db_host=172.25.60.250
3.2 使用configmap设置命令行参数
通过在pod的命令行下运行的方式
[kubeadm@server2 cm]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: pod1
image: busybox
command: ["/bin/sh","-c","echo $(db_host) $(db_port)"] //命令行参数
envFrom:
- configMapRef:
name: cm4
restartPolicy: Never
[kubeadm@server2 cm]$ kubectl apply -f pod.yaml
pod/pod1 created
[kubeadm@server2 cm]$ kubectl logs pod1
172.25.60.250 3306
3.3 作为volume的方式挂载到pod内
通过数据卷使用configmap
[kubeadm@server2 cm]$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: pod1
image: myapp:v1
volumeMounts:
- name: config-volume
mountPath: /config
volumes:
- name: config-volume
configMap:
name: cm4
restartPolicy: Never
[kubeadm@server2 cm]$ kubectl apply -f pod.yaml
pod/pod1 created
[kubeadm@server2 cm]$ kubectl exec -it pod1 -- sh
/ # ls
bin config dev etc home lib media mnt proc root run sbin srv sys tmp usr var
/ # cd /config/
/config # ls
db_host db_port
/config # ls -l
total 0
lrwxrwxrwx 1 root root 14 Apr 25 05:35 db_host -> ..data/db_host
lrwxrwxrwx 1 root root 14 Apr 25 05:35 db_port -> ..data/db_port
cm4里面的key挂接在pod里面/config下的文件名 文件内容是cm4的value
3.4 configmap热更新
[kubeadm@server2 cm]$ cat pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/nginx/conf.d
volumes:
- name: config-volume
configMap:
name: nginxconf
[kubeadm@server2 cm]$ cat nginx.conf
server {
listen 8000;
server_name _;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
[kubeadm@server2 cm]$ kubectl create configmap nginxconf --from-file=nginx.conf
configmap/nginxconf created
[kubeadm@server2 cm]$ kubectl describe cm nginxconf
Name: nginxconf
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
nginx.conf:
----
server {
listen 8000;
server_name _;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
Events: <none>
[kubeadm@server2 cm]$ kubectl create -f pod.yaml
deployment.apps/my-nginx created
[kubeadm@server2 cm]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-9f4f65995-cdz2s 1/1 Running 0 27m 10.244.2.39 server4 <none> <none>
[kubeadm@server2 cm]$ curl 10.244.2.39:8000
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[kubeadm@server2 cm]$ kubectl exec -it my-nginx-9f4f65995-cdz2s -- bash
root@my-nginx-9f4f65995-cdz2s:/# cd /etc/nginx/conf.d/
root@my-nginx-9f4f65995-cdz2s:/etc/nginx/conf.d# ls
nginx.conf
root@my-nginx-9f4f65995-cdz2s:/etc/nginx/conf.d# cat nginx.conf
server {
listen 8000;
server_name _;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
Configmap解决的是配置文件和镜像的解耦
就是把配置文件独立出来
更新configmap里面的内容并没有触发更新容器内的数据
需要手动删除掉pod后,deployment会继续重新维护拉起一个pod,相当于触发更新
更改配置文件:将端口改为80
[kubeadm@server2 cm]$ kubectl edit cm nginxconf
listen\t80
滚动更新
每次通过修改“version/config”来触发Pod滚动更新。
使用configmap挂载的env环境变量是不会更新的。
[kubeadm@server2 cm]$ kubectl patch deployments.apps my-nginx --patch '{"spec":{"template":{"metadata":{"annotations":{"version/config":"20200425"}}}}}'
deployment.apps/my-nginx patched
[kubeadm@server2 cm]$ kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-nginx-857d665768-wbmjh 1/1 Running 0 86s 10.244.1.43 server3 <none> <none>
[kubeadm@server2 cm]$ curl 10.244.1.43
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[kubeadm@server2 cm]$ kubectl exec -it my-nginx-857d665768-wbmjh -- bash
root@my-nginx-857d665768-wbmjh:/# cat /etc/nginx/conf.d/nginx.conf
server {
listen 80; //已经更新为80端口
server_name _;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
root@my-nginx-857d665768-wbmjh:/# exit
可以看出configmap热更新以生效,但访问Pod的8080端口是无效的:
curl 10.244.1.95:8080
curl: (7) Failed connect to 10.244.1.95:8080; Connection refused
需要手动触发Pod滚动更新, 这样才能再次加载nginx.conf配置文件:
$ kubectl patch deployments.apps my-nginx --patch '{"spec": {"template": {"metadata": {"annotations": {"version/config": "20200219"}}}}}'