前言
核心资源类型存储卷,PV、PVC、SC、CSI(Longhorn)
特殊类型的插件:ConfigMap、Secret、downwardAPI
如何为容器化应用提供配置信息:
- 启动容器时,直接向应用程序传递参数,args: []
- 将定义好的配置文件焙进镜像之中;
- 通过环境变量向容器传递配置数据:有个前提要求,应用得支持从环境变量加载配置信息;
制作镜像时,使用entrypoint脚本来预处理变量,常见的做法就是使用非交互式编辑工具,将环境变量的值替换到应用的配置文件中; - 基于存储卷向容器传递配置文件;
运行中的改变,需要由应用程序重载;
ConfigMap简介
ConfigMap API资源用来保存key-value pair配置数据,这个数据可以在pods里使用,或者被用来为像controller一样的系统组件存储配置数据。虽然ConfigMap跟Secrets类似,但是ConfigMap更方便的处理不含敏感信息的字符串。 注意:ConfigMaps不是属性配置文件的替代品。ConfigMaps只是作为多个properties文件的引用。你可以把它理解为Linux系统中的/etc目录,专门用来存储配置文件的目录。
ConfigMap 通过env环境变量引用
通过环境变量的配置容器化应用时,需要在容器配置段中嵌套使用env字段,它的值是一个由环境变量构建的列表。每个环项变量通常由name和value(或valueFron)字段构成
- name
:环境变量的名称,必选字段; - value
:环境变量的值,通过 $(VAR_NAME)引用,逃逸格式为“$$(VAR_NAME)" 默认值为空; - valueFrom
- valueFron: 字段可引用的值有多种来源,包括当前Pod资源的属性值,容器相关的系统资源配置、ConfigMap对象中的key以及Secret对象中的Key,它们分别要使用不同的嵌套字段进行定义。
- fieldRef
:当前Pod资源的指定字段,目前支持使用的字段包括metadata.mime、metadata.namespce、 metadata.labels、metadeta.annotations、spesc.nodeName、spec.serviceAccountName、status.hostIP和status.podIP等; - configMapKeyRef
- secretKeyRef
- resourceFieldRef
[root@k8s-master ~]# kubectl create configmap --help #查看示例
...
Examples:
# Create a new configmap named my-config based on folder bar
kubectl create configmap my-config --from-file=path/to/bar
# Create a new configmap named my-config with specified keys instead of file basenames on disk
kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
# Create a new configmap named my-config with key1=config1 and key2=config2
kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
# Create a new configmap named my-config from the key=value pairs in the file
kubectl create configmap my-config --from-file=path/to/bar
# Create a new configmap named my-config from an env file
kubectl create configmap my-config --from-env-file=path/to/bar.env
Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
...
示例1:comfigMap创建
[root@k8s-master nginx-conf.d]# cat myserver.conf
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
[root@k8s-master nginx-conf.d]# cat myserver-gzip.cfg
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
[root@k8s-master nginx-conf.d]# cat myserver-status.cfg
location /nginx-status {
stub_status on;
access_log off;
}
[root@k8s-master nginx-conf.d]# ls #一共3个配置文件
myserver.conf myserver-gzip.cfg myserver-status.cfg
[root@k8s-master ~]# kubectl create configmap demoapp-config --from-literal=host=0.0.0.0 --from-literal=port=8080 #创建host=0.0.0.0、literal=port=8080为两个val
configmap/demoapp-config created
[root@k8s-master ~]# kubectl get cm
NAME DATA AGE
demoapp-config 2 5s #可以看到DATA为2 2个数据项
my-grafana 1 34d
my-grafana-test 1 34d
[root@k8s-master ~]# kubectl describe cm demoapp-config
Name: demoapp-config
Namespace: default
Labels:
Annotations:
Data
====
port: #数据项1 Port:8080
----
8080
host: #数据项2 host: 0.0.0.
----
0.0.0.0
Events:
[root@k8s-master ~]# kubectl get cm demoapp-config -o yaml
apiVersion: v1
data:
host: 0.0.0.0
port: "8080"
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-05T09:16:15Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:host: {}
f:port: {}
manager: kubectl-create
operation: Update
time: "2021-08-05T09:16:15Z"
name: demoapp-config
namespace: default
resourceVersion: "6906130"
selfLink: /api/v1/namespaces/default/configmaps/demoapp-config
uid: 625c38a9-02bc-43c7-b351-b2ce7387cab7
[root@k8s-master nginx-conf.d]# kubectl create configmap nginx-config --from-file=./myserver.conf --from-file=status.cfg=./myserver-status.cfg #创建2个数据项指定文件,默认以文件名为键名 第2个文件指定status.cfg为键名
configmap/nginx-config created
[root@k8s-master nginx-conf.d]# kubectl get cm
NAME DATA AGE
demoapp-config 2 18m
my-grafana 1 34d
my-grafana-test 1 34d
nginx-config 2 17s
[root@k8s-master nginx-conf.d]# kubectl get cm nginx-config -o yaml
apiVersion: v1
data:
myserver.conf: | # |为多行键值分隔符 为了保存多行数据使用了|和缩进
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
status.cfg: |
location /nginx-status {
stub_status on;
access_log off;
}
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-06T06:35:41Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:myserver.conf: {}
f:status.cfg: {}
manager: kubectl-create
operation: Update
time: "2021-08-06T06:35:41Z"
name: nginx-config
namespace: default
resourceVersion: "7159858"
selfLink: /api/v1/namespaces/default/configmaps/nginx-config
uid: 8dbd637a-fb23-447a-8bb5-9e722d7e871d
[root@k8s-master nginx-conf.d]# ls
myserver.conf myserver-gzip.cfg myserver-status.cfg
[root@k8s-master configmap]# kubectl create configmap nginx-config-files --from-file=./nginx-conf.d/
configmap/nginx-config-file created
[root@k8s-master configmap]# kubectl get cm
NAME DATA AGE
demoapp-config 2 21h
my-grafana 1 35d
my-grafana-test 1 35d
nginx-config 2 18m
nginx-config-files 3 3s #3个数据项
[root@k8s-master nginx-conf.d]# kubectl get cm nginx-config-files -o yaml
apiVersion: v1
data:
myserver-gzip.cfg: |
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
myserver-status.cfg: |
location /nginx-status {
stub_status on;
access_log off;
}
myserver.conf: |
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
kind: ConfigMap
metadata:
creationTimestamp: "2021-08-06T08:02:34Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:myserver-gzip.cfg: {}
f:myserver-status.cfg: {}
f:myserver.conf: {}
manager: kubectl-create
operation: Update
time: "2021-08-06T08:02:34Z"
name: nginx-config-files
namespace: default
resourceVersion: "7177123"
selfLink: /api/v1/namespaces/default/configmaps/nginx-config-files
uid: 2fd21dc3-5e61-4413-bcd5-35337b1ce286
示例2: configMap引用
[root@k8s-master configmap]# cat configmaps-env-demo.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: demoapp-config
namespace: default
data:
demoapp.port: "8080"
demoapp.host: 0.0.0.0
---
apiVersion: v1
kind: Pod
metadata:
name: configmaps-env-demo
namespace: default
spec:
containers:
- image: ikubernetes/demoapp:v1.0
name: demoapp
env:
- name: PORT
valueFrom:
configMapKeyRef: #引用configMap 键值
name: demoapp-config
key: demoapp.port
optional: false #是否为可有可无项 false 为必选项
- name: HOST
valueFrom:
configMapKeyRef:
name: demoapp-config
key: demoapp.host
optional: true #是否可有可无 ture 非必选项
[root@k8s-master configmap]# kubectl apply -f configmaps-env-demo.yaml
[root@k8s-master configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
centos-deployment-66d8cd5f8b-95brg 1/1 Running 0 46h
configmaps-env-demo 1/1 Running 0 118s
my-grafana-7d788c5479-bpztz 1/1 Running 1 46h
volumes-pvc-longhorn-demo 1/1 Running 0 27h
[root@k8s-master comfigmap]# kubectl exec configmaps-env-demo -- netstat -tnl #查看配置是否生效
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
[root@k8s-master configmap]# cat configmaps-volume-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmaps-volume-demo
namespace: default
spec:
containers:
- image: nginx:alpine
name: nginx-server
volumeMounts:
- name: ngxconfs
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes :
- name: ngxconfs
configMap:
name: nginx-config-files #引用前面定义的configmap
optional: false
[root@k8s-master configmap]# kubectl get pod
NAME READY STATUS RESTARTS AGE
centos-deployment-66d8cd5f8b-95brg 1/1 Running 0 46h
configmaps-env-demo 1/1 Running 0 35m
configmaps-volume-demo 1/1 Running 0 6m8s
my-grafana-7d788c5479-bpztz 1/1 Running 1 46h
volumes-pvc-longhorn-demo 1/1 Running 0 28h
[root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh
/ # nginx -T
......
# configuration file /etc/nginx/conf.d/myserver.conf: #看容器配置文件是否加载configmap配置
server {
listen 8080;
server_name www.ik8s.io;
include /etc/nginx/conf.d/myserver-*.cfg;
location / {
root /usr/share/nginx/html;
}
}
# configuration file /etc/nginx/conf.d/myserver-gzip.cfg:
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
# configuration file /etc/nginx/conf.d/myserver-status.cfg:
location /nginx-status {
stub_status on;
access_log off;
}
[root@k8s-master configmap]# kubectl get pods configmaps-volume-demo -o go-template={{.status.podIP}}
10.244.1.177
[root@k8s-master configmap]# curl 10.244.1.177:8080 #默认页面
...
Welcome to nginx!
[root@k8s-master configmap]# curl -H "Host:www.ik8s.io" 10.244.1.177:8080/nginx-status #自定义页面
Active connections: 1
server accepts handled requests
2 2 2
Reading: 0 Writing: 1 Waiting: 0
挂载configMap一部分资源时有两种方法
1.挂载卷时通过items:参数 指定允许输出到卷的键
2.在容器挂载卷时,指定挂载哪些卷
示例3 configMap items:指定输出key
1.挂载卷时通过items:参数 指定允许输出到卷的键
[root@k8s-master configmap]# ls demoapp-conf.d/ #3个配置文件
envoy.yaml lds.conf myserver.conf
[root@k8s-master configmap]# cat demoapp-conf.d/envoy.yaml
node:
id: sidecar-proxy
cluster: demoapp-cluster
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
dynamic_resources:
lds_config:
path: '/etc/envoy/lds.conf'
static_resources:
clusters:
- name: local_service
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: local_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 8080
[root@k8s-master configmap]# cat demoapp-conf.d/lds.conf
{
"version_info": "0",
"resources": [
{
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "listener_0",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 80
}
},
"filter_chains": [
{
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"stat_prefix": "ingress_http",
"codec_type": "AUTO",
"route_config": {
"name": "local_route",
"virtual_hosts": [
{
"name": "local_service",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "local_service"
}
}
]
}
]
},
"http_filters": [
{
"name": "envoy.router"
}
]
}
}
]
}
]
}
]
}
[root@k8s-master configmap]# cat configmaps-volume-demo2.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmaps-volume-demo2
namespace: default
spec:
containers:
- name: proxy
image: envoyproxy/envoy-alpine:v1.14.1
command: ['/bin/sh','-c','envoy -c /etc/envoy/..data/envoy.yaml']
volumeMounts:
- name: appconfs #通过挂载卷引用comfigmap
mountPath: /etc/envoy
readOnly: true
- name: demo
image: ikubernetes/demoapp:v1.0
imagePullPolicy: IfNotPresent
env: #通过环境变量引用 但这里引用的comfigmap文件中并没有定义
- name: PORT
valueFrom:
configMapKeyRef:
name: demoapp-confs
key: demoapp.port
optional: false
- name: HOST
valueFrom:
configMapKeyRef:
name: demoapp-confs
key: demoapp.host
optional: true
volumes:
- name: appconfs
configMap:
name: demoapp-confs #这里只引用的2个文件
items: #默认只允许哪些键 输出给存储卷
- key: envoy.yaml #挂载的键名
path: envoy.yaml #挂载的文件名 可以和上面不一样
mode: 0644 #挂载后的权限
- key: lds.conf
path: lds.conf
mode: 0644
optional: false
[root@k8s-master configmap]# kubectl create cm demoapp-confs --from-literal=demoapp.host=127.0.0.1 --from-literal=demoapp.port="8080" --from-file=./demoapp-conf.d/ #创建时定义demoapp.host、demoapp.port
[root@k8s-master ~]# kubectl describe cm demoapp-confs
Name: demoapp-confs
Namespace: default
Labels:
Annotations:
Data
====
demoapp.host:
----
127.0.0.1
demoapp.port:
----
8080
envoy.yaml:
----
node:
id: sidecar-proxy
cluster: demoapp-cluster
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
dynamic_resources:
lds_config:
path: '/etc/envoy/lds.conf'
static_resources:
clusters:
- name: local_service
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: local_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 127.0.0.1
port_value: 8080
lds.conf:
----
{
"version_info": "0",
"resources": [
{
"@type": "type.googleapis.com/envoy.api.v2.Listener",
"name": "listener_0",
"address": {
"socket_address": {
"address": "0.0.0.0",
"port_value": 80
}
},
"filter_chains": [
{
"filters": [
{
"name": "envoy.http_connection_manager",
"config": {
"stat_prefix": "ingress_http",
"codec_type": "AUTO",
"route_config": {
"name": "local_route",
"virtual_hosts": [
{
"name": "local_service",
"domains": [
"*"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "local_service"
}
}
]
}
]
},
"http_filters": [
{
"name": "envoy.router"
}
]
}
}
]
}
]
}
]
}
Events:
[root@k8s-master configmap]# kubectl apply -f configmaps-volume-demo2.yaml
pod/configmaps-volume-demo2 created
[root@k8s-master ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
configmaps-volume-demo 1/1 Running 0 6h47m 10.244.1.177 k8s-node1
configmaps-volume-demo2 2/2 Running 0 35m 10.244.1.182 k8s-node1
my-grafana-7d788c5479-bpztz 1/1 Running 1 2d5h 10.244.2.120 k8s-node2
volumes-pvc-longhorn-demo 1/1 Running 0 35h 10.244.2.124 k8s-node2
[root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c demo -- netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9901 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1/python3
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
[root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c proxy -- netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9901 0.0.0.0:* LISTEN 1/envoy
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/envoy
[root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c proxy -- ls /etc/envoy
envoy.yaml
lds.conf
示例4: configMap subPath挂载指定键
2.在容器挂载卷时,指定挂载哪些键
[root@k8s-master configmap]# cat configmaps-volume-demo3.yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-volume-demo3
namespace: default
spec:
containers:
- image: nginx:alpine
name: nginx-server
volumeMounts:
- name: ngxconfs
mountPath: /etc/nginx/conf.d/myserver.conf #本机挂载目录
subPath: myserver.conf #挂载configMap中的子项 目录或某个值
readOnly: true
- name: ngxconfs
mountPath: /etc/nginx/conf.d/myserver-gzip.cfg
subPath: myserver-gzip.cfg
readOnly: true
volumes:
- name: ngxconfs
configMap:
name: nginx-config-files #之前示例中已经创建 包含3个DATA数据项
[root@k8s-master configmap]# kubectl apply -f configmaps-volume-demo3.yaml
pod/configmap-volume-demo3 created
[root@k8s-master configmap]# kubectl exec configmap-volume-demo3 -it -- /bin/sh #只引用了其中2项数据
/ # ls /etc/nginx/conf.d/
default.conf myserver-gzip.cfg myserver.conf
configMap 文件的引用、重载
[root@k8s-master configmap]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
centos-deployment-66d8cd5f8b-95brg 1/1 Running 0 2d18h 10.244.2.117 k8s-node2
configmap-volume-demo3 1/1 Running 0 11m 10.244.1.186 k8s-node1
configmaps-env-demo 1/1 Running 0 20h 10.244.1.173 k8s-node1
configmaps-volume-demo 1/1 Running 0 19h 10.244.1.177 k8s-node1
configmaps-volume-demo2 2/2 Running 0 13h 10.244.1.182 k8s-node1
my-grafana-7d788c5479-bpztz 1/1 Running 1 2d18h 10.244.2.120 k8s-node2
volumes-pvc-longhorn-demo 1/1 Running 0 2d 10.244.2.124 k8s-node2
[root@k8s-master configmap]# curl -H "Host:www.ik8s.io" 10.244.1.177:8080/nginx-status
Active connections: 1
server accepts handled requests
4 4 4
Reading: 0 Writing: 1 Waiting: 0
[root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls -lA #引用的comfigMap实际指向是一个隐藏时间戳文件
total 0
drwxr-xr-x 2 root root 79 Aug 6 08:02 ..2021_08_06_08_02_41.172956995
lrwxrwxrwx 1 root root 31 Aug 6 08:02 ..data -> ..2021_08_06_08_02_41.172956995
lrwxrwxrwx 1 root root 24 Aug 6 08:02 myserver-gzip.cfg -> ..data/myserver-gzip.cfg
lrwxrwxrwx 1 root root 26 Aug 6 08:02 myserver-status.cfg -> ..data/myserver-status.cfg
lrwxrwxrwx 1 root root 20 Aug 6 08:02 myserver.conf -> ..data/myserver.conf
/etc/nginx/conf.d # cd ..data/ #里面才是真实的配置文件
/etc/nginx/conf.d/..2021_08_06_08_02_41.172956995 # ls
myserver-gzip.cfg myserver-status.cfg myserver.conf
/etc/nginx/conf.d # exit
[root@k8s-master configmap]# kubectl get cm
NAME DATA AGE
demoapp-config 4 42h
demoapp-confs 4 13h
nginx-config 2 21h
nginx-config-files 3 19h
[root@k8s-master configmap]# kubectl edit cm nginx-config-files #修改对应的configMap
apiVersion: v1
data:
myserver-gzip.cfg: |
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
myserver-status.cfg: |
location /nginx-status {
stub_status on;
access_log off;
allow 127.0.0.0/8; #随便添加2行配置
deny all;
}
...
configmap/nginx-config-files edited
[root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh
/ # cd /etc/nginx/conf.d/..
..2021_08_06_08_02_41.172956995/ ..data/
/ # cd /etc/nginx/conf.d/
/etc/nginx/conf.d # ls -lA
total 0
drwxr-xr-x 2 root root 79 Aug 7 03:58 ..2021_08_07_03_58_59.548609753
lrwxrwxrwx 1 root root 31 Aug 7 03:58 ..data -> ..2021_08_07_03_58_59.548609753 #链接的时间戳文件已经发生改变 重载的时间会在短时间内随机生成 并不是所有Pod同一时间重载
lrwxrwxrwx 1 root root 24 Aug 6 08:02 myserver-gzip.cfg -> ..data/myserver-gzip.cfg
lrwxrwxrwx 1 root root 26 Aug 6 08:02 myserver-status.cfg -> ..data/myserver-status.cfg
lrwxrwxrwx 1 root root 20 Aug 6 08:02 myserver.conf -> ..data/myserver.conf
/ # nginx -T #应用是否支持热加载和自动重载需要看具体的应用,一般云原生应用都会支持热加载当检测到配置有更新之后会自动重载,一般非原生应用可能需要重启Pod
# configuration file /etc/nginx/conf.d/myserver-gzip.cfg:
gzip on;
gzip_comp_level 5;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/xml text/javascript;
# configuration file /etc/nginx/conf.d/myserver-status.cfg:
location /nginx-status {
stub_status on;
access_log off;
allow 127.0.0.0/8;
deny all;
}
/etc/nginx/conf.d # exit