前言
核心资源类型存储卷,pv、pvc、sc、csi(longhorn)
特殊类型的插件:configmap、secret、downwardapi
如何为容器化应用提供配置信息:
- 启动容器时,直接向应用程序传递参数,args: []
- 将定义好的配置文件焙进镜像之中;
- 通过环境变量向容器传递配置数据:有个前提要求,应用得支持从环境变量加载配置信息;
制作镜像时,使用entrypoint脚本来预处理变量,常见的做法就是使用非交互式编辑工具,将环境变量的值替换到应用的配置文件中; - 基于存储卷向容器传递配置文件;
运行中的改变,需要由应用程序重载;
configmap简介
configmap api资源用来保存key-value pair配置数据,这个数据可以在pods里使用,或者被用来为像controller一样的系统组件存储配置数据。虽然configmap跟secrets类似,但是configmap更方便的处理不含敏感信息的字符串。 注意:configmaps不是属性配置文件的替代品。configmaps只是作为多个properties文件的引用。你可以把它理解为linux系统中的/etc目录,专门用来存储配置文件的目录。
configmap 通过env环境变量引用
通过环境变量的配置容器化应用时,需要在容器配置段中嵌套使用env字段,它的值是一个由环境变量构建的列表。每个环项变量通常由name和value(或valuefron)字段构成
- name <string>:环境变量的名称,必选字段;
- value <string>:环境变量的值,通过 $(var_name)引用,逃逸格式为“$$(var_name)" 默认值为空;
- valuefrom <object> ∶环境变量值的引用源,例如当前pod资源的名称、名称空间、标签等,不能与非空值的value字段同时使用,即环境变量的值要么源于value字段,要么源于valufron字段,二者不可同时提供数据。
- valuefron: 字段可引用的值有多种来源,包括当前pod资源的属性值,容器相关的系统资源配置、configmap对象中的key以及secret对象中的key,它们分别要使用不同的嵌套字段进行定义。
- fieldref <bject>:当前pod资源的指定字段,目前支持使用的字段包括metadata.mime、metadata.namespce、 metadata.labels、metadeta.annotations、spesc.nodename、spec.serviceaccountname、status.hostip和status.podip等;
- configmapkeyref <object>: configmap对象中的特定key;
- secretkeyref<object>: secret对象中的特定key;
- resourcefieldref <object>: 当前容器的特定系统资源的最小值(配额)或最大值《限额),目前支持的引用包括 limits.cpu. limits.memory、limits.ephemeral-storage. requests.cpu、reuests.memory和requests.ephemeral-storage
[root@k8s-master ~]# kubectl create configmap --help #查看示例 ... examples: # create a new configmap named my-config based on folder bar kubectl create configmap my-config --from-file=path/to/bar # create a new configmap named my-config with specified keys instead of file basenames on disk kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt # create a new configmap named my-config with key1=config1 and key2=config2 kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2 # create a new configmap named my-config from the key=value pairs in the file kubectl create configmap my-config --from-file=path/to/bar # create a new configmap named my-config from an env file kubectl create configmap my-config --from-env-file=path/to/bar.env options: --allow-missing-template-keys=true: if true, ignore any errors in templates when a field or map key is missing in ...
示例1:comfigmap创建
[root@k8s-master nginx-conf.d]# cat myserver.conf server { listen 8080; server_name www.ik8s.io; include /etc/nginx/conf.d/myserver-*.cfg; location / { root /usr/share/nginx/html; } } [root@k8s-master nginx-conf.d]# cat myserver-gzip.cfg gzip on; gzip_comp_level 5; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/xml text/javascript; [root@k8s-master nginx-conf.d]# cat myserver-status.cfg location /nginx-status { stub_status on; access_log off; } [root@k8s-master nginx-conf.d]# ls #一共3个配置文件 myserver.conf myserver-gzip.cfg myserver-status.cfg [root@k8s-master ~]# kubectl create configmap demoapp-config --from-literal=host=0.0.0.0 --from-literal=port=8080 #创建host=0.0.0.0、literal=port=8080为两个val configmap/demoapp-config created [root@k8s-master ~]# kubectl get cm name data age demoapp-config 2 5s #可以看到data为2 2个数据项 my-grafana 1 34d my-grafana-test 1 34d [root@k8s-master ~]# kubectl describe cm demoapp-config name: demoapp-config namespace: default labels: <none> annotations: <none> data ==== port: #数据项1 port:8080 ---- 8080 host: #数据项2 host: 0.0.0. ---- 0.0.0.0 events: <none> [root@k8s-master ~]# kubectl get cm demoapp-config -o yaml apiversion: v1 data: host: 0.0.0.0 port: "8080" kind: configmap metadata: creationtimestamp: "2021-08-05t09:16:15z" managedfields: - apiversion: v1 fieldstype: fieldsv1 fieldsv1: f:data: .: {} f:host: {} f:port: {} manager: kubectl-create operation: update time: "2021-08-05t09:16:15z" name: demoapp-config namespace: default resourceversion: "6906130" selflink: /api/v1/namespaces/default/configmaps/demoapp-config uid: 625c38a9-02bc-43c7-b351-b2ce7387cab7 [root@k8s-master nginx-conf.d]# kubectl create configmap nginx-config --from-file=./myserver.conf --from-file=status.cfg=./myserver-status.cfg #创建2个数据项指定文件,默认以文件名为键名 第2个文件指定status.cfg为键名 configmap/nginx-config created [root@k8s-master nginx-conf.d]# kubectl get cm name data age demoapp-config 2 18m my-grafana 1 34d my-grafana-test 1 34d nginx-config 2 17s [root@k8s-master nginx-conf.d]# kubectl get cm nginx-config -o yaml apiversion: v1 data: myserver.conf: | # |为多行键值分隔符 为了保存多行数据使用了|和缩进 server { listen 8080; server_name www.ik8s.io; include /etc/nginx/conf.d/myserver-*.cfg; location / { root /usr/share/nginx/html; } } status.cfg: | location /nginx-status { stub_status on; access_log off; } kind: configmap metadata: creationtimestamp: "2021-08-06t06:35:41z" managedfields: - apiversion: v1 fieldstype: fieldsv1 fieldsv1: f:data: .: {} f:myserver.conf: {} f:status.cfg: {} manager: kubectl-create operation: update time: "2021-08-06t06:35:41z" name: nginx-config namespace: default resourceversion: "7159858" selflink: /api/v1/namespaces/default/configmaps/nginx-config uid: 8dbd637a-fb23-447a-8bb5-9e722d7e871d [root@k8s-master nginx-conf.d]# ls myserver.conf myserver-gzip.cfg myserver-status.cfg [root@k8s-master configmap]# kubectl create configmap nginx-config-files --from-file=./nginx-conf.d/ configmap/nginx-config-file created [root@k8s-master configmap]# kubectl get cm name data age demoapp-config 2 21h my-grafana 1 35d my-grafana-test 1 35d nginx-config 2 18m nginx-config-files 3 3s #3个数据项 [root@k8s-master nginx-conf.d]# kubectl get cm nginx-config-files -o yaml apiversion: v1 data: myserver-gzip.cfg: | gzip on; gzip_comp_level 5; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/xml text/javascript; myserver-status.cfg: | location /nginx-status { stub_status on; access_log off; } myserver.conf: | server { listen 8080; server_name www.ik8s.io; include /etc/nginx/conf.d/myserver-*.cfg; location / { root /usr/share/nginx/html; } } kind: configmap metadata: creationtimestamp: "2021-08-06t08:02:34z" managedfields: - apiversion: v1 fieldstype: fieldsv1 fieldsv1: f:data: .: {} f:myserver-gzip.cfg: {} f:myserver-status.cfg: {} f:myserver.conf: {} manager: kubectl-create operation: update time: "2021-08-06t08:02:34z" name: nginx-config-files namespace: default resourceversion: "7177123" selflink: /api/v1/namespaces/default/configmaps/nginx-config-files uid: 2fd21dc3-5e61-4413-bcd5-35337b1ce286
示例2: configmap引用
[root@k8s-master configmap]# cat configmaps-env-demo.yaml apiversion: v1 kind: configmap metadata: name: demoapp-config namespace: default data: demoapp.port: "8080" demoapp.host: 0.0.0.0 --- apiversion: v1 kind: pod metadata: name: configmaps-env-demo namespace: default spec: containers: - image: ikubernetes/demoapp:v1.0 name: demoapp env: - name: port valuefrom: configmapkeyref: #引用configmap 键值 name: demoapp-config key: demoapp.port optional: false #是否为可有可无项 false 为必选项 - name: host valuefrom: configmapkeyref: name: demoapp-config key: demoapp.host optional: true #是否可有可无 ture 非必选项 [root@k8s-master configmap]# kubectl apply -f configmaps-env-demo.yaml [root@k8s-master configmap]# kubectl get pod name ready status restarts age centos-deployment-66d8cd5f8b-95brg 1/1 running 0 46h configmaps-env-demo 1/1 running 0 118s my-grafana-7d788c5479-bpztz 1/1 running 1 46h volumes-pvc-longhorn-demo 1/1 running 0 27h [root@k8s-master comfigmap]# kubectl exec configmaps-env-demo -- netstat -tnl #查看配置是否生效 active internet connections (only servers) proto recv-q send-q local address foreign address state tcp 0 0 0.0.0.0:8080 0.0.0.0:* listen [root@k8s-master configmap]# cat configmaps-volume-demo.yaml apiversion: v1 kind: pod metadata: name: configmaps-volume-demo namespace: default spec: containers: - image: nginx:alpine name: nginx-server volumemounts: - name: ngxconfs mountpath: /etc/nginx/conf.d/ readonly: true volumes : - name: ngxconfs configmap: name: nginx-config-files #引用前面定义的configmap optional: false [root@k8s-master configmap]# kubectl get pod name ready status restarts age centos-deployment-66d8cd5f8b-95brg 1/1 running 0 46h configmaps-env-demo 1/1 running 0 35m configmaps-volume-demo 1/1 running 0 6m8s my-grafana-7d788c5479-bpztz 1/1 running 1 46h volumes-pvc-longhorn-demo 1/1 running 0 28h [root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh / # nginx -t ...... # configuration file /etc/nginx/conf.d/myserver.conf: #看容器配置文件是否加载configmap配置 server { listen 8080; server_name www.ik8s.io; include /etc/nginx/conf.d/myserver-*.cfg; location / { root /usr/share/nginx/html; } } # configuration file /etc/nginx/conf.d/myserver-gzip.cfg: gzip on; gzip_comp_level 5; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/xml text/javascript; # configuration file /etc/nginx/conf.d/myserver-status.cfg: location /nginx-status { stub_status on; access_log off; } [root@k8s-master configmap]# kubectl get pods configmaps-volume-demo -o go-template={{.status.podip}} 10.244.1.177 [root@k8s-master configmap]# curl 10.244.1.177:8080 #默认页面 ... <h1>welcome to nginx!</h1> [root@k8s-master configmap]# curl -h "host:www.ik8s.io" 10.244.1.177:8080/nginx-status #自定义页面 active connections: 1 server accepts handled requests 2 2 2 reading: 0 writing: 1 waiting: 0
挂载configmap一部分资源时有两种方法
1.挂载卷时通过items:参数 指定允许输出到卷的键
2.在容器挂载卷时,指定挂载哪些卷
示例3 configmap items:指定输出key
1.挂载卷时通过items:参数 指定允许输出到卷的键
[root@k8s-master configmap]# ls demoapp-conf.d/ #3个配置文件 envoy.yaml lds.conf myserver.conf [root@k8s-master configmap]# cat demoapp-conf.d/envoy.yaml node: id: sidecar-proxy cluster: demoapp-cluster admin: access_log_path: /tmp/admin_access.log address: socket_address: { address: 0.0.0.0, port_value: 9901 } dynamic_resources: lds_config: path: '/etc/envoy/lds.conf' static_resources: clusters: - name: local_service connect_timeout: 0.25s type: static lb_policy: round_robin load_assignment: cluster_name: local_service endpoints: - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 8080 [root@k8s-master configmap]# cat demoapp-conf.d/lds.conf { "version_info": "0", "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.listener", "name": "listener_0", "address": { "socket_address": { "address": "0.0.0.0", "port_value": 80 } }, "filter_chains": [ { "filters": [ { "name": "envoy.http_connection_manager", "config": { "stat_prefix": "ingress_http", "codec_type": "auto", "route_config": { "name": "local_route", "virtual_hosts": [ { "name": "local_service", "domains": [ "*" ], "routes": [ { "match": { "prefix": "/" }, "route": { "cluster": "local_service" } } ] } ] }, "http_filters": [ { "name": "envoy.router" } ] } } ] } ] } ] } [root@k8s-master configmap]# cat configmaps-volume-demo2.yaml apiversion: v1 kind: pod metadata: name: configmaps-volume-demo2 namespace: default spec: containers: - name: proxy image: envoyproxy/envoy-alpine:v1.14.1 command: ['/bin/sh','-c','envoy -c /etc/envoy/..data/envoy.yaml'] volumemounts: - name: appconfs #通过挂载卷引用comfigmap mountpath: /etc/envoy readonly: true - name: demo image: ikubernetes/demoapp:v1.0 imagepullpolicy: ifnotpresent env: #通过环境变量引用 但这里引用的comfigmap文件中并没有定义 - name: port valuefrom: configmapkeyref: name: demoapp-confs key: demoapp.port optional: false - name: host valuefrom: configmapkeyref: name: demoapp-confs key: demoapp.host optional: true volumes: - name: appconfs configmap: name: demoapp-confs #这里只引用的2个文件 items: #默认只允许哪些键 输出给存储卷 - key: envoy.yaml #挂载的键名 path: envoy.yaml #挂载的文件名 可以和上面不一样 mode: 0644 #挂载后的权限 - key: lds.conf path: lds.conf mode: 0644 optional: false [root@k8s-master configmap]# kubectl create cm demoapp-confs --from-literal=demoapp.host=127.0.0.1 --from-literal=demoapp.port="8080" --from-file=./demoapp-conf.d/ #创建时定义demoapp.host、demoapp.port [root@k8s-master ~]# kubectl describe cm demoapp-confs name: demoapp-confs namespace: default labels: <none> annotations: <none> data ==== demoapp.host: ---- 127.0.0.1 demoapp.port: ---- 8080 envoy.yaml: ---- node: id: sidecar-proxy cluster: demoapp-cluster admin: access_log_path: /tmp/admin_access.log address: socket_address: { address: 0.0.0.0, port_value: 9901 } dynamic_resources: lds_config: path: '/etc/envoy/lds.conf' static_resources: clusters: - name: local_service connect_timeout: 0.25s type: static lb_policy: round_robin load_assignment: cluster_name: local_service endpoints: - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 8080 lds.conf: ---- { "version_info": "0", "resources": [ { "@type": "type.googleapis.com/envoy.api.v2.listener", "name": "listener_0", "address": { "socket_address": { "address": "0.0.0.0", "port_value": 80 } }, "filter_chains": [ { "filters": [ { "name": "envoy.http_connection_manager", "config": { "stat_prefix": "ingress_http", "codec_type": "auto", "route_config": { "name": "local_route", "virtual_hosts": [ { "name": "local_service", "domains": [ "*" ], "routes": [ { "match": { "prefix": "/" }, "route": { "cluster": "local_service" } } ] } ] }, "http_filters": [ { "name": "envoy.router" } ] } } ] } ] } ] } events: <none> [root@k8s-master configmap]# kubectl apply -f configmaps-volume-demo2.yaml pod/configmaps-volume-demo2 created [root@k8s-master ~]# kubectl get pod -o wide name ready status restarts age ip node nominated node readiness gates configmaps-volume-demo 1/1 running 0 6h47m 10.244.1.177 k8s-node1 <none> <none> configmaps-volume-demo2 2/2 running 0 35m 10.244.1.182 k8s-node1 <none> <none> my-grafana-7d788c5479-bpztz 1/1 running 1 2d5h 10.244.2.120 k8s-node2 <none> <none> volumes-pvc-longhorn-demo 1/1 running 0 35h 10.244.2.124 k8s-node2 <none> <none> [root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c demo -- netstat -tnlp active internet connections (only servers) proto recv-q send-q local address foreign address state pid/program name tcp 0 0 0.0.0.0:9901 0.0.0.0:* listen - tcp 0 0 127.0.0.1:8080 0.0.0.0:* listen 1/python3 tcp 0 0 0.0.0.0:80 0.0.0.0:* listen - [root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c proxy -- netstat -tnlp active internet connections (only servers) proto recv-q send-q local address foreign address state pid/program name tcp 0 0 0.0.0.0:9901 0.0.0.0:* listen 1/envoy tcp 0 0 127.0.0.1:8080 0.0.0.0:* listen - tcp 0 0 0.0.0.0:80 0.0.0.0:* listen 1/envoy [root@k8s-master ~]# kubectl exec configmaps-volume-demo2 -c proxy -- ls /etc/envoy envoy.yaml lds.conf
示例4: configmap subpath挂载指定键
2.在容器挂载卷时,指定挂载哪些键
[root@k8s-master configmap]# cat configmaps-volume-demo3.yaml apiversion: v1 kind: pod metadata: name: configmap-volume-demo3 namespace: default spec: containers: - image: nginx:alpine name: nginx-server volumemounts: - name: ngxconfs mountpath: /etc/nginx/conf.d/myserver.conf #本机挂载目录 subpath: myserver.conf #挂载configmap中的子项 目录或某个值 readonly: true - name: ngxconfs mountpath: /etc/nginx/conf.d/myserver-gzip.cfg subpath: myserver-gzip.cfg readonly: true volumes: - name: ngxconfs configmap: name: nginx-config-files #之前示例中已经创建 包含3个data数据项 [root@k8s-master configmap]# kubectl apply -f configmaps-volume-demo3.yaml pod/configmap-volume-demo3 created [root@k8s-master configmap]# kubectl exec configmap-volume-demo3 -it -- /bin/sh #只引用了其中2项数据 / # ls /etc/nginx/conf.d/ default.conf myserver-gzip.cfg myserver.conf
configmap 文件的引用、重载
[root@k8s-master configmap]# kubectl get pod -o wide name ready status restarts age ip node nominated node readiness gates centos-deployment-66d8cd5f8b-95brg 1/1 running 0 2d18h 10.244.2.117 k8s-node2 <none> <none> configmap-volume-demo3 1/1 running 0 11m 10.244.1.186 k8s-node1 <none> <none> configmaps-env-demo 1/1 running 0 20h 10.244.1.173 k8s-node1 <none> <none> configmaps-volume-demo 1/1 running 0 19h 10.244.1.177 k8s-node1 <none> <none> configmaps-volume-demo2 2/2 running 0 13h 10.244.1.182 k8s-node1 <none> <none> my-grafana-7d788c5479-bpztz 1/1 running 1 2d18h 10.244.2.120 k8s-node2 <none> <none> volumes-pvc-longhorn-demo 1/1 running 0 2d 10.244.2.124 k8s-node2 <none> <none> [root@k8s-master configmap]# curl -h "host:www.ik8s.io" 10.244.1.177:8080/nginx-status active connections: 1 server accepts handled requests 4 4 4 reading: 0 writing: 1 waiting: 0 [root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh / # cd /etc/nginx/conf.d/ /etc/nginx/conf.d # ls -la #引用的comfigmap实际指向是一个隐藏时间戳文件 total 0 drwxr-xr-x 2 root root 79 aug 6 08:02 ..2021_08_06_08_02_41.172956995 lrwxrwxrwx 1 root root 31 aug 6 08:02 ..data -> ..2021_08_06_08_02_41.172956995 lrwxrwxrwx 1 root root 24 aug 6 08:02 myserver-gzip.cfg -> ..data/myserver-gzip.cfg lrwxrwxrwx 1 root root 26 aug 6 08:02 myserver-status.cfg -> ..data/myserver-status.cfg lrwxrwxrwx 1 root root 20 aug 6 08:02 myserver.conf -> ..data/myserver.conf /etc/nginx/conf.d # cd ..data/ #里面才是真实的配置文件 /etc/nginx/conf.d/..2021_08_06_08_02_41.172956995 # ls myserver-gzip.cfg myserver-status.cfg myserver.conf /etc/nginx/conf.d # exit [root@k8s-master configmap]# kubectl get cm name data age demoapp-config 4 42h demoapp-confs 4 13h nginx-config 2 21h nginx-config-files 3 19h [root@k8s-master configmap]# kubectl edit cm nginx-config-files #修改对应的configmap apiversion: v1 data: myserver-gzip.cfg: | gzip on; gzip_comp_level 5; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/xml text/javascript; myserver-status.cfg: | location /nginx-status { stub_status on; access_log off; allow 127.0.0.0/8; #随便添加2行配置 deny all; } ... configmap/nginx-config-files edited [root@k8s-master configmap]# kubectl exec configmaps-volume-demo -it -- /bin/sh / # cd /etc/nginx/conf.d/.. ..2021_08_06_08_02_41.172956995/ ..data/ / # cd /etc/nginx/conf.d/ /etc/nginx/conf.d # ls -la total 0 drwxr-xr-x 2 root root 79 aug 7 03:58 ..2021_08_07_03_58_59.548609753 lrwxrwxrwx 1 root root 31 aug 7 03:58 ..data -> ..2021_08_07_03_58_59.548609753 #链接的时间戳文件已经发生改变 重载的时间会在短时间内随机生成 并不是所有pod同一时间重载 lrwxrwxrwx 1 root root 24 aug 6 08:02 myserver-gzip.cfg -> ..data/myserver-gzip.cfg lrwxrwxrwx 1 root root 26 aug 6 08:02 myserver-status.cfg -> ..data/myserver-status.cfg lrwxrwxrwx 1 root root 20 aug 6 08:02 myserver.conf -> ..data/myserver.conf / # nginx -t #应用是否支持热加载和自动重载需要看具体的应用,一般云原生应用都会支持热加载当检测到配置有更新之后会自动重载,一般非原生应用可能需要重启pod # configuration file /etc/nginx/conf.d/myserver-gzip.cfg: gzip on; gzip_comp_level 5; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/xml text/javascript; # configuration file /etc/nginx/conf.d/myserver-status.cfg: location /nginx-status { stub_status on; access_log off; allow 127.0.0.0/8; deny all; } /etc/nginx/conf.d # exit
以上就是kubernetes volume存储卷configmap学习笔记的详细内容,更多关于kubernetes volume存储卷configmap的资料请关注其它相关文章!