首頁>技術>

k8s之ConfigMap

configmap

是k8s的一個配置管理元件,可以將配置以key-value的形式傳遞,通常用來儲存不需要加密的配置資訊,加密資訊則需用到Secret,主要用來應對以下場景:

1. 使用k8s部署應用,當你將應用配置寫進程式碼中,就會存在一個問題,更新配置時也需要打包映象,configmap可以將配置資訊和docker映象解耦。

2. 使用微服務架構的話,存在多個服務共用配置的情況,如果每個服務中單獨一份配置的話,那麼更新配置就很麻煩,使用configmap可以友好的進行配置共享。

3. ConfigMap用於儲存配置資料的鍵值對,可以用來儲存單個屬性,也可以用來儲存配置檔案。

ConfigMap跟secret很類似,但它可以更方便地處理不包含敏感資訊的字串。比如應用的配置資訊

直接顯示

➜  ~ kubectl explain configmapKIND:     ConfigMapVERSION:  v1DESCRIPTION:     ConfigMap holds configuration data for pods to consume.描述:ConfigMap儲存pod要使用的配置資料

如果有kubectl proxy的話,地址如下

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/configmap/default/istio-ca-root-cert?namespace=default➜  ~ kubectl -n kube-system get configmapNAME                                 DATA   AGEcoredns                              1      100dextension-apiserver-authentication   6      100distio-ca-root-cert                   1      36dkube-proxy                           2      100dkubeadm-config                       2      100dkubelet-config-1.18                  1      100d

下面2個命令獲取目前的onfigmaps,如上也可以指定-n kube-system

➜  ~ kubectl get cmNAME                 DATA   AGEistio-ca-root-cert   1      36d➜  ~ kubectl get configmapsNAME                 DATA   AGEistio-ca-root-cert   1      36d可以檢視其現在的大概配置:kubectl get configmaps istio-ca-root-cert -o yaml
ConfigMap建立

可以使用kubectl create configmap

從檔案、目錄或者key-value字串建立等建立ConfigMap。

可以透過命令kubectl create configmap -h幫助資訊檢視具體的建立

Usage:  kubectl create configmap NAME [--from-file=[key=]source][--from-literal=key1=value1] [--dry-run=server|client|none] [options]
參考官方的:https://www.kubernetes.org.cn/configmap# 從key-value字串建立ConfigMap$ kubectl create configmap special-config --from-literal=special.how=veryconfigmap "special-config" created$ kubectl get configmap special-config -o go-template='{{.data}}'map[special.how:very]# 從env檔案建立$ echo -e "a=b\nc=d" | tee config.enva=bc=d$ kubectl create configmap special-config --from-env-file=config.envconfigmap "special-config" created$ kubectl get configmap special-config -o go-template='{{.data}}'map[a:b c:d]# 從目錄建立$ mkdir config$ echo a>config/a$ echo b>config/b$ kubectl create configmap special-config --from-file=config/configmap "special-config" created$ kubectl get configmap special-config -o go-template='{{.data}}'map[a:a b:b]

現在我直接用命令建立

➜  ~  kubectl create configmap --help  # Create a new configmap named my-config with key1=config1 and key2=config2  kubectl create configmap my-config --from-literal=key1=config1--from-literal=key2=config2➜  ~ kubectl create configmap nginx-nc --from-literal=nginx_port=80 --from-literal=nginx_server=map.snsyr.comconfigmap/nginx-nc created

現在檢視下,23s還很新鮮 哈

➜  ~ kubectl get cmNAME                 DATA   AGEistio-ca-root-cert   1      36dnginx-nc             2      23s

具體再看下其yaml格式

➜  ~  kubectl get cm nginx-nc -o yamlapiVersion: v1data:  nginx_port: "80"  nginx_server: map.snsyr.comkind: ConfigMapmetadata:  creationTimestamp: "2021-01-22T07:19:42Z"  managedFields:  - apiVersion: v1    fieldsType: FieldsV1    fieldsV1:      f:data:        .: {}        f:nginx_port: {}        f:nginx_server: {}    manager: kubectl-create    operation: Update    time: "2021-01-22T07:19:42Z"  name: nginx-nc  namespace: default  resourceVersion: "991620"  selfLink: /api/v1/namespaces/default/configmaps/nginx-nc  uid: c361edbb-7ed3-4a23-abdb-b4c4abfd3b51

把value以檔案的方式存放,繼續參考配置

準備檔案:大致如下

➜  configmap pwd/Users/lex/Downloads/docker/configmap➜  configmap cat www.confserver {        server_name file.snsyr.com;        port 80;        root /data/web/html;}
Usage:  kubectl create configmap NAME [--from-file=[key=]source][--from-literal=key1=value1] [--dry-run=server|client|none] [options]Use "kubectl options" for a list of global command-line options (applies to allcommands).➜  configmap pwd/Users/lex/Downloads/docker/configmap➜  configmap kubectl create configmap nginx-cm-from-file --from-file=./www.confconfigmap/nginx-cm-from-file created

檢視下這個nginx-cm-from-file

➜  configmap  kubectl get cmNAME                 DATA   AGEistio-ca-root-cert   1      36dnginx-cm-from-file   1      15snginx-nc             2      8m32s

具體再看下其yaml格式

➜  configmap kubectl get cm nginx-cm-from-file -o yamlapiVersion: v1data:  www.conf: |    server {            server_name file.snsyr.com;            port 80;            root /data/web/html;    }kind: ConfigMapmetadata:  creationTimestamp: "2021-01-22T07:27:59Z"  managedFields:  - apiVersion: v1    fieldsType: FieldsV1    fieldsV1:      f:data:        .: {}        f:www.conf: {}    manager: kubectl-create    operation: Update    time: "2021-01-22T07:27:59Z"  name: nginx-cm-from-file  namespace: default  resourceVersion: "992679"  selfLink: /api/v1/namespaces/default/configmaps/nginx-cm-from-file  uid: cfc3bc22-cef1-468b-a37b-738b75a3a50f

當然也可以用describe來檢視

➜  kubectl describe cm nginx-ncName:         nginx-ncNamespace:    defaultLabels:       <none>Annotations:  <none>Data====nginx_port:----80nginx_server:----map.snsyr.comEvents:  <none>➜ kubectl describe cm nginx-cm-from-fileName:         nginx-cm-from-fileNamespace:    defaultLabels:       <none>Annotations:  <none>Data====www.conf:----server {        server_name file.snsyr.com;        port 80;        root /data/web/html;}Events:  <none>

從env檔案建立我這裡不模擬了參考官方文件

https://www.kubernetes.org.cn/configmap

ConfigMap使用

ConfigMap可以透過多種方式在Pod中使用,比如設定環境變數、設定容器命令列引數、在Volume中建立配置檔案等。

注意

ConfigMap必須在Pod引用它之前建立

使用envFrom時,將會自動忽略無效的鍵

Pod只能使用同一個名稱空間內的ConfigMap

針對上面的同一個名稱空間內的ConfigMap可以看到我的【Namespace: default】

kubectl get pods -n defaultNAME                              READY   STATUS    RESTARTS   AGEdetails-v1-558b8b4b76-k46f8       2/2     Running   2          17dnginx-app-7fbf4688b7-mgv29        2/2     Running   18         29dnginx-app-7fbf4688b7-ps7qm        2/2     Running   18         29dproductpage-v1-6987489c74-pkpk9   2/2     Running   2          17dpython-app-6f6fd6fb6c-4zwxt       2/2     Running   10         24dpython-app-6f6fd6fb6c-w29n5       2/2     Running   10         24dratings-v1-7dc98c7588-bfvsr       2/2     Running   2          17dreviews-v1-7f99cc4496-rzzm6       2/2     Running   2          17dreviews-v2-7d79d5bd5d-59k87       2/2     Running   2          17dreviews-v3-7dbcdcbc56-jstnw       2/2     Running   2          17d

建立一個pod 關聯剛剛建立的cm

➜  configmap pwd/Users/lex/Downloads/docker/configmap說明下:    image: python:httpd這個我用我以前的image➜  configmap cat cm-1.ymlapiVersion: v1kind: Podmetadata:  name: myapp-cm-1  namespace: default  annotations:    snsyr: "by snsyr"spec:  containers:  - name: myapp-cm-1    image: python:httpd    ports:    - name: http      containerPort: 80    env:    - name: nginx_port      valueFrom:        configMapKeyRef:          name: nginx-nc          key: nginx_port    - name: nginx_server      valueFrom:        configMapKeyRef:          name: nginx-nc          key: nginx_server

然後直接建立:

➜  configmap kubectl apply -f cm-1.ymlpod/myapp-cm-1 created

檢視下剛才建立的pod

➜  configmap kubectl get podsNAME                              READY   STATUS            RESTARTS   AGEdetails-v1-558b8b4b76-k46f8       2/2     Running           2          17dmyapp-cm-1                        0/2     PodInitializing   0          28snginx-app-7fbf4688b7-mgv29        2/2     Running           18         29dnginx-app-7fbf4688b7-ps7qm        2/2     Running           18         29dproductpage-v1-6987489c74-pkpk9   2/2     Running           2          17dpython-app-6f6fd6fb6c-4zwxt       2/2     Running           10         24dpython-app-6f6fd6fb6c-w29n5       2/2     Running           10         24dratings-v1-7dc98c7588-bfvsr       2/2     Running           2          17dreviews-v1-7f99cc4496-rzzm6       2/2     Running           2          17dreviews-v2-7d79d5bd5d-59k87       2/2     Running           2          17dreviews-v3-7dbcdcbc56-jstnw       2/2     Running           2          17d

檢視狀態PodInitializing變成Running之後,進入pod核對下資訊:

kubectl exec -it myapp-cm-1 -- /bin/sh    ➜  kubectl exec -it myapp-cm-1 -- /bin/shDefaulting container name to myapp-cm-1.Use 'kubectl describe pod/myapp-cm-1 -n default' to see all of the containers in this pod.直接檢視環境變數:# env|grep nginx_portnginx_port=80# env|grep nginx_servernginx_server=map.snsyr.com
修改cm環境變數測試看看 pod中的情況 我改成8083

執行命令:

kubectl edit  configmap  nginx-nc完成之後: # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this      file will be # reopened with the relevant failures. # apiVersion: v1 data:   nginx_port: "8083"   nginx_server: map.snsyr.com kind: ConfigMap metadata:   creationTimestamp: "2021-01-22T07:19:42Z"   name: nginx-nc   namespace: default   resourceVersion: "991620"   selfLink: /api/v1/namespaces/default/configmaps/nginx-nc   uid: c361edbb-7ed3-4a23-abdb-b4c4abfd3b51

提示如下

configmap/nginx-nc edited

再次進入pod檢視我的環境變數

➜  configmap kubectl exec -it myapp-cm-1 -- /bin/shDefaulting container name to myapp-cm-1.Use 'kubectl describe pod/myapp-cm-1 -n default' to see all of the containers in this pod.# env|grep nginx_portnginx_port=80# env|grep nginx_servernginx_server=map.snsyr.com

沒有變化:

說明:即使修改了configmap ,pod中的環境變數只會在第一次建立時生效,即使重啟pod也不會生效,後期修改不會生效

測試基於儲存卷的的 pod 引用環境變數是否變化

我的環境中有 image: python:httpd這個映象,所以直接拿來測試

➜  configmap pwd/Users/lex/Downloads/docker/configmap➜  configmap cat volume.yamlapiVersion: v1kind: Podmetadata:  name: myappcentos  namespace: default  annotations:    snsyr: "by snsyr"spec:  containers:  - name: myappcentos    image: python:httpd    ports:    - name: http      containerPort: 80    volumeMounts:    - name: nginx-conf      mountPath: /etc/nginx/conf.d/  volumes:  - name: nginx-conf    configMap:      name: nginx-cm-from-file

啟動:

➜  configmap kubectl apply -f volume.yamlpod/myappcentos created➜  configmap kubectl get podsNAME                              READY   STATUS            RESTARTS   AGEdetails-v1-558b8b4b76-k46f8       2/2     Running           2          17dmyapp-cm-1                        2/2     Running           0          26mmyappcentos                       0/2     PodInitializing   0          25s

檢視狀態:當Init:0/1=PodInitializing等待狀態Running

進入容器檢視 環境變數

➜  configmap kubectl exec -it myappcentos -- /bin/shDefaulting container name to myappcentos.Use 'kubectl describe pod/myappcentos -n default' to see all of the containers in this pod.# ls /etc/nginx/conf.dwww.conf# cat /etc/nginx/conf.d/www.confserver {        server_name file.snsyr.com;        port 80;        root /data/web/html;}

現在在外部嘗試修改configmap 的埠為8080

➜  ~ kubectl edit cm nginx-cm-from-fileconfigmap/nginx-cm-from-file edited # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this      file will be # reopened with the relevant failures. # apiVersion: v1 data:   www.conf: |     server {             server_name file.snsyr.com;             port 8080;             root /data/web/html;     } kind: ConfigMap metadata:   creationTimestamp: "2021-01-22T07:27:59Z"   name: nginx-cm-from-file   namespace: default   resourceVersion: "992679"   selfLink: /api/v1/namespaces/default/configmaps/nginx-cm-from-file   uid: cfc3bc22-cef1-468b-a37b-738b75a3a50f

再次進入容器檢視環境變數,已經動態改變

➜  configmap kubectl exec -it myappcentos -- /bin/shDefaulting container name to myappcentos.Use 'kubectl describe pod/myappcentos -n default' to see all of the containers in this pod.# cat /etc/nginx/conf.d/www.confserver {        server_name file.snsyr.com;        port 8080;        root /data/web/html;}

綜上:詳細的測試參考:

https://www.kubernetes.org.cn/configmap

14
最新評論

相關內容

  • BSA-TRITC(10mg/ml) TRITC-BSA 牛血清白蛋白改性標記羅丹明
  • 複製自身/加密/刪除/更改/登錄檔項/副檔名(C語言基礎)