应用部署的最佳实践是将应用所需的配置信息与程序进行分离,这样可以是应用程序被更好的复用,通过不同的配置也能实现更灵活的功能。
ConfigMap供容器使用的典型用法如下:
1 生成为容器内的环境变量
2 设置容器启动命令的启动参数(需设置为环境变量)
3 以volume的形式挂载为容器内部的文件或目录
创建ConfigMap资源对象
1 通过YAML配置文件方式创建(不演示!)
2 通过kubeclt命令行方式创建
2.1 从目录创建
当--from-file指向一个目录,该目录中的文件名将直接用于填充ConfigMap中的key,key的值是这个文件的内容
[root@k8s-master configfiles]# pwd /root/configfiles [root@k8s-master configfiles]# ll 总用量 8 -rw-r--r--. 1 root root 570 3月 25 06:21 my.cnf -rw-r--r--. 1 root root 2848 3月 25 06:23 nginx.conf
[root@k8s-master configfiles]# kubectl create configmap test1 --from-file /root/configfiles/ configmap/test1 created
kubectl describe configmap test1 查看详情
[root@k8s-master configfiles]# kubectl describe configmap test1 Name: test1 Namespace: default Labels: <none> Annotations: <none> Data ==== my.cnf: ---- [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # # include all files from the config directory # !includedir /etc/my.cnf.d nginx.conf: ---- #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s; limit_conn_zone $binary_remote_addr zone=addr:10m; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; limit_conn addr 1; limit_rate 10k; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; #limit_req zone=one burst=5 nodelay; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} } Events: <none>
2.2 从文件创建
通过--from-file从文件创建,可以指定key的名称,也可以在一个命令行中创建包含多个key的ConfigMap
[root@k8s-master configfiles]# kubectl create configmap test2 --from-file=my.cnf --from-file=nginx.conf configmap/test2 created
在pod中使用configMap
1 通过环境变量方式使用ConfigMap
vim cm-test-pod.yaml
根据test1中的key=value自动生成环境变量
apiVersion: v1
kind: Pod
metadata:
name: cm-test-pod
spec:
containers:
- name: cm-test
image: busybox
command: ["/bin/sh","-c","env"]
envFrom:
- configMapRef:
name: test1
restartPolicy: Never
[root@k8s-master ~]# kubectl create -f cm-test-pod.yaml pod/cm-test-pod created
查看该pod的日志,打印出的环境变量 command: ["/bin/sh","-c","env"]
[root@k8s-master ~]# kubectl logs cm-test-pod KUBERNETES_SERVICE_PORT=443 KUBERNETES_PORT=tcp://10.96.0.1:443 HOSTNAME=cm-test-pod SHLVL=1 HOME=/root nginx.conf= 这是key 下面是value #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info;
。。。
2 通过volumeMount使用ConfigMap
vim cm-test-app.yaml
apiVersion: v1
kind: Pod
metadata:
name: cm-test-app
spec:
containers:
- name: cm-test-app
image: kubeguide/tomcat-app:v1
imagePullPolicy: Never
ports:
- containerPort: 8080
volumeMounts:
- name: myconf #引用volume的名称
mountPath: /configfiles #挂载到容器内的目录
volumes:
- name: myconf #定义volume的名称
configMap:
name: test2 #使用test2 configMap
[root@k8s-master ~]# kubectl create -f cm-test-app.yaml pod/cm-test-app created
登录容器,查看/configfiles目录下的内容
[root@k8s-master ~]# kubectl exec -it cm-test-app /bin/bash root@cm-test-app:/usr/local/tomcat# ls /configfiles/ my.cnf nginx.conf
使用ConfigMap的限制条件
1 configmap必须在pod之前创建
2 configmap受namespace限制,只有处于相同 namespace中的pod才可以引用它
3 静态pod无法使用configmap
