良精网站管理系统,网站策划与制作,wordpress 附件占用id,东莞专业网站设计专业服务1、ConfigMap的配置
1.1 ConfigMap介绍 ConfigMap 是一种 API 对象#xff0c;用来将非机密性的数据保存到键值对中。使用时#xff0c; Pod 可以将其用作环境变量、命令行参数或者存储卷中的配置文件。 ConfigMap 将你的环境配置信息和容器镜像解耦#xff0c;便于应用配…
1、ConfigMap的配置
1.1 ConfigMap介绍 ConfigMap 是一种 API 对象用来将非机密性的数据保存到键值对中。使用时 Pod 可以将其用作环境变量、命令行参数或者存储卷中的配置文件。 ConfigMap 将你的环境配置信息和容器镜像解耦便于应用配置的修改。 注意 ConfigMap 并不提供保密或者加密功能。 如果你想存储的数据是机密的请使用 Secret 或者使用其他第三方工具来保证你的数据的私密性而不是用 ConfigMap。
1.2 ConfigMap 创建
使用 kubectl create configmap -h 查看演示例子
Examples:# Create a new config map named my-config based on folder barkubectl create configmap my-config --from-filepath/to/bar# Create a new config map named my-config with specified keys instead of file basenames on diskkubectl create configmap my-config --from-filekey1/path/to/bar/file1.txt --from-filekey2/path/to/bar/file2.txt# Create a new config map named my-config with key1config1 and key2config2kubectl create configmap my-config --from-literalkey1config1 --from-literalkey2config2# Create a new config map named my-config from the keyvalue pairs in the filekubectl create configmap my-config --from-filepath/to/bar# Create a new config map named my-config from an env filekubectl create configmap my-config --from-env-filepath/to/foo.env --from-env-filepath/to/bar.env1.2.1 查看下k8s已经创建好的configmap
可以看到这个信息是存储的一个key信息
[rootk8s-master configmap]# kubectl get configmaps
NAME DATA AGE
kube-root-ca.crt 1 6d1h[rootk8s-master configmap]# kubectl describe configmaps kube-root-ca.crt
Name: kube-root-ca.crt
Namespace: default
Labels: none
Annotations: kubernetes.io/description:Contains a CA bundle that can be used to verify the kube-apiserver when using internal endpoints such as the internal service IP or kubern...Dataca.crt:
----
-----BEGIN CERTIFICATE-----
MIIC/jCCAeagAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTI0MDIxOTE0MDQyNloXDTM0MDIxNjE0MDQyNlowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL31
nYOmoFp9g1nfaVmuIIRJzwlCU9EGevBi/HnpSpdaW56cGuF1MqVJWhHCUcvN6sA/
9rlXOM7JS1SxNgdO7e3WlW1e5iMTTj63riA5tDcOv8kOPI72vgz026fK75tueW
IxD0VT1SM5fcY0H1bKvlxdr8Wxp57vxqtWX5lkJ71Xgf7Ur0LcXwn7CiADiYAuK
nOMkcJSYAuTeRN1eVfnjB9EvHZ3CFpSBYk2wvjqQwFwECwfoagIY9LvRzAKP6
NOuFXoreLgJ1kOhjGvJJ8G8vDq7483Foy90F/NqVTfy455ii4RMEZz32q5/1il0l
E4n9f2pfsaAUXMU5RUCAwEAAaNZMFcwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFPsTxB9wcuNswaTSxefPqK83boaXMBUGA1UdEQQO
MAyCCmt1YmVybmV0ZXMwDQYJKoZIhvcNAQELBQADggEBAEnbP3FV6/jGmSdR2s9B
CsEGHDAb9rCzE8kwodx2N4jI/upFq0QSgrYDXWpCX/pas3Y2Dp9CGt5b854Vmy
o3wI8FzDMHzeUsaeJlo99tWG2XeJ7tQ4ucgWp11guPHHsCFFtAfwTbWucwjvWh
MAfFXRxH67d0patTpWoC0f4hMNsjCHv4WDrjzLWIh0WIJT41st4YxAwJGeXxah
4ODzXuomahvh36NFkjCPy1VHzYLi3PjQYwggCL2OMrwLe/EdzzA3eZVNDkcsqOi
WEjR2HGjQWdE7nMLRUzlTtxz6AIjBfugyV3a/XSiXaCt5CRSKeLiCCCY58INtMa
JDU
-----END CERTIFICATE-----BinaryData
Events: none1.2.2 指定目录进行创建kubectl create configmap my-config --from-filepath/to/bar
[rootk8s-master configmap]# cat db.properties
user: root
passwd: 123456
host: 127.0.0.1[rootk8s-master configmap]# cat host.properties
k8s-master: 10.10.10.100
k8s-node-01: 10.10.10.177
k8s-node-02: 10.10.10.113[rootk8s-master configmap]# kubectl create configmap my-config-test1 --from-file/root/configmap/
configmap/my-config-test1 created[rootk8s-master configmap]# kubectl describe configmaps my-config-test1
Name: my-config-test1
Namespace: default
Labels: none
Annotations: noneDatadb.properties:
----
user: root
passwd: 123456
host: 127.0.0.1host.properties:
----
k8s-master: 10.10.10.100
k8s-node-01: 10.10.10.177
k8s-node-02: 10.10.10.113BinaryData
Events: none
1.2.3 指定文件进行创建kubectl create configmap my-config --from-filekey1/path/to/bar/file1.txt –from-filekey1/path/to/bar/file1.txt 这里的key1相当于是给指定的这个文件进行改名 [rootk8s-master configmap]# kubectl create configmap my-config-test2 --from-filemykeydb.properties
configmap/my-config-test2 created
[rootk8s-master configmap]# kubectl describe configmaps my-config-test2
Name: my-config-test2
Namespace: default
Labels: none
Annotations: noneDatamykey:
----
user: root
passwd: 123456
host: 127.0.0.1BinaryData
Events: none1.2.4 通过命令行创建kubectl create configmap my-config --from-literalkey1config1 --from-literalkey2config2
[rootk8s-master configmap]# kubectl create configmap my-config-test3 --from-literalnameschool --from-literalidbj
configmap/my-config-test3 created
[rootk8s-master configmap]# kubectl describe configmaps my-config-test3
Name: my-config-test3
Namespace: default
Labels: none
Annotations: noneDataid:
----
bj
name:
----
schoolBinaryData
Events: none
[rootk8s-master configmap]#1.3 ConfigMap的使用
创建一个configmap的资源在创建一个pod把这个configmap的资源加载到pod里。
1.3.1 创建configmap
rootk8s-master configmap]# kubectl create configmap env-test --from-literalJAVA_HOME/usr/local/jdk1.8/ --from-literalName您好~
configmap/env-test created
[rootk8s-master configmap]# kubectl describe configmaps env-test
Name: env-test
Namespace: default
Labels: none
Annotations: noneDataJAVA_HOME:
----
/usr/local/jdk1.8/
Name:
----
您好~BinaryData
Events: none1.3.2 创建pod资源
apiVersion: v1
kind: Pod
metadata:name: test-env-cm
spec:containers:- name: env-testimage: alpineimagePullPolicy: IfNotPresentcommand: [/bin/sh,-c,env ; sleep 3600]env:- name: JAVA_HOME_VMvalueFrom:configMapKeyRef:name: env-test # configmap的名字key: JAVA_HOME # 表示从name的configmap种获取名字为key的value将其赋值给本地环境变量 JAVA_HOME_VM- name: Name_VMvalueFrom:configMapKeyRef:name: env-testkey: NamerestartPolicy: Never[rootk8s-master configmap]# kubectl create -f env-test.yaml
pod/test-env-cm created[rootk8s-master configmap]# kubectl get po
NAME READY STATUS RESTARTS AGE
dns-test 1/1 Running 1 (45h ago) 45h
fluentd-59k8k 1/1 Running 0 27h
fluentd-hhtls 1/1 Running 0 27h
nginx-deploy-fdd948cf4-69b85 1/1 Running 0 23h
nginx-deploy-fdd948cf4-r8ktj 1/1 Running 0 27h
test-env-cm 1/1 Running 0 21s1.3.3 通过日志查看刚才的configmap信息是否在env中 1.3.4 通过volumes 加载configmap
apiVersion: v1
kind: Pod
metadata:name: test-configfile-po
spec:containers:- name: env-testimage: alpineimagePullPolicy: IfNotPresentcommand: [/bin/sh,-c,env ; sleep 3600]env:- name: JAVA_HOME_VMvalueFrom:configMapKeyRef:name: env-test # configmap的名字key: JAVA_HOME # 表示从name的configmap种获取名字为key的value将其赋值给本地环境变量 JAVA_HOME_VM- name: Name_VMvalueFrom:configMapKeyRef:name: env-testkey: NamevolumeMounts: # 加载数据卷- name: db-config # 加载数据卷的名字mountPath: /opt/test/ #将数据卷加载到什么目录readOnly: true # 是否只读volumes: # 数据卷挂载configmap、secret- name: db-config #数据卷的名字随意设置configMap: # 数据卷类型为ConfigMapname: my-config-test1 #configMap的名字必须跟想要加载的configmap相同items: #对configmap中的key进行映射如果不指定默认会讲configmap中所有 key全部转换为一个个同名的文件- key: db.properties # configMap中的keypath: db,properties#将该key的值转换为文件restartPolicy: Never通过以下容器内的文件信息可以看到上文创建的yaml文件中对my-config-test1这个configmap种的iterm进行了定义但是我们的这个configmap配置文件中包含了两个文件iterms中只加载了db并没有加载hosts。容器中的文件只有db没有hosts。 如果不定义itermsname就会加载全部信息。 [rootk8s-master configmap]# kubectl create -f test-file-po.yaml
pod/test-configfile-po created[rootk8s-master configmap]# kubectl get po
NAME READY STATUS RESTARTS AGE
dns-test 1/1 Running 1 (45h ago) 45h
fluentd-59k8k 1/1 Running 0 28h
fluentd-hhtls 1/1 Running 0 28h
nginx-deploy-fdd948cf4-69b85 1/1 Running 0 23h
nginx-deploy-fdd948cf4-r8ktj 1/1 Running 0 27h
test-configfile-po 1/1 Running 0 7s
[rootk8s-master configmap]# kubectl exec -it test-configfile-po -- sh
/ # cd /opt/test/
/opt/test # ll
sh: ll: not found
/opt/test # ls
db,properties
/opt/test # cat db,properties
user: root
passwd: 123456
host: 127.0.0.1
/opt/test # echo $JAVA_HOME_VM
/usr/local/jdk1.8/
/opt/test # echo $Name_Vm/opt/test # echo $Name_VM
您好~2、 加密数据配置Secret
2.1 Secret 介绍
与ConfigMap类似用于存储配置信息但是主要用于存储敏感信息、需要加密的信息Secret可以提供数据加密、解密功能。在创建Secret时要注意如果要加密的字符中包含了有特殊字符需耍使用转义符转移。eg $ 转移后为转移符号\加上$也可以对特殊字符使用单引号描述这样就不需要转义。eg1$289*- 转换为 1$289*-! 场景使用多用于docker镜像私有仓库的使用。加密方式为base64可以通过 “echo “xxxx”| base64 --decode” 解密
2.2 Secret的创建 可以通过查询kubectl create secret -h命令查询secret的创建 [rootk8s-master ~]# kubectl create secret -h
Create a secret using specified subcommand.Available Commands:docker-registry 创建一个给 Docker registry 使用的 Secretgeneric Create a secret from a local file, directory, or literal valuetls 创建一个 TLS secretUsage:kubectl create secret [flags] [options]Use kubectl command --help for more information about a given command.
Use kubectl options for a list of global command-line options (applies to all commands).2.2.1 创建secret资源 通过下面的命令就可以创建secret了。 [rootk8s-master ~]# kubectl create secret -h
Create a secret using specified subcommand.Available Commands:docker-registry 创建一个给 Docker registry 使用的 Secretgeneric Create a secret from a local file, directory, or literal valuetls 创建一个 TLS secretUsage:kubectl create secret [flags] [options]Use kubectl command --help for more information about a given command.
Use kubectl options for a list of global command-line options (applies to all commands).[rootk8s-master ~]# kubectl create secret generic test-secrete --from-literalusernameadmin --from-literalpassword12123421
secret/test-secrete created2.2.2 通过describe查看secret的描述
[rootk8s-master ~]# kubectl describe secrets test-secrete
Name: test-secrete
Namespace: default
Labels: none
Annotations: noneType: OpaqueDatapassword: 8 bytes
username: 5 bytes2.2.3 通过edit 查看secret的信息
k8s-master Ready control-plane 6d14h v1.25.0
# Please edit the object below. Lines beginning with a # will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:password: MTIxMjM0MjEusername: YWRtaW4
kind: Secret
metadata:creationTimestamp: 2024-02-26T04:28:18Zname: test-secretenamespace: defaultresourceVersion: 519877uid: 8c981ce2-7cb2-4030-8fdd-b496ae72a4fa
type: Opaque2.2.4 通过base64反编译这个信息 通过base64 反编译出原信息可以看到这种加密方式不是很安全 [rootk8s-master ~]# echo MTIxMjM0MjE | base64 --decode
12123421[rootk8s-master ~]# echo YWRtaW4 | base64 --decode
admin
2.3 secret的使用
2.3.1 创建一个docke-registry的secret
[rootk8s-master ~]# kubectl create secret docker-registry docker-test-secret --docker-usernamelianhetiyu1949945210135676 --docker-passwordLanhe123456 --docker-emailadmintest.com --docker-serverregistry.cn-hangzhou.aliyuncs.com
secret/docker-test-secret created
[rootk8s-master ~]# kubectl describe sercet docker-test-secret
error: the server doesnt have a resource type sercet
[rootk8s-master ~]# kubectl describe secret docker-test-secret
Name: docker-test-secret
Namespace: default
Labels: none
Annotations: noneType: kubernetes.io/dockerconfigjsonData.dockerconfigjson: 215 bytes[rootk8s-master ~]# kubectl edit secrets test-secrete
Edit cancelled, no changes made.
[rootk8s-master ~]#
# Please edit the object below. Lines beginning with a # will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:.dockerconfigjson: ey89JhdXRocyI6eyJyZWdpc3RyeS5jbi1oYW5nemhvdS5hbGl5dW5jcy5jb20iOnsidXNlcm5hbWUiOiJsaWFuaGV0aXl1X3doZEAxOTQ5OTQ1MjEwMTM1Njc2IiwicGFzc3dvcmQiOiJMYW5oZUAxMjM0NTYiLCJlbWFpbCI6ImFkbWluQHRlc3QuY29tIiwiYXV0aCI6ImJHbGhibWhsZEdsNWRWOTNhR1JBTVRrME9UazBOVEl4TURFek5UWTNOanBNWVc1b1pVQXhNak0wTlRZPSJ9fX0
kind: Secret
metadata:creationTimestamp: 2024-02-26T06:28:49Zname: docker-test-secretnamespace: defaultresourceVersion: 530968uid: d31bb3f3-6111-4848-ab51-a894df2f1be1
type: kubernetes.io/dockerconfigjson2.3.2 创建一个拉取镜像的新pod
apiVersion: v1
kind: Pod
metadata:name: test-configfile-po
spec:imagePullSecrets: # 配置docke仓库docker registry 的 secret- name: docker-test-secretcontainers:- name: env-testimage: alpineimagePullPolicy: IfNotPresentcommand: [/bin/sh,-c,env ; sleep 3600]env:- name: JAVA_HOME_VMvalueFrom:configMapKeyRef:name: env-test # configmap的名字key: JAVA_HOME # 表示从name的configmap种获取名字为key的value将其赋值给本地环境变量 JAVA_HOME_VM- name: Name_VMvalueFrom:configMapKeyRef:name: env-testkey: NamerestartPolicy: Never2.3.3 可以通过容器的描述引用了secret资源下载镜像 [rootk8s-master configmap]# kubectl create -f test-docker-po.yaml
pod/test-configfile-po created[rootk8s-master configmap]# kubectl get po test-configfile-po
NAME READY STATUS RESTARTS AGE
test-configfile-po 1/1 Running 0 2m57s[rootk8s-master configmap]# kubectl describe po test-configfile-po
Name: test-configfile-po
Namespace: default
Priority: 0
Service Account: default
Node: k8s-node-02/10.10.10.113
Start Time: Mon, 26 Feb 2024 16:28:01 0800
Labels: none
Annotations: none
Status: Running
IP: 10.2.1.64
IPs:IP: 10.2.1.64
Containers:env-test:Container ID: docker://cbcb9ece8da46b593a766c8d0d0247e3a02a0316ba24164e3ce3d5d8bf823829Image: registry.cn-hangzhou.aliyuncs.com/lhty/controller:2.1Image ID: docker-pullable://registry.cn-hangzhou.aliyuncs.com/lhty/controllersha256:96f3490f6b7693caad23f2ce143d0e23516527edcd3448589cb9498011ba19c3Port: noneHost Port: noneCommand:/bin/sh-cenv ; sleep 3600State: RunningStarted: Mon, 26 Feb 2024 16:29:12 0800Ready: TrueRestart Count: 0Environment:JAVA_HOME_VM: set to the key JAVA_HOME of config map env-test Optional: falseName_VM: set to the key Name of config map env-test Optional: falseMounts:/opt/test/ from db-config (ro)/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nwsh6 (ro)
Conditions:Type StatusInitialized TrueReady TrueContainersReady TruePodScheduled True
Volumes:db-config:Type: ConfigMap (a volume populated by a ConfigMap)Name: my-config-test1Optional: falsekube-api-access-nwsh6:Type: Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds: 3607ConfigMapName: kube-root-ca.crtConfigMapOptional: nilDownwardAPI: true
QoS Class: BestEffort
Node-Selectors: none
Tolerations: node.kubernetes.io/not-ready:NoExecute opExists for 300snode.kubernetes.io/unreachable:NoExecute opExists for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 75s default-scheduler Successfully assigned default/test-configfile-po to k8s-node-02Normal Pulling 75s kubelet Pulling image registry.cn-hangzhou.aliyuncs.com/lhty/controller:2.1Normal Pulled 6s kubelet Successfully pulled image registry.cn-hangzhou.aliyuncs.com/lhty/controller:2.1 in 1m8.912792712sNormal Created 5s kubelet Created container env-testNormal Started 5s kubelet Started container env-test通过docker images可以看到有刚才通过阿里云仓库拉取的镜像 3、SubPath的使用 场景需求把nginx中的conf文件制作为一个configmap后续想改动nginx的配置文件我们只需要更新这个configmap即可不需要重新登录进nginx容器内修改conf文件。但是 3.1 为什么需要使用SubPath
使用configmap加载的文件到容器内目录后如果原先有这个目录会直接覆盖原先的目录原先目录中的内容会丢失。
3.1.1 创建一个nginx配置文件的configmap
# 拿到容器中的nginx配置文件
rootk8s-master configmap]# kubectl exec nginx-deploy-fdd948cf4-69b85 -it -- sh -c cat /etc/nginx/nginx.conf nginx-conf-cm.conf## 创建这个configmap
[rootk8s-master configmap]# kubectl create cm nginx-conf-cm --from-file nginx-conf-cm.conf
configmap/nginx-conf-cm created
[rootk8s-master configmap]# kubectl describe cm nginx-conf-cm
Name: nginx-conf-cm
Namespace: default
Labels: none
Annotations: noneDatanginx-conf-cm.conf:
----user nginx;
worker_processes auto;error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;events {worker_connections 1024;
}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main $remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for;access_log /var/log/nginx/access.log main;sendfile on;#tcp_nopush on;keepalive_timeout 65;#gzip on;include /etc/nginx/conf.d/*.conf;
}BinaryData
Events: none3.1.2 修改deploy信息 nginx的pod是通过deployment创建的所以只需要修改deployment信息就可以更新nginx了。 [rootk8s-master configmap]# kubectl get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 2/2 2 2 43h
[rootk8s-master configmap]# kubectl get po
NAME READY STATUS RESTARTS AGE
dns-test 1/1 Running 2 (5h14m ago) 2d14h
fluentd-59k8k 1/1 Running 1 (5h14m ago) 44h
fluentd-hhtls 1/1 Running 1 (5h14m ago) 44h
nginx-deploy-fdd948cf4-69b85 1/1 Running 1 (5h14m ago) 40h
nginx-deploy-fdd948cf4-r8ktj 1/1 Running 1 (5h14m ago) 43h
test-configfile-po 1/1 Running 0 18m## 通过edit deploy nginx-deploy文件添加如下内容如下内容需要和 containers 同一级别。
containerscommand: [/bin/sh,-c,nginx daemon off; sleep 3600] # 为了防止容器启动失败。volumesMounts:- name: nginx-confmountPath: /etc/nginx
volumes:
- name: nginx-confconfigMap:- name: nginx-conf-cm # configmap的名字items:- key: nginx-conf-cm.conf # configmap种文件的名字path: nginx.conf3.1.3 查看更新后过的nginx pod
[rootk8s-master configmap]# kubectl get po
NAME READY STATUS RESTARTS AGE
dns-test 1/1 Running 2 (5h57m ago) 2d14h
fluentd-59k8k 1/1 Running 1 (5h58m ago) 45h
fluentd-hhtls 1/1 Running 1 (5h57m ago) 45h
nginx-deploy-7d6db4657b-7pzc2 1/1 Running 0 38s
nginx-deploy-7d6db4657b-qq8sc 1/1 Running 0 40s
test-configfile-po 0/1 Completed 0 62m
[rootk8s-master configmap]# kubectl describe po nginx-deploy-7d6db4657b-7pzc2
Name: nginx-deploy-7d6db4657b-7pzc2
Namespace: default
Priority: 0
Service Account: default
Node: k8s-node-01/10.10.10.177
Start Time: Mon, 26 Feb 2024 17:29:41 0800
Labels: appnginx-deploypod-template-hash7d6db4657b
Annotations: none
Status: Running
IP: 10.2.2.39
IPs:IP: 10.2.2.39
Controlled By: ReplicaSet/nginx-deploy-7d6db4657b
Containers:nginx:Container ID: docker://6b349ede9bb23d51add64c24b28bab4a5df2804ea7bbe0e5efdcc97ba405a005Image: nginx:1.20Image ID: docker-pullable://nginxsha256:03f3cb0afb7bd5c76e01bfec0ce08803c495348dccce37bcb82c347b4853c00bPort: noneHost Port: noneCommand:/bin/sh-cnginx daemon off; sleep 3600State: RunningStarted: Mon, 26 Feb 2024 17:29:42 0800Ready: TrueRestart Count: 0Limits:cpu: 200mmemory: 128MiRequests:cpu: 100mmemory: 128MiEnvironment: noneMounts:/etc/nginx/ from nginx-conf (rw)/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9xskq (ro)
Conditions:Type StatusInitialized TrueReady TrueContainersReady TruePodScheduled True
Volumes:nginx-conf:Type: ConfigMap (a volume populated by a ConfigMap)Name: nginx-conf-cmOptional: falsekube-api-access-9xskq:Type: Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds: 3607ConfigMapName: kube-root-ca.crtConfigMapOptional: nilDownwardAPI: true
QoS Class: Burstable
Node-Selectors: none
Tolerations: node.kubernetes.io/not-ready:NoExecute opExists for 300snode.kubernetes.io/unreachable:NoExecute opExists for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 85s default-scheduler Successfully assigned default/nginx-deploy-7d6db4657b-7pzc2 to k8s-node-01Normal Pulled 85s kubelet Container image nginx:1.20 already present on machineNormal Created 85s kubelet Created container nginxNormal Started 85s kubelet Started container nginx3.1.4 /etc/nginx/ 这个路径下只有一个nginx的配置文件其他文件全部没了
[rootk8s-master configmap]# kubectl exec -it nginx-deploy-7d6db4657b-7pzc2 -- sh -c ls /etc/nginx/
nginx.conf
[rootk8s-master configmap]# kubectl exec -it nginx-deploy-7d6db4657b-7pzc2 -- sh -c cat /etc/nginx/nginx.confuser nginx;
worker_processes auto;error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;events {worker_connections 1024;
}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main $remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for;access_log /var/log/nginx/access.log main;sendfile on;#tcp_nopush on;keepalive_timeout 65;#gzip on;include /etc/nginx/conf.d/*.conf;
}3.2 如何使用SubPath
1、定义volumes时需要增加items属性配置key和path且path的值不能从/开始2、在容器内的volumeMounts中增加subPath黑性该值与volumes中tems.path的值相同。
3.2.1 修改deploy添加subPath 3.2.2 在进容器查看下/etc/nginx目录内容 4、配置的热更新
我们通常会将项目的配置文件作为configmap然后挂载到pod,那么如果更新configmap中的配置会不会更新到pod中呢 这得分成几种情况 默认方式会更新更新同期是更新间缓存时间 subPath:不会更新 变量形式如果pod中的一个变量是从configmap或secret中得到同样也是不会更新的。 对于subPath的方式我们可以取消subPath的使用将配置文件挂载到一个不存在的目录避免目录的夏盖然后再利用软连接的形式将该文件链接到目标位置。
4.1 通过edit 命令直接修改configmap
4.1.1 创建一个pod
apiVersion: v1
kind: Pod
metadata:name: configfile-po
spec:containers:- name: configmap-poimage: alpineimagePullPolicy: IfNotPresentcommand: [/bin/sh,-c,env ; sleep 3600]volumeMounts: # 加载数据卷- name: db-config # 加载数据卷的名字mountPath: /opt/test/ #将数据卷加载到什么目录readOnly: true # 是否只读volumes: # 数据卷挂载configmap、secret- name: db-config #数据卷的名字随意设置configMap: # 数据卷类型为ConfigMapname: my-config-test1 #configMap的名字必须跟想要加载的configmap相同items: #对configmap中的key进行映射如果不指定默认会讲configmap中所有 key全部转换为一个个同名的文件- key: db.properties # configMap中的keypath: db.txt # 将该key的值转换为文件restartPolicy: Never[rootk8s-master configmap]# kubectl get cm
NAME DATA AGE
env-test 2 18h
kube-root-ca.crt 1 6d20h
my-config-test1 2 18h
my-config-test3 2 18h
nginx-conf-cm 1 102m[rootk8s-master configmap]# kubectl create -f configfile-po.yaml
pod/configfile-po created[rootk8s-master configmap]# kubectl get po
NAME READY STATUS RESTARTS AGE
configfile-po 1/1 Running 0 20s
dns-test 1/1 Running 2 (6h53m ago) 2d15h
fluentd-59k8k 1/1 Running 1 (6h53m ago) 46h
fluentd-hhtls 1/1 Running 1 (6h53m ago) 46h
nginx-deploy-6fb8d6548-8khhv 1/1 Running 0 31m
nginx-deploy-6fb8d6548-fd9tx 1/1 Running 0 31m
[rootk8s-master configmap]# kubectl exec -it configfile-po -- sh -c cat /opt/test/db.txt
user: root
passwd: 123456
host: 127.0.0.1
4.1.2 通过edit编辑my-config-test1给configmap中添加一条信息 4.1.3 查看容器中的内容更新情况需要等一段时间才会更新
[rootk8s-master configmap]# kubectl exec -it configfile-po -- sh -c cat /opt/test/db.txt
user: root
passwd: 123456
host: 127.0.0.1
date: 2024-02-264.2 通过replace进行更新
由于conigmap我们创建通常都是基于文件创建并不会编写yaml配置文件因比修改时我们也是直接修改配置文件而replace是没有 --from-file 参数的因此无法实现基于源配置文件的替换此时我们可以利用下方的命令实现
该命令的重点在于 --dry-run 参数该参数的意思打印yaml文件但不会将该文件发送给api-server,再结合 -o yaml输出yaml文件就可以得到一个配置好但是没有发给api-server的文件然后再结合replace监听控制台得到yaml数据即可实现替换。 kubectl create cm --from-filenginx.conf --dry-run -o yaml | kubectl replace-f-
4.2.1 更新需要添加到configmap的文件
[rootk8s-master configmap]# echo service: test ./file/db.properties4.2.2 通过 kubectl create cm --from-filenginx.conf --dry-run -o yaml | kubectl replace-f- 更新configmap
[rootk8s-master configmap]# kubectl create cm my-config-test1 --from-file./file/ --dry-run -o yaml
W0226 21:19:22.889508 89629 helpers.go:639] --dry-run is deprecated and can be replaced with --dry-runclient.
apiVersion: v1
data:db.properties: |user: rootpasswd: 123456host: 127.0.0.1service: testhost.properties: |k8s-master: 10.10.10.100k8s-node-01: 10.10.10.177k8s-node-02: 10.10.10.113
kind: ConfigMap
metadata:creationTimestamp: nullname: my-config-test1[rootk8s-master configmap]# kubectl create cm my-config-test1 --from-file./file/ --dry-run -o yaml | kubectl replace -f-
W0226 21:21:09.680288 90368 helpers.go:639] --dry-run is deprecated and can be replaced with --dry-runclient.
configmap/my-config-test1 replaced
[rootk8s-master configmap]#4.2.3 查看configmap
[rootk8s-master configmap]# kubectl describe cm my-config-test1
Name: my-config-test1
Namespace: default
Labels: none
Annotations: noneDatadb.properties:
----
user: root
passwd: 123456
host: 127.0.0.1
service: testhost.properties:
----
k8s-master: 10.10.10.100
k8s-node-01: 10.10.10.177
k8s-node-02: 10.10.10.113BinaryData
Events: none4.2.4 查看容器内文件已经更新
[rootk8s-master configmap]# kubectl exec -it configfile-po -- sh -c cat /opt/test/db.txt
user: root
passwd: 123456
host: 127.0.0.1
service: test5、不可变的configmap和secret
对于一些敏感服务的配置文件在线上有时是不允许修改的此时在配置configmap时可以设置 immutable:true 来禁止修改
5.1 查看之前创建的my-confgi-test1这个configmap配置
[rootk8s-master configmap]# kubectl describe cm my-config-test1
Name: my-config-test1
Namespace: default
Labels: none
Annotations: noneDatadb.properties:
----
user: root
passwd: 123456
host: 127.0.0.1
service: testhost.properties:
----
k8s-master: 10.10.10.100
k8s-node-01: 10.10.10.177
k8s-node-02: 10.10.10.113BinaryData
Events: none5.2 通过kubectl edit cm my-config-test1 添加 immutable: true 5.3 再次通过edit修改文件发现已经无法更改文件了
