k8s ConfigMap创建与使用
configmap
一、cinfig描述信息
ConfigMap 功能在 Kubernetes1.2 版本中引入,许多应用程序会从配置文件、命令行参数或环境变量中读取配置信息。ConfigMap API 给我们提供了向容器中注入配置信息的机制,ConfigMap 可以被用来保存单个属性,也可以用来保存整个配置文件或者 JSON 二进制等对象。
1.1 ConfigMap
configmap 配置中心(明文存放)
1.可以轻松应对各种环境(开发、测试、生产),当启动容器时,根据需求去加载对应的配置文件。
2.当需要对容器内的配置进行修改时,只需要修改配置中心的配置文件。
3.也可以进行灰度发布,针对单个pod内容器进行更新
1.2 加载方式
1. 变量注入
当启动pod时,可以将配置中心的configmap配置文件关联到pod上,从中读取数据传递给pod内作为容器的一个变量,变量注入方式传递给容器;
但是当configmap 发生改变时,并不会同步到容器内变量中,仅在pod启动时生效。
2. 配置文件
也可以把configmap当做存储卷,直接挂载到容器内的目录上,应用程序去读取这个目录的配置文件,同时支持热更新。
二、ConfigMap变量的创建使用
2.1 文件方式创建
# 准备两个文件
[root@master cm]# cat game.txt version=1.17 name=dave age=18 [root@master cm]# cat ui.properties level=2 color=yellow
2.1.1 指定多个文件创建
kubectl create configmap game-config-2 --from-file=./game.txt --from-file=./ui.properties
一种错误的创建方式
[root@master-1 secret]# cat bar/username.txt zhangsan lisi wangwu zhaoliu [root@master-1 secret]# cat bar/password.txt xxxxx zzzzz ccccc vvvvv
# 查看secret [root@master-1 secret]# kubectl get secret my-secret -oyaml apiVersion: v1 data: password: eHh4eHgKenp6enoKY2NjY2MKdnZ2dnYK username: emhhbmdzYW4KbGlzaQp3YW5nd3UKemhhb2xpdQo= kind: Secret metadata: creationTimestamp: "2024-12-18T06:40:02Z" managedFields: ... manager: kubectl-create operation: Update time: "2024-12-18T06:40:02Z" name: my-secret namespace: default resourceVersion: "1296147" uid: 263cbea3-05e3-4109-b789-24eee920c89f type: Opaque [root@master-1 secret]# echo eHh4eHgKenp6enoKY2NjY2MKdnZ2dnYK |base64 --decode xxxxx zzzzz ccccc vvvvv [root@master-1 secret]# echo emhhbmdzYW4KbGlzaQp3YW5nd3UKemhhb2xpdQo= |base64 --decode zhangsan lisi wangwu zhaoliu 容器加载 env: - name: USERNAME valueFrom: secretKeyRef: name: my-secret key: username - name: PASSWORD valueFrom: secretKeyRef: name: my-secret key: password [root@master-1 secret]# kubectl exec secret-files-5bb67f8d6c-5zdtc -- env |egrep -w -i 'username|password' USERNAME=zhangsan # 只匹配到文件的第一行 PASSWORD=xxxxx # 同上
由此可以看到使用文件创建cm时,尽可能写到一行,而不是分行,不然容器加载键值只能加载第一行。
实在想要kv形式的,可以使用--from-env-file 或者--from-literal=k1=v1
2.1.2 使用文件创建一个nginx的configmap
[root@master-1 configmap]# kubectl create cm nginx-cm --from-file=nginx.conf # 不指定文件名称 configmap/nginx-cm created [root@master-1 configmap]# kubectl describe cm nginx-default-config Name: nginx-default-config Namespace: default Labels: <none> Annotations: <none> Data ==== default.conf: ---- server { listen 80; listen [::]:80; server_name localhost; #access_log /var/log/nginx/host.access.log main; ...
2.1.3 指定自定义key值(文件名称)
[root@master-1 configmap]# kubectl create cm nginx-cm --from-file=nginx.default.conf=nginx.conf configmap/nginx-cm created [root@master-1 configmap]# kubectl get cm NAME DATA AGE nginx-cm 1 5s nginx-default-config 1 21d [root@master-1 configmap]# kubectl describe cm nginx-cm Name: nginx-cm Namespace: default Labels: <none> Annotations: <none> Data ==== nginx.default.conf: # 名称发生了改变 ---- #user nobody; worker_processes auto; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; ...
2.2 使用清单文件创建cm
cat nginx-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: nginx-config namespace: app data: nginx.conf: | # 文件名 #user nobody; worker_processes auto; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; ...
2.3 指定目录创建
指定在目录下的所有文件都会被用在 ConfigMap 里面创建一个键值对,键的名字就是文件名,值就是文件的内容
[root@master-1 configmap]# ll /root/.ssh/ 总用量 12 -rw-------. 1 root root 1679 10月 31 10:47 id_rsa -rw-r--r--. 1 root root 395 10月 31 10:47 id_rsa.pub -rw-r--r--. 1 root root 718 11月 4 15:16 known_hosts kubectl create cm ssh-rsa --from-file=/root/.ssh/ configmap/ssh-rsa created
[root@master-1 configmap]# kubectl describe cm ssh-rsa Name: ssh-rsa Namespace: default Labels: <none> Annotations: <none> Data ==== id_rsa.pub: # key名称 ---- ssh-rsa AAAAB3NzaC1yc2EAKfL/xn4jbXKyxsAi78pfm+BHcuF root@master-1 known_hosts: # key名称 ---- node-1,192.168.64.130 ecdsa-sha2-niBF3TdjDDBHdEBpR7r913zenUgo5ASCdU= node-2,192.168.64.131 ecdsa-sha2-nistpk3nV80jI38WT2EscRuaLdn0naI4= 192.168.43.130 ecdsa-sha2-nistp256+OxABFD8uMdxp213zenUgo5ASCdU= 192.168.43.131 ecdsa-sha2-nistp256/E6pExEfkQ274GQkBbib9scRuaLdn0naI4= id_rsa: # key名称 ---- -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA0AboTXGE7JK/3twlsKda2Qr6pufWaNP4TziLUqh1Ei2tDJIO cogQIypVJ7CGelxUhsd/o5YFxpNfXUTJLtMJs= -----END RSA PRIVATE KEY----- Events: <none>
2.4 指定文件与自定义键值对创建
—from-file 这个参数可以使用多次
kubectl create cm ssh-rsa --from-file=/root/.ssh/ --from-literal=user=root configmap/ssh-rsa created [root@master-1 configmap]# kubectl describe cm ssh-rsa Name: ssh-rsa Namespace: default Labels: <none> Annotations: <none> Data ==== id_rsa.pub: ---- ssh-rsa AAAAB3NzaC1yc2EAAHUSLa0M+BHcuF root@master-1 known_hosts: ---- node-1,192.168.64.130 ecdsa-sha2-nistp256 Ago5ASCdU= node-2,192.168.64.131 ecdsa-sha2-nistp256 AAn0naI4= 192.168.43.130 ecdsa-sha2-nistp256 AAAAE2VjZCdU= 192.168.43.131 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNaI4= user: ---- root id_rsa: ---- -----BEGIN RSA PRIVATE KEY----- MIIlxUhsd/oKtvZNYjx2duKTjgE12qiVJJdj5dlIUA5YFxpNfXUTJLtMJs= -----END RSA PRIVATE KEY----- Events: <none>
2.5 使用自定义键值对创建
利用 --from-literal 参数传递配置信息,该参数可以使用多次,格式如下$ kubectl create configmap literal-config --from-literal=name=dave --from-literal=password=pass
3. configmap使用方法
3.1 清单文件
apiVersion: v1 kind: ConfigMap metadata: name: literal-config namespace: default data: name: dave password: pass --- apiVersion: v1 kind: ConfigMap metadata: name: env-config namespace: default data: log_level: INFO
3.2 创建pod调用configmap
apiVersion: v1 kind: Pod metadata: name: cm-env-test-pod spec: containers: - name: test-container image: wangyanglinux/myapp:v1 command: [ "/bin/sh", "-c", "env" ] env: //导入单个变量 - name: USERNAME //导入后显示在容器内部 key 名称 valueFrom: configMapKeyRef: name: literal-config //cm 名称 key: name //cm 中key 名称,取出来赋值给容器内部USERNAME变量的值 - name: PASSWORD valueFrom: configMapKeyRef: name: literal-config key: password envFrom: //导入cm所有变量 - configMapRef: name: env-config restartPolicy: Never
3.3 使用ConfigMap 设置命令行参数输出,容器内部调用
apiVersion: v1 kind: Pod metadata: name: cm-command-dapi-test-pod spec: containers: - name: test-container image: wangyanglinux/myapp:v1 command: [ "/bin/sh", "-c", "echo $(USERNAME) $(PASSWORD)" ] env: - name: USERNAME valueFrom: configMapKeyRef: name: literal-config key: name - name: PASSWORD valueFrom: configMapKeyRef: name: literal-config key: password restartPolicy: Never
4. 通过数据卷(配置文件)插件使用ConfigMap
4.1 定义一个ConfigMap
apiVersion: v1 kind: ConfigMap metadata: name: nginx-config namespace: linux40 data: default: | server { listen 80; server_name www.mysite.com; index index.html; location / { root /data/nginx/html; if (!-e $request_filename) { rewrite ^/(.*) /index.html last; } } }
4.2 pod挂载
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: linux40 spec: replicas: 1 selector: matchLabels: app: ng-deploy-80 template: metadata: labels: app: ng-deploy-80 spec: containers: - name: ng-deploy-80 image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80 volumeMounts: - mountPath: /data/nginx/html name: nginx-static-dir - mountPath: /etc/nginx/nginx.conf name: nginx-conf // 跟下面随便写那个保持一致 subPath: nginx.conf volumes: - name: nginx-static-dir hostPath: path: /data/nginx/linux39 - name: nginx-config //随便写 configMap: name: nginx-config // configmap 名称 items: //加载configmap中某个参数,如果不写,全部转换key内容为同名文件 - key: default //定义加载key的名称,configmap必须有这个 key=default path: nginx.conf // 两个功能:1. 重定义key名称 2. mountPath的子目录
4.2.1 items测试
apiVersion: v1 kind: Pod metadata: name: nginx-secret namespace: app spec: imagePullSecrets: #- name: docker-cfg-impull - name: user-registry serviceAccountName: default containers: - name: nginx-secret image: 124.222.68.142:10006/k8s/nginx:latest imagePullPolicy: Always #command: ["sleep", "3600"] volumeMounts: - name: nginx-default-config mountPath: /mnt/nginx volumes: - name: nginx-default-config configMap: name: nginx-default-config items: - key: default.conf path: nginx.config
进入容器查看
[root@master-1 busybox]# kubectl exec nginx-secret -n app -- ls /mnt/nginx nginx.config
5. 不可变的cm和secret
重要文件设置此参数,上线后禁止修改
kubectl create cm test-immutable --from-file=/etc/nginx.conf
kubectl edit cm etst-immutable ... immutable: true # 此参数表示cm或secret不可被更改
6. 验证热更新
创建两个pod,加载同一个configmap,一个挂载,一个注入
6.1 configmap存储卷挂载方式
apiVersion: apps/v1 kind: Deployment metadata: name: configmap-volume spec: replicas: 1 selector: matchLabels: app: configmap-volume template: metadata: labels: app: configmap-volume spec: imagePullSecrets: - name: docker-cfg-impull containers: - name: configmap-volume image: 124.222.68.142:10006/k8s/busybox:1.28 #imagePullPolicy: IfNotPresent imagePullPolicy: Always command: ["sh", "-c","echo 123 > /123.txt ; sleep 3600"] volumeMounts: - name: mysql-configmap-env mountPath: /etc/configmap readOnly: true volumes: - name: mysql-configmap-env configMap: name: files-env--kv-literal-cm
6.2 变量注入方式
apiVersion: apps/v1 kind: Deployment metadata: name: configmap-kv-all spec: replicas: 1 selector: matchLabels: app: configmap-kv-all template: metadata: labels: app: configmap-kv-all spec: imagePullSecrets: - name: docker-cfg-impull containers: - name: configmap-kv-all image: 124.222.68.142:10006/k8s/busybox:1.28 #imagePullPolicy: IfNotPresent imagePullPolicy: Always command: ["sh", "-c","echo 123 > /123.txt ; sleep 3600"] envFrom: - configMapRef: name: files-env--kv-literal-cm
6.3 修改cm
]# kubectl edit cm files-env--kv-literal-cm # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 data: PASSWORD: 88888888.. PORT: "33060" SERVER: 192.168.43.129 USERNAME: root kind: ConfigMap metadata: creationTimestamp: "2024-12-19T01:20:19Z" name: files-env--kv-literal-cm namespace: default resourceVersion: "1617807" uid: a0edc88c-c08b-4d34-9509-dff0694cebf1
6.4 进入容器查看变量
# 变量注入 [root@master-1 configmap]# while true;do kubectl exec configmap-kv-all-5497bc449d-kf8l4 -- env |egrep -iw 'password|username|port|server';sleep 3;done PORT=3306 SERVER=192.168.43.129 USERNAME=root PASSWORD=666666.. # 挂载存储卷 [root@master-1 configmap]# kubectl exec configmap-volume-844c84566b-5spvl -- cat /etc/configmap/PASSWORD 88888888.. [root@master-1 configmap]# kubectl exec configmap-volume-844c84566b-5spvl -- cat /etc/configmap/PORT 33060
结论:
1. 变量注入:
当configmap 发生改变时,并不会同步到容器内变量中,仅在pod启动时生效。
2. 配置文件:
configmap存储卷方式支持热更新。
越学越感到自己的无知
分类:
K8S
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了