本文分享自华为云社区《nginx.conf以configmap文件形式挂载到nginx容器中以及subpath使用场景》,作者:可以交个朋友。
背景
nginx.conf通过configmap文件形式挂载到容器内,可以更加方便的修改nginx.conf配置
方案简介
将配置文件nginx.conf以configmap文件的方式挂载到容器中。为了更通用,可以将使用主nginx.conf include 指定xx.conf方式,主nginx.conf作为一个cm,具体xx.conf对应一个cm
configmap可以通过ENV环境变量和文件两种方式挂载到容器中,修改configmap后容器中对应的ENV环境变量不会更新;修改configmap后容器中对应的file会自动更新,如果以subpath方式挂载文件,文件内容不会自动更新
将nginx.conf作为configmap挂载到容器中
1.创建configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: default
data:
nginx.conf: |+
user nginx;
worker_processes 8;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-server-config
namespace: default
data:
server1.conf: |+
server {
listen 80;
server_name server1.com;
location / {
root /usr/share/nginx/html/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server2.conf: |+
server {
listen 81;
server_name server2.com;
location / {
root /usr/share/nginx/html/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}2.部署nginx业务使用对应的cm
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
version: v1
name: test-reload
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: test-reload
template:
metadata:
labels:
app: test-reload
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: container-1
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: vol-168233491311961268
- mountPath: /etc/nginx/nginx.conf
name: vol-168249948123126427
readOnly: true
subPath: nginx.conf
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: default-secret
restartPolicy: Always
volumes:
- configMap:
defaultMode: 420
name: nginx-server-config
name: vol-168233491311961268
- configMap:
defaultMode: 420
name: nginx-config
name: vol-168249948123126427subpath拓展
subpath的作用如下:
- 避免覆盖。如果挂载路径是一个已存在的目录,则目录下的内容不会被覆盖。直接将configMap/Secret挂载在容器的路径,会覆盖掉容器路径下原有的文件,使用subpath选定configMap/Secret的指定的key-value挂载在容器中,则不会覆盖掉原目录下的其他文件
- 文件隔离。pod中含有多个容器公用一个日志volume,不同容器日志路径挂载的到不同的子目录,而不是根路径(Subpath目录会在底层存储自动创建且权限为777,无需手动创建)
避免覆盖效果演示
1.创建一个工作负载nginx,并用普通方式挂载configmap配置文件
apiVersion: v1
kind: ConfigMap
metadata:
name: config
data:
test-subpath.conf: |+
test subpath;
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test
name: test
spec:
replicas: 1
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
volumes:
- configMap:
defaultMode: 420
name: config
name: vol-168249948123126427
containers:
- image: centos:latest
name: centos
command:
- /bin/bash
args:
- -c
- while true;do sleep 1 && echo hello;done
volumeMounts:
- mountPath: /tmp
name: vol-1682499481231264272.使用docker inspect ${容器id}命令查看容器挂载信息,挂载目标为tmp目录,tmp目录下原有内容被覆盖
[root@test-746c64649c-pzztn /]# ls -l /tmp/
total 0
lrwxrwxrwx 1 root root 24 Feb 27 03:02 test-subpath.conf -> ..data/test-subpath.conf3.创建一个工作负载nginx,并用subpath方式挂载configmap配置文件
apiVersion: v1
kind: ConfigMap
metadata:
name: config
data:
test-subpath.conf: |+
test subpath;
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test
name: test
spec:
replicas: 1
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
volumes:
- configMap:
defaultMode: 420
name: config
name: vol-168249948123126427
containers:
- image: centos:latest
name: centos
command:
- /bin/bash
args:
- -c
- while true;do sleep 1 && echo hello;done
volumeMounts:
- mountPath: /tmp/test-subpath.conf
name: vol-168249948123126427
subPath: test-subpath.conf4.使用docker inspect ${容器Id}命令查看容器挂载信息,挂载目标为test-subpath.conf文件,所以tmp目录下原来的文件不会被覆盖
[root@test-7b64fd6bb-56lpp /]# ls -l /tmp/
total 12
-rwx------ 1 root root 701 Dec 4 2020 ks-script-esd4my7v
-rwx------ 1 root root 671 Dec 4 2020 ks-script-eusq_sc5
-rw-r--r-- 1 root root 14 Feb 27 03:07 test-subpath.conf文件隔离演示
1.创建工作负载test,使用hostPath卷类型持久化日志文件
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test
name: test
spec:
replicas: 2
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
volumes:
- hostPath:
path: /tmp/log #该路径必须在节点上已存在
name: vol-168249948123126427
containers:
- image: centos:latest
name: centos
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command:
- /bin/bash
args:
- -c
- while true;do echo $(POD_NAME) >> /tmp/log/app.log && sleep 900 ;done
volumeMounts:
- mountPath: /tmp/log
name: vol-168249948123126427
subPathExpr: $(POD_NAME)2.两个Pod实例调度至同一个节点
[root@test ~]# kubectl get pod -owide -l app=test
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-69dfc665cd-2nhg5 1/1 Running 0 95s 172.16.4.59 172.16.2.172 <none> <none>
test-69dfc665cd-z7rsj 1/1 Running 0 77s 172.16.4.25 172.16.2.172 <none> <none>3.进入容器内查看日志文件
[root@test ~]# kubectl exec -it test-69dfc665cd-2nhg5 bash
[root@test-69dfc665cd-2nhg5 /]# cat /tmp/log/app.log
test-69dfc665cd-2nhg5
[root@test-69dfc665cd-2nhg5 /]# exit
exit
[root@test ~]# kubectl exec -it test-69dfc665cd-z7rsj bash
[root@test-69dfc665cd-z7rsj /]# cat /tmp/log/app.log
test-69dfc665cd-z7rsj4.在节点上查看挂载路径,每个Pod的日志文件用目录进行隔离,目录名为Pod名称
[root@172 log]# pwd
/tmp/log
[root@172 log]# ll
total 0
drwxr-xr-x 2 root root 60 Feb 27 15:08 test-69dfc665cd-2nhg5
drwxr-xr-x 2 root root 60 Feb 27 15:09 test-69dfc665cd-z7rsj
[root@172 log]# cat test-69dfc665cd-2nhg5/app.log
test-69dfc665cd-2nhg5
[root@172 log]# cat test-69dfc665cd-z7rsj/app.log
test-69dfc665cd-z7rsj