【云原生】kubernetes中Configmap原理解析与应用实战

✨✨ 欢迎大家来到景天科技苑✨✨

🎈🎈 养成好习惯,先赞后看哦~🎈🎈

🏆 作者简介:景天科技苑

🏆《头衔》:大厂架构师,华为云开发者社区专家博主,阿里云开发者社区专家博主,CSDN全栈领域优质创作者,掘金优秀博主,51CTO博客专家等。

🏆《博客》:Python全栈,前后端开发,小程序开发,人工智能,js逆向,App逆向,网络系统安全,数据分析,Django,fastapi,flask等框架,云原生k8s,linux,shell脚本等实操经验,网站搭建,数据库等分享。

所属的专栏: 云原生K8S,零基础到进阶实战
景天的主页: 景天科技苑

文章目录

  • ComfigMap
    • 1.Configmap概述
      • [1.1 什么是Configmap?](#1.1 什么是Configmap?)
      • [1.2 Configmap能解决哪些问题?](#1.2 Configmap能解决哪些问题?)
      • [1.3 Configmap应用场景](#1.3 Configmap应用场景)
      • [1.4 局限性](#1.4 局限性)
    • 2.Configmap创建方法
      • [2.1 命令行直接创建](#2.1 命令行直接创建)
      • [2.2 通过文件创建](#2.2 通过文件创建)
      • [2.3 指定目录创建](#2.3 指定目录创建)
      • [2.4 编写configmap资源清单YAML文件](#2.4 编写configmap资源清单YAML文件)
    • 3.使用Configmap
      • [3.1 通过环境变量引入:使用configMapKeyRef](#3.1 通过环境变量引入:使用configMapKeyRef)
      • [3.2 通过环境变量引入:使用envfrom](#3.2 通过环境变量引入:使用envfrom)
      • [3.3 把configmap做成volume,挂载到pod](#3.3 把configmap做成volume,挂载到pod)
    • 4.Configmap热更新
      • [4.1 注意](#4.1 注意)

ComfigMap

1.Configmap概述

1.1 什么是Configmap?

Configmap是k8s中的资源对象,用于保存非机密性的配置的,数据可以用key/value键值对的形式保存,也可通过文件的形式保存。

1.2 Configmap能解决哪些问题?

我们在部署服务的时候,每个服务都有自己的配置文件,

如果一台服务器上部署多个服务:nginx、tomcat、apache等,那么这些配置都存在这个节点上,

假如一台服务器不能满足线上高并发的要求,需要对服务器扩容,扩容之后的服务器还是需要部署多个服务:nginx、tomcat、apache,

新增加的服务器上还是要管理这些服务的配置,如果有一个服务出现问题,需要修改配置文件,每台物理节点上的配置都需要修改,

这种方式肯定满足不了线上大批量的配置变更要求。

所以,k8s中引入了Configmap资源对象,可以当成volume挂载到pod中,实现统一的配置管理。

1、Configmap是k8s中的资源, 相当于配置文件,可以有一个或者多个Configmap;

2、Configmap可以做成Volume,k8s pod启动之后,通过 volume 形式映射到容器内部指定目录上;

3、容器中应用程序按照原有方式读取容器特定目录上的配置文件。

4、在容器看来,配置文件就像是打包在容器内部特定目录,整个过程对应用没有任何侵入。

1.3 Configmap应用场景

1、使用k8s部署应用,当你将应用配置写进代码中,更新配置时也需要打包镜像,

configmap可以将配置信息和docker镜像解耦,以便实现镜像的可移植性和可复用性,

因为一个configMap其实就是一系列配置信息的集合,可直接注入到Pod中给容器使用。

configmap注入方式有两种:

一种将configMap做为存储卷,

一种是将configMap通过env中configMapKeyRef注入到容器中。

2、使用微服务架构的话,存在多个服务共用配置的情况,如果每个服务中单独一份配置的话,

那么更新配置就很麻烦,使用configmap可以友好的进行配置共享。

1.4 局限性

ConfigMap在设计上不是用来保存大量数据的。在ConfigMap中保存的数据不可超过1 MiB。

如果你需要保存超出此尺寸限制的数据,可以考虑挂载存储卷或者使用独立的数据库或者文件服务。

一般配置文件不会超过1M,所以大胆地去用,几千行也不会超过1M

2.Configmap创建方法

2.1 命令行直接创建

直接在命令行中指定configmap参数创建,通过--from-literal指定参数

bash 复制代码
[root@master01 configmap ]#kubectl create configmap tomcat-config --from-literal=tomcat_port=8080 --from-literal=server_name=myapp.tomcat.com
configmap/tomcat-config created

命令行创建configmap可以通过帮助命令查看使用规则:

bash 复制代码
[root@master01 configmap ]#kubectl create configmap --help
Create a config map based on a file, directory, or specified literal value.

 A single config map may package one or more key/value pairs.

 When creating a config map based on a file, the key will default to the basename of the file, and the value will
default to the file content.  If the basename is an invalid key, you may specify an alternate key.

 When creating a config map based on a directory, each file whose basename is a valid key in the directory will be
packaged into the config map.  Any directory entries except regular files are ignored (e.g. subdirectories, symlinks,
devices, pipes, etc).

Aliases:
configmap, cm

Examples:
  # Create a new config map named my-config based on folder bar
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new config map named my-config with specified keys instead of file basenames on disk
  kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
  
  # Create a new config map named my-config with key1=config1 and key2=config2
  kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
  
  # Create a new config map named my-config from the key=value pairs in the file
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new config map named my-config from an env file
  kubectl create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env

Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
      --append-hash=false: Append a hash of the configmap to its name.
      --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the object that would be
sent, without sending it. If server strategy, submit server-side request without persisting the resource.
      --field-manager='kubectl-create': Name of the manager used to track field ownership.
      --from-env-file=[]: Specify the path to a file to read lines of key=val pairs to create a configmap (i.e. a Docker
.env file).
      --from-file=[]: Key file can be specified using its file path, in which case file basename will be used as
configmap key, or optionally with a key and file path, in which case the given key will be used.  Specifying a directory
will iterate each named file in the directory whose basename is a valid configmap key.
      --from-literal=[]: Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
      --save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the
annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
      --show-managed-fields=false: If true, keep the managedFields when printing objects in JSON or YAML format.
      --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
      --validate=true: If true, use a schema to validate the input before sending it

Usage:
  kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]
[options]

Use "kubectl options" for a list of global command-line options (applies to all commands).
bash 复制代码
[root@master01 configmap ]#kubectl describe configmap tomcat-config
Name:         tomcat-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
server_name:
----
myapp.tomcat.com
tomcat_port:
----
8080

BinaryData
====

Events:  <none>

2.2 通过文件创建

定义一个key是www,值是nginx.conf中的内容

bash 复制代码
[root@master01 configmap ]#cat nginx.conf 
server {
  server_name www.nginx.com;
  listen 80;
  root /home/nginx/www/
}
bash 复制代码
[root@master01 configmap ]#kubectl create configmap www-nginx --from-file=www=./nginx.conf
configmap/www-nginx created

此时,如果不指定文件的名称www。则创建的configmap的key是文件名,值是文件的内容

bash 复制代码
[root@master01 configmap ]#kubectl describe configmap www-nginx
Name:         www-nginx
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
www:
----
server {
  server_name www.nginx.com;
  listen 80;
  root /home/nginx/www/
}


BinaryData
====

Events:  <none>

configmap缩写成cm

2.3 指定目录创建

bash 复制代码
[root@master01 configmap ]#mkdir test-a
[root@master01 configmap ]#cd test-a/

[root@master01 test-a ]#cat my-server.cnf 
server-id=1
[root@master01 test-a ]#cat my-slave.cnf 
server-id=2

指定目录创建configmap

bash 复制代码
[root@master01 test-a ]#kubectl create configmap mysql-config --from-file=/root/configmap/test-a/
configmap/mysql-config created

#查看configmap详细信息

bash 复制代码
[root@master01 test-a ]#kubectl describe cm mysql-config
Name:         mysql-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
my-server.cnf:
----
server-id=1

my-slave.cnf:
----
server-id=2


BinaryData
====

Events:  <none>

这种类似文件名做key,文件内容做值

2.4 编写configmap资源清单YAML文件

bash 复制代码
[root@master01 configmap ]#kubectl explain cm
KIND:     ConfigMap
VERSION:  v1

DESCRIPTION:
     ConfigMap holds configuration data for pods to consume.

FIELDS:
   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

   binaryData	<map[string]string>
     BinaryData contains the binary data. Each key must consist of alphanumeric
     characters, '-', '_' or '.'. BinaryData can contain byte sequences that are
     not in the UTF-8 range. The keys stored in BinaryData must not overlap with
     the ones in the Data field, this is enforced during validation process.
     Using this field will require 1.10+ apiserver and kubelet.

   data	<map[string]string>
     Data contains the configuration data. Each key must consist of alphanumeric
     characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use
     the BinaryData field. The keys stored in Data must not overlap with the
     keys in the BinaryData field, this is enforced during validation process.

   immutable	<boolean>
     Immutable, if set to true, ensures that data stored in the ConfigMap cannot
     be updated (only object metadata can be modified). If not set to true, the
     field can be modified at any time. Defaulted to nil.

   kind	<string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

   metadata	<Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
bash 复制代码
[root@master01 configmap ]#cat mysql-configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql
  labels:
    app: mysql
data:
  master.cnf: |
    [mysqld]
    log-bin
    log_bin_trust_function_creators=1
    lower_case_table_names=1
  slave.cnf: |
    [mysqld]
    super-read-only
    log_bin_trust_function_creators=1

文件内容有多行 后面要跟 |

不然会出问题

这里主要配置data字段中的内容

3.使用Configmap

3.1 通过环境变量引入:使用configMapKeyRef

创建一个存储mysql配置的configmap

bash 复制代码
[root@master01 configmap ]#vim mysql-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql
  labels:
    app: mysql
data:
    log: "1"
    lower: "1"
bash 复制代码
[root@master01 configmap ]#kubectl apply -f mysql-configmap.yaml 
configmap/mysql created

查看创建的Comfigmap

bash 复制代码
[root@master01 configmap ]#kubectl get cm
NAME               DATA   AGE
kube-root-ca.crt   1      12d
mysql              2      8s
mysql-config       2      55m
tomcat-config      2      3h35m
www-nginx          1      111m

创建pod,引用Configmap中的内容

bash 复制代码
[root@master01 configmap ]#vim mysql-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mysql-pod
spec:
  containers:
  - name: mysql
    image: busybox
    command: [ "/bin/sh", "-c", "sleep 3600" ]
    env:
    - name: log_bin   #定义环境变量log_bin
      valueFrom: 
        configMapKeyRef:
          name: mysql     #指定configmap的名字
          key: log #指定configmap中的key
    - name: lower   #定义环境变量lower
      valueFrom:
        configMapKeyRef:
          name: mysql
          key: lower
  restartPolicy: Never

更新资源清单文件

bash 复制代码
[root@master01 configmap ]#kubectl apply -f mysql-pod.yaml 
pod/mysql-pod created
bash 复制代码
[root@master01 configmap ]#kubectl exec -it mysql-pod -- /bin/sh
bash 复制代码
[root@master01 configmap ]#kubectl exec -it mysql-pod -c mysql -- /bin/sh
/ # printenv 
log_bin=1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://192.168.0.1:443
HOSTNAME=mysql-pod
SHLVL=1
HOME=/root
TERM=xterm
lower=1
KUBERNETES_PORT_443_TCP_ADDR=192.168.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://192.168.0.1:443
KUBERNETES_SERVICE_HOST=192.168.0.1
PWD=/
/ # 

3.2 通过环境变量引入:使用envfrom

查看envfrom使用方法

bash 复制代码
[root@master01 configmap ]#kubectl explain pod.spec.containers.envFrom
KIND:     Pod
VERSION:  v1

RESOURCE: envFrom <[]Object>

DESCRIPTION:
     List of sources to populate environment variables in the container. The
     keys defined within a source must be a C_IDENTIFIER. All invalid keys will
     be reported as an event when the container is starting. When a key exists
     in multiple sources, the value associated with the last source will take
     precedence. Values defined by an Env with a duplicate key will take
     precedence. Cannot be updated.

     EnvFromSource represents the source of a set of ConfigMaps

FIELDS:
   configMapRef	<Object>
     The ConfigMap to select from

   prefix	<string>
     An optional identifier to prepend to each key in the ConfigMap. Must be a
     C_IDENTIFIER.

   secretRef	<Object>
     The Secret to select from
bash 复制代码
[root@master01 configmap ]#vim mysql-pod-envfrom.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mysql-pod-envfrom
spec:
  containers:
  - name: mysql
    image: busybox
    imagePullPolicy: IfNotPresent
    command: [ "/bin/sh", "-c", "sleep 3600" ]
    envFrom: 
    - configMapRef:
       name: mysql     #指定configmap的名字
  restartPolicy: Never

更新资源清单文件

bash 复制代码
[root@master01 configmap ]#kubectl apply -f mysql-pod-envfrom.yaml 
pod/mysql-pod-envfrom created
bash 复制代码
[root@master01 configmap ]#kubectl get pods
NAME                               READY   STATUS    RESTARTS        AGE
mysql-pod                          1/1     Running   0               11m
mysql-pod-envfrom                  1/1     Running   0               7s
nfs-provisioner-847fb5b8f5-lzvcf   1/1     Running   7 (5h21m ago)   3d5h
pod-pvc                            1/1     Running   1 (6h21m ago)   3d3h
test-hostpath                      2/2     Running   6 (6h21m ago)   4d4h
test-nfs-volume                    1/1     Running   3 (6h21m ago)   4d1h
web-0                              1/1     Running   1 (6h21m ago)   2d21h
web-1                              1/1     Running   1 (6h21m ago)   2d21h
web-2                              1/1     Running   1 (6h21m ago)   2d21h
web-3                              1/1     Running   1 (6h21m ago)   2d21h

进容器查看环境变量

bash 复制代码
[root@master01 configmap ]#kubectl exec -it mysql-pod-envfrom -c ysql-pod-envfrom -- /bin/sh   
/ # printenv 
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://192.168.0.1:443
HOSTNAME=mysql-pod-envfrom
SHLVL=1
HOME=/root
TERM=xterm
lower=1
KUBERNETES_PORT_443_TCP_ADDR=192.168.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
log=1
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://192.168.0.1:443
KUBERNETES_SERVICE_HOST=192.168.0.1
PWD=/

这里取得变量以及值都是configmap里面定义的变量

3.3 把configmap做成volume,挂载到pod

bash 复制代码
[root@master01 configmap ]#vim mysql-configmap-volume.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-volume
  labels:
    app: mysql-volume
data:
    log: "1"
    lower: "1"
    my.cnf: |
      [mysqld]
      Welcome=jingtian
bash 复制代码
[root@master01 configmap ]#kubectl apply -f mysql-configmap-volume.yaml 
configmap/mysql-volume created
bash 复制代码
[root@master01 configmap ]#
[root@master01 configmap ]#kubectl get cm
NAME               DATA   AGE
kube-root-ca.crt   1      12d
mysql              2      23m
mysql-config       2      79m
mysql-volume       3      5s
tomcat-config      2      3h58m
www-nginx          1      135m
bash 复制代码
[root@master01 configmap ]#vim mysql-pod-volume.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mysql-pod-volume
spec:
  containers:
  - name: mysql
    image: busybox
    command: [ "/bin/sh","-c","sleep 3600" ]
    volumeMounts:
    - name: mysql-config
      mountPath: /tmp/config
  volumes:
  - name: mysql-config
    configMap:
      name: mysql-volume   这里是configmap 的名字
  restartPolicy: Never
bash 复制代码
[root@master01 configmap ]#kubectl apply -f mysql-pod-volume.yaml 
pod/mysql-pod-volume created
bash 复制代码
[root@master01 configmap ]#kubectl get pods
NAME                               READY   STATUS    RESTARTS        AGE
mysql-pod                          1/1     Running   0               23m
mysql-pod-envfrom                  1/1     Running   0               12m
mysql-pod-volume                   1/1     Running   0               48s  这里 
nfs-provisioner-847fb5b8f5-lzvcf   1/1     Running   7 (5h33m ago)   3d6h
pod-pvc                            1/1     Running   1 (6h33m ago)   3d4h
test-hostpath                      2/2     Running   6 (6h33m ago)   4d4h
test-nfs-volume                    1/1     Running   3 (6h33m ago)   4d2h

进去容器查看挂载生成的文件

bash 复制代码
[root@master01 configmap ]#kubectl exec -it mysql-pod-volume -- /bin/sh

/ # cd /tmp/config/
/tmp/config # ls -l
total 0
lrwxrwxrwx    1 root     root            10 Sep 26 07:27 log -> ..data/log
lrwxrwxrwx    1 root     root            12 Sep 26 07:27 lower -> ..data/lower
lrwxrwxrwx    1 root     root            13 Sep 26 07:27 my.cnf -> ..data/my.cnf
/tmp/config # ls
log     lower   my.cnf

/tmp/config # cat lower 
1/tmp/config # 
/tmp/config # cat my.cnf 
[mysqld]
Welcome=jingtian

卷的形式挂载,没有把configmap 的变量加入到容器的环境变量

bash 复制代码
/tmp/config # printenv 
KUBERNETES_PORT=tcp://192.168.0.1:443
KUBERNETES_SERVICE_PORT=443
HOSTNAME=mysql-pod-volume
SHLVL=1
HOME=/root
OLDPWD=/tmp
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=192.168.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://192.168.0.1:443
KUBERNETES_SERVICE_HOST=192.168.0.1
PWD=/tmp/config

4.Configmap热更新

4.1 注意

更新 ConfigMap 后:

使用该 ConfigMap 挂载的 Env pod里面不会同步更新

使用该 ConfigMap 挂载的 Volume 中pod里面的数据需要一段时间(实测大概10秒)才能同步更新

[root@master01 configmap ]#kubectl edit cm mysql-volume

把log: "1"变成log: "2"

保存退出

[root@master01 configmap ]#kubectl exec -it mysql-pod-volume -- /bin/sh

/ # cat /tmp/config/log

2/ #

#发现log值变成了2,更新生效了

bash 复制代码
[root@master01 configmap ]#kubectl edit cm mysql
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  log: "2"

动态更新了env导入的configmap

bash 复制代码
[root@master01 configmap ]#kubectl exec -it mysql-pod-envfrom -- /bin/sh
/ # printenv 
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://192.168.0.1:443
HOSTNAME=mysql-pod-envfrom
SHLVL=1
HOME=/root
TERM=xterm
lower=1
KUBERNETES_PORT_443_TCP_ADDR=192.168.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
log=1   该值并未变化
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://192.168.0.1:443
KUBERNETES_SERVICE_HOST=192.168.0.1
PWD=/

查看pod的变量未发生变化

相关推荐
qq_31292011几秒前
docker 部署 kvm 图形化管理工具 WebVirtMgr
运维·docker·容器
踏雪Vernon1 分钟前
[OpenHarmony5.0][Docker][环境]OpenHarmony5.0 Docker编译环境镜像下载以及使用方式
linux·docker·容器·harmonyos
条纹布鲁斯1 小时前
dockerdsktop修改安装路径/k8s部署wordpress和ubuntu
docker·kubernetes
CP-DD3 小时前
Docker 容器化开发 应用
运维·docker·容器
老司机张师傅4 小时前
【微服务实战之Docker容器】第七章-Dockerfile解析
容器·dockerfile·虚悬镜像·docker学习
登云时刻4 小时前
Kubernetes集群外连接redis集群和使用redis-shake工具迁移数据(一)
redis·kubernetes·bootstrap
运维&陈同学5 小时前
【zookeeper03】消息队列与微服务之zookeeper集群部署
linux·微服务·zookeeper·云原生·消息队列·云计算·java-zookeeper
吴半杯5 小时前
gateway漏洞(CVE-2022-22947)
docker·kubernetes·gateway
Code_Artist8 小时前
使用Portainer来管理并编排Docker容器
docker·云原生·容器
Eternal-Student8 小时前
【docker 保存】将Docker镜像保存为一个离线的tar归档文件
运维·docker·容器