k8s tasks_为应用注入数据

为容器设置启动时要执行的命令和参数

创建Pod时设置命令及参数

# 查看命令使用
kubectl run --help 
  # Start the nginx pod using a different command and custom arguments
  kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
# 创建pod 打印变量
kubectl run demo --image=debian --command -- printenv HOSTNAME KUBERNETES_PORT  

controlplane ~ ➜  kubectl logs demo 
demo
tcp://10.96.0.1:443

使用环境变量设置参数

# 设置变量并打印
controlplane ~ ✖ kubectl run set-args --image=busybox --env=MSG1=hello --env=MSG2=k8s --command -- sh -c 'echo $MSG1 $MSG2'
pod/set-args created

controlplane ~ ➜  kubectl logs set-args 
hello k8s

通过环境变量将 Pod 信息呈现给容器

用 Pod 字段作为环境变量的值

apiVersion: v1
kind: Pod
metadata:
  name: pod-spec-env
spec:
  containers:
    - name: pod-spec-env
      image: debian
      command: ["printenv"]
      args: ["MY_NODE_NAME","MY_POD_NAME","MY_POD_NAMESPACE","MY_POD_IP","MY_POD_SERVICE_ACCOUNT"]
      env:
        - name: MY_NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
        - name: MY_POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: MY_POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: MY_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: MY_POD_SERVICE_ACCOUNT
          valueFrom:
            fieldRef:
              fieldPath: spec.serviceAccountName

controlplane ~ ➜  kubectl apply -f pod-sepc-env.yml 
pod/pod-spec-env created

controlplane ~ ➜  kubectl logs pod-spec-env 
controlplane
pod-spec-env
default
10.244.0.8
default

jq教程

# 可以通过jq工具确定字段
controlplane ~ ➜  kubectl get pod -o json | jq '.items[].spec.nodeName'
"controlplane"

使用容器字段作为环境变量的值

# 目前支持的字段
"limits.cpu", "limits.ephemeral-storage", "limits.memory", "requests.cpu", "requests.ephemeral-storage", "requests.memory"

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
spec:
  containers:
    - name: nginx
      image: nginx
      command: ["printenv"]
      args: ["NGINX_REQ_MEM"]
      resources:
        requests:
          memory: "32Mi"
      env:
        - name: NGINX_REQ_MEM
          valueFrom:
            resourceFieldRef:
              containerName: nginx
              resource: requests.memory


# controlplane ~ ➜  kubectl logs nginx-pod 
33554432

使用 Secret 安全地分发凭据

将 Secret 数据转换为 base-64 形式

controlplane ~ ➜  echo -n 'dean' | base64
ZGVhbg==
controlplane ~ ➜  echo -n 'pwd12345' | base64
cHdkMTIzNDU=

Secret创建

apiVersion: v1
kind: Secret
metadata:
  name: srt
data:
  usr: ZGVhbg==
  pwd: cHdkMTIzNDU=

创建

controlplane ~ ➜  kubectl apply -f srt.yml 
secret/srt created

controlplane ~ ➜  kubectl describe secrets srt 
Name:         srt
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
pwd:  8 bytes
usr:  4 bytes

apiVersion: v1
kind: Pod
metadata:
  name: demo
spec:
  containers:
    - name: demo
      image: nginx
      volumeMounts:
        # name 必须与下面的卷名匹配
        - name: secret-volume
          mountPath: /etc/secret-volume
          readOnly: true
  # Secret 数据通过一个卷暴露给该 Pod 中的容器
  volumes:
    - name: secret-volume
      secret:
        secretName: srt

查看信息

controlplane ~ ➜  kubectl apply -f demo.yml 
pod/demo created

controlplane ~ ✖ kubectl exec -it demo -- sh
# echo "$( cat /etc/secret-volume/usr)"
dean
# echo "$( cat /etc/secret-volume/pwd )"
pwd12345