《kubernetes-1.8.0》18-examples-configmap

《kubernetes 1.8.0 测试环境安装部署》

时间：2017-12-13

一、基础知识：

关于configmap:

ConfigMap可以从镜像中分离配置文件用于保存配置数据的键值对，可以用来保存单个属性，也可以用来保存配置文件。ConfigMap跟secret很类似，但它可以更方便地处理不包含敏感信息的字符串。

就我目前的理解，通过创建ConfigMap可以在pod中通过设置环境变量、命令行参数或者直接以配置文件形式挂载的方式实现配置信息的动态加载：

二、configmap的创建：

从目录创建configmaps

创建测试用的目录及文件：

$ mkdir ~/configmap-demo$ cd ~/configmap-demo$ cat > game.properties << EOF enemies=alienslives=3enemies.cheat=trueenemies.cheat.level=noGoodRottensecret.code.passphrase=UUDDLRLRBABASsecret.code.allowed=truesecret.code.lives=30EOF$ cat > ui.properties << EOF color.good=purplecolor.bad=yellowallow.textmode=truehow.nice.to.look=fairlyNiceEOF$ ll ~/configmap-demototal 8-rw-r--r-- 1 kube kube 166 Dec 13 11:25 game.properties-rw-r--r-- 1 kube kube  83 Dec 13 11:30 ui.properties

用kubectl create configmap命令创建configmap，同时加载目录下的多个文件：

# kubectl create configmap game-config --from-file=/root/configmap-democonfigmap "game-config" created

• 该命令创建configmap，名字为game-config，加载来源为/root/configmap-demo 目录；
• 改目录下有多个文件，加载之configmap中时，文件名作为key，文件内容为value

查看:

[root@node-131 configmap-demo]# kubectl describe configmaps game-configName:         game-configNamespace:    defaultLabels:       <none>Annotations:  <none>Data====game.properties:----enemies=aliens  lives=3 enemies.cheat=true enemies.cheat.level=noGoodRotten secret.code.passphrase=UUDDLRLRBABAS secret.code.allowed=true secret.code.lives=30 ui.properties:----color.good=purplecolor.bad=yellowallow.textmode=truehow.nice.to.look=fairlyNiceEvents:  <none>[root@node-131 configmap-demo]# kubectl get configmaps game-config -o yaml                           apiVersion: v1data:  game.properties: |    enemies=aliens    lives=3    enemies.cheat=true    enemies.cheat.level=noGoodRotten    secret.code.passphrase=UUDDLRLRBABAS    secret.code.allowed=true    secret.code.lives=30  ui.properties: |    color.good=purple    color.bad=yellow    allow.textmode=true    how.nice.to.look=fairlyNicekind: ConfigMapmetadata:  creationTimestamp: 2017-12-13T03:47:28Z  name: game-config  namespace: default  resourceVersion: "2983336"  selfLink: /api/v1/namespaces/default/configmaps/game-config  uid: 57072343-dfb8-11e7-8e94-005056bc80ed

从文件创建configmaps

[root@node-131 ~]# kubectl create configmap game-config-2 --from-file=/root/configmap-demo/game.properties configmap "game-config-2" created

• 可以跟多个--from-file引入不同的数据源；

查看：

[root@node-131 ~]# kubectl describe configmap game-config-2 Name:         game-config-2Namespace:    defaultLabels:       <none>Annotations:  <none>Data====game.properties:----enemies=alienslives=3enemies.cheat=trueenemies.cheat.level=noGoodRottensecret.code.passphrase=UUDDLRLRBABASsecret.code.allowed=truesecret.code.lives=30Events:  <none>

从文件创建configmaps时定义keyname

kubectl create configmap game-config-3 --from-file=<my-key-name>=<path-to-file>

[root@node-131 ~]# kubectl create configmap game-config-3 --from-file=game-special-key=/root/configmap-demo/game.properties configmap "game-config-3" created

[root@node-131 ~]# kubectl get configmap game-config-3 -o yamlapiVersion: v1data:  game-special-key: |    enemies=aliens    lives=3    enemies.cheat=true    enemies.cheat.level=noGoodRotten    secret.code.passphrase=UUDDLRLRBABAS    secret.code.allowed=true    secret.code.lives=30kind: ConfigMapmetadata:  creationTimestamp: 2017-12-13T06:22:29Z  name: game-config-3  namespace: default  resourceVersion: "3005152"  selfLink: /api/v1/namespaces/default/configmaps/game-config-3  uid: fea21a25-dfcd-11e7-8e94-005056bc80ed

指定key/value创建configmaps

[root@node-131 ~]# kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charmconfigmap "special-config" created[root@node-131 ~]# kubectl get configmaps special-config -o yamlapiVersion: v1data:  special.how: very  special.type: charmkind: ConfigMapmetadata:  creationTimestamp: 2017-12-13T07:20:03Z  name: special-config  namespace: default  resourceVersion: "3013536"  selfLink: /api/v1/namespaces/default/configmaps/special-config  uid: 09e1c368-dfd6-11e7-8e94-005056bc80ed

三、在pod中应用configmap：

用configmap定义pod中的环境变量：

1、用configmap定义一个类似key-value的环境变量：

$ kubectl create configmap special-config --from-literal=special.how=very 

创建静态pod，指定环境变量并引用configmap：

dapi-test-pod.yaml

apiVersion: v1kind: Podmetadata:  name: dapi-test-podspec:  containers:    - name: test-container      image: gcr.mirrors.ustc.edu.cn/google_containers/busybox      command: [ "/bin/sh", "-c", "env" ]      env:        # Define the environment variable        - name: SPECIAL_LEVEL_KEY          valueFrom:            configMapKeyRef:              # The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY              name: special-config              # Specify the key associated with the value              key: special.how  restartPolicy: Never

创建：

kubectl create -f dapi-test-pod.yaml 

• 创建成功后pod状态应该是Completed 而非running，因为没有前台运行的进程：

观察logs：

[root@node-132 ~]# kubectl logs dapi-test-pod | grep SPECIAL_LEVEL_KEYSPECIAL_LEVEL_KEY=very

• 看到SPECIAL_LEVEL_KEY环境变量成功创建并赋值very：

用多个configmap定义pod中的环境变量：

dapi-test-pod-2.yaml

[root@node-131 configmap-demo]# vi dapi-test-pod-2.yaml                apiVersion: v1kind: ConfigMapmetadata:  name: special-config-1  namespace: defaultdata:  special.how: very---apiVersion: v1kind: ConfigMapmetadata:  name: env-config  namespace: defaultdata:  log_level: INFO---apiVersion: v1kind: Podmetadata:  name: dapi-test-pod-2spec:  containers:    - name: test-container      image: yecc/gcr.io-google_containers-busybox      command: [ "/bin/sh", "-c", "env" ]      env:        - name: SPECIAL_LEVEL_KEY          valueFrom:            configMapKeyRef:              name: special-config-1              key: special.how        - name: LOG_LEVEL          valueFrom:            configMapKeyRef:              name: env-config              key: log_level  restartPolicy: Never

• 创建两个configmap：special-config-1 、 env-config
• special-config-1：special.how: very
• env-config：log_level: INFO

查看:

[root@node-132 ~]# kubectl logs dapi-test-pod-2 | grep SPECIAL_LEVEL_KEYSPECIAL_LEVEL_KEY=very[root@node-132 ~]# kubectl logs dapi-test-pod-2 | grep LOG_LEVEL        LOG_LEVEL=INFO

用一个configmap定义pod所需所有环境变量：

dapi-test-pod-3.yaml

apiVersion: v1kind: ConfigMapmetadata:  name: special-config-2  namespace: defaultdata:  SPECIAL_LEVEL: very  SPECIAL_TYPE: charm---apiVersion: v1kind: Podmetadata:  name: dapi-test-pod-3spec:  containers:    - name: test-container      image: yecc/gcr.io-google_containers-busybox      command: [ "/bin/sh", "-c", "env" ]      envFrom:      - configMapRef:          name: special-config-2  restartPolicy: Never

• envFrom:一次引入对应configmap中的所有data部分（需要kubernetes 1.6以上才能支持）

查看：

[root@node-132 ~]# kubectl logs dapi-test-pod-3 | grep SPECIAL_TYPESPECIAL_TYPE=charm[root@node-132 ~]# kubectl logs dapi-test-pod-3 | grep SPECIAL_LEVELSPECIAL_LEVEL=very

用一个configmap定义pod 命令行中的环境变量：

dapi-test-pod-4.yaml

apiVersion: v1kind: Podmetadata:  name: dapi-test-pod-4spec:  containers:    - name: test-container      image: yecc/gcr.io-google_containers-busybox      command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY) $(SPECIAL_TYPE_KEY)" ]      env:        - name: SPECIAL_LEVEL_KEY          valueFrom:            configMapKeyRef:              name: special-config-2              key: SPECIAL_LEVEL        - name: SPECIAL_TYPE_KEY          valueFrom:            configMapKeyRef:              name: special-config-2              key: SPECIAL_TYPE  restartPolicy: Never

查看：

[root@node-132 ~]# kubectl logs dapi-test-pod-4very charm

用volume的方式使用configmap：

dapi-test-pod-5.yaml

apiVersion: v1kind: Podmetadata:  name: dapi-test-pod-5spec:  containers:    - name: test-container      image: yecc/gcr.io-google_containers-busybox      command: [ "/bin/sh", "-c", "ls /etc/config/" ]      volumeMounts:      - name: config-volume        mountPath: /etc/config  volumes:    - name: config-volume      configMap:        # Provide the name of the ConfigMap containing the files you want        # to add to the container        name: special-config-2  restartPolicy: Never

• 通过volume方式挂载configmap时，configmap的data部分key会成为文件名，value成为文件内容
• command通过ls /etc/config查看挂载目录，后续的验证过程应该会看到两个key对应的两个文件名

查看：

[root@node-132 ~]# kubectl logs dapi-test-pod-5SPECIAL_LEVELSPECIAL_TYPE

将configmap中的某个key挂载至挂载点的某个path：

dapi-test-pod-6.yaml

apiVersion: v1kind: Podmetadata:  name: dapi-test-pod-6spec:  containers:    - name: test-container      image: yecc/gcr.io-google_containers-busybox      command: [ "/bin/sh","-c","cat /etc/config/keys" ]      volumeMounts:      - name: config-volume        mountPath: /etc/config  volumes:    - name: config-volume      configMap:        name: special-config-2        items:        - key: SPECIAL_LEVEL          path: keys  restartPolicy: Never

• spec.volumes.configMap.items： key 为configmap的data中对应的key名称，path为mountPath后的挂载点。即，将SPECIAL_LEVEL的内容挂载至/etc/config/目录下文件名为keys，内容为SPECIAL_LEVEL对应的value；
• command: 为cat /etc/config/keys，按照预期应该会看到SPECIAL_LEVEL对应value;

查看：

[root@node-132 ~]# kubectl logs dapi-test-pod-6very

configmap自动升级特性：

Mounted ConfigMaps are updated automatically
When a ConfigMap already being consumed in a volume is updated, projected keys are eventually updated as well. Kubelet is checking whether the mounted ConfigMap is fresh on every periodic sync. However, it is using its local ttl-based cache for getting the current value of the ConfigMap. As a result, the total delay from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod can be as long as kubelet sync period + ttl of ConfigMaps cache in kubelet.

已经被挂载的configmap能够自动被升级

当一个已经被挂载configmap更新（比如edit）安装的keys将立即自动被更新。kubelet将实时检查configmap的刷新并保持同步….

但是，他使用本地基于ttl-based缓存用来获取configmap的当前值。所以从configmap更新到到key被部署到pod的时间总长等同于 kubelet 同步时间加上configmaps缓存在kubelet的ttl时间；

清除

for i in `seq 1 6` ; do kubectl delete pod dapi-test-pod-$i; done   for i in `kubectl get configmap | grep game-config | awk '{print $1}'` ; do kubectl delete configmap $i ; donefor i in `kubectl get configmap | grep special-config | awk '{print $1}'` ; do kubectl delete configmap $i ; done 

本系列其他内容：

• 01-环境准备

• 02-etcd群集搭建

• 03-kubectl管理工具

• 04-master搭建

• 05-node节点搭建

• 06-addon-calico

• 07-addon-kubedns

• 08-addon-dashboard

• 09-addon-kube-prometheus

• 10-addon-EFK

• 11-addon-Harbor

• 12-addon-ingress-nginx

• 13-addon-traefik

参考资料：

https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/