K8s configmap配置管理

K8S ConfigMap介紹:

一、ConfigMap的作用

configmap和secret是兩種特殊的存儲卷,它們不是給pod提供存儲空間用的,而是給管理員或者用戶提供了從外部向pod內部注入信息的方式.

configmap:把配置文件放在配置中心上,然后多個pod讀取配置中心的配置文件,不過,configmap中的配置信息都是明文的,所以不安全;

secret:功能和configmap一樣,只不過配置中心存儲的配置文件不是明文的.configmap和secret也是專屬於某個名稱空間的.

1.Configmap用於保存配置數據，以鍵值對形式存儲。
2.configMap 資源提供了向 Pod 注入配置數據的方法。
3.旨在讓鏡像和配置文件解耦，以便實現鏡像的可移植性和可復用性。

二、創建ConfigMap的方式有4種:

1.通過key-value字符串創建
2.使用文件創建
3.使用目錄創建
4.編寫configmap的yaml文件創建

2.1、通過key-value字符串的方式創建

#創建configmap其中cm1是名字，key1是鍵，config1是值
[root@k8s-master ~]# kubectl create configmap cm1 --from-literal=key1=config1 --from-literal=key2=config2
configmap/cm1 created
[root@k8s-master ~]# kubectl get cm
NAME                 DATA   AGE
cm1            2      5s
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl get cm cm1
NAME        DATA   AGE
cm1   2      13s
[root@k8s-master ~]# kubectl describe cm cm1
Name:         cm1
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
key1:
----
config1
key2:
----
config2
Events:  <none>
[root@k8s-master ~]# 

#cm1配置以yaml文件方式輸出
[root@k8s-master ~]# kubectl get cm cm1 -o yaml
apiVersion: v1
data:
  key1: config1
  key2: config2
kind: ConfigMap
metadata:
  creationTimestamp: "2021-01-02T09:26:34Z"
  name: cm1
  namespace: default
  resourceVersion: "160052"
  selfLink: /api/v1/namespaces/default/configmaps/cm1
  uid: 0ad32521-f0c5-4490-a0e9-34bb0ff59f9c
[root@k8s-master ~]# 

2.2、文件創建是通過--from-file參數來設定,key的名稱是文件名稱，value的值是文件的內容.

[root@k8s-master ~]# kubectl create configmap cm2 --from-file=/etc/resolv.conf
configmap/cm2 created
[root@k8s-master ~]# kubectl get cm cm2
NAME   DATA   AGE
cm2    1      6s
[root@k8s-master ~]# kubectl describe cm cm2
Name:         cm2
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
resolv.conf:
----
# Generated by NetworkManager
nameserver 192.168.10.2

Events:  <none>
[root@k8s-master ~]# 

其中，--from-file可以使用多次，比如：
# kubectl create configmap cm2 --from-file=file1 --from-file=file2

2.3、使用目錄創建configmap,也是通過--from-file參數來設定。

# 目錄中的文件名為key，文件內容是value
# kubectl create configmap cm3 --from-file=/path

2.4、通過編寫configmap的yaml/json文件創建（推薦）

[root@k8s-master ~]# cat cm4.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: cm4
data:
  host_name: "k8s-master"
  host_port: "22"
  host_ip: "192.168.10.10"
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl apply -f cm4.yaml 
configmap/cm4 created
[root@k8s-master ~]# kubectl get cm cm4
NAME   DATA   AGE
cm4    3      12s
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl get cm cm4 -o yaml
apiVersion: v1
data:
  host_ip: 192.168.10.10
  host_name: k8s-master
  host_port: "22"
kind: ConfigMap
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","data":{"host_ip":"192.168.10.10","host_name":"k8s-master","host_port":"22"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"cm4","namespace":"default"}}
  creationTimestamp: "2021-01-02T09:54:22Z"
  name: cm4
  namespace: default
  resourceVersion: "162402"
  selfLink: /api/v1/namespaces/default/configmaps/cm4
  uid: 85e48e8a-e3fb-4821-ade8-658882709277
[root@k8s-master ~]# 

2.5 編寫cm文件的推薦方式：

# cat mongo-configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: mongo-config
  labels:
    app: mongo-config
data:
  mongod.conf: |
    storage:
      dbPath: /data/db
      journal:
        enabled: true
    systemLog:
      destination: file
      logAppend: true
      path: /var/log/mongodb/mongod.log
    net:
      port: 27017
      bindIp: 0.0.0.0
    processManagement:
      timeZoneInfo: /usr/share/zoneinfo

三、如何使用configmap
1.通過環境變量的方式直接傳遞給pod
2.通過在pod的命令行下運行的方式
3.作為volume的方式掛載到pod內

3.1 使用configmap設置環境變量
方式1：通過引用cm4中的變量方式，供pod使用.

# configMap 定義的cm4文件
[root@k8s-master ~]# cat cm4.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: cm4
data:
  host_name: "k8s-master"
  host_port: "22"
  host_ip: "192.168.10.10"

#pod引用cm4中的變量
[root@k8s-master ~]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cm-pod
spec:
  containers:
    - name: busy-pod
      image: busybox
      command: ["/bin/sh","-c","env"]
      env:
        - name: key1 #定義的key值
          valueFrom:
            configMapKeyRef:
              name: cm4      #configmap文件名稱
              key: host_ip  #value的值
        - name: key2
          valueFrom:
            configMapKeyRef:
              name: cm4
              key: host_name
        - name: key3
          valueFrom:
            configMapKeyRef:
              name: cm4
              key: host_port    
  restartPolicy: Never
[root@k8s-master ~]# 

[root@k8s-master ~]# kubectl apply -f pod.yaml 
pod/cm-pod created
[root@k8s-master ~]# kubectl get pod cm-pod
NAME     READY   STATUS      RESTARTS   AGE
cm-pod   0/1     Completed   0          98s

[root@k8s-master ~]# kubectl logs cm-pod
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.1.0.1:443
HOSTNAME=cm-pod
SHLVL=1
key1=192.168.10.10
key2=k8s-master
key3=22
...只列出部分變量
[root@k8s-master ~]# 

方式2：直接導入cm4中的變量

[root@k8s-master ~]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cm4-pod
spec:
  containers:
    - name: busy-pod
      image: busybox
      command: ["/bin/sh","-c","env"]
      envFrom:
        - configMapRef:
            name: cm4 
  restartPolicy: Never
[root@k8s-master ~]# 

[root@k8s-master ~]# kubectl apply -f pod.yaml 
pod/cm4-pod created
[root@k8s-master ~]# kubectl get pod cm4-pod
NAME      READY   STATUS      RESTARTS   AGE
cm4-pod   0/1     Completed   0          27s

[root@k8s-master ~]# kubectl logs cm4-pod
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.1.0.1:443
HOSTNAME=cm4-pod
host_ip=192.168.10.10
host_port=22
HOME=/root
host_name=k8s-master
...
KUBERNETES_SERVICE_HOST=10.1.0.1
[root@k8s-master ~]# 

3.2 使用configmap設置命令行參數,通過在pod的命令行下運行的方式.

[root@k8s-master ~]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
    - name: pod1
      image: busybox
      command: ["/bin/sh","-c","echo $(host_ip) $(host_port) $(host_name)"]  //命令行參數
      envFrom:
        - configMapRef:
            name: cm4
  restartPolicy: Never
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl apply -f pod.yaml 
pod/test-pod created
[root@k8s-master ~]# kubectl get pod 
NAME                                    READY   STATUS                  RESTARTS   AGE
test-pod                                0/1     Completed       0          3s
[root@k8s-master ~]# kubectl logs test-pod
192.168.10.10 22 k8s-master
[root@k8s-master ~]# 

 3.3 將數據卷cm4以volume的方式掛載到pod內.

# configMap中定義的cm4文件
[root@k8s-master ~]# cat cm4.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: cm4
data:
  host_name: "k8s-master"
  host_port: "22"
  host_ip: "192.168.10.10"
[root@k8s-master ~]#

#pod掛載cm4文件
[root@k8s-master ~]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: v-pod
spec:
  containers:
    - name: pod1
      image: busybox:latest
      command:
        - sleep
        - "3600"
      imagePullPolicy: IfNotPresent
      volumeMounts:
      - name: config-volume
        mountPath: /config #掛載到容器的這個目錄中
  volumes:
    - name: config-volume  #定義的卷名，和volumeMounts中的name要一直.
      configMap:
        name: cm4          #掛載的configMap文件名稱
  restartPolicy: Never
[root@k8s-master ~]# 

[root@k8s-master ~]# kubectl apply -f pod.yaml 
pod/v-pod created
[root@k8s-master ~]# kubectl get pod v-pod
NAME    READY   STATUS    RESTARTS   AGE
v-pod   1/1     Running   0          6s
[root@k8s-master ~]# kubectl exec -it v-pod -- sh
/ # cd /config/
/config # ls -ltr
total 0
lrwxrwxrwx    1 root     root            16 Jan  4 14:07 host_port -> ..data/host_port
lrwxrwxrwx    1 root     root            16 Jan  4 14:07 host_name -> ..data/host_name
lrwxrwxrwx    1 root     root            14 Jan  4 14:07 host_ip -> ..data/host_ip

/config # cat host_port 
22
/config # cat host_ip 
192.168.10.10
/config # 

# cm4里面的key是掛載在pod 的/config目錄下的文件名 文件內容value值 如：host_ip: "192.168.10.10"