k8s實踐4:容器應用配置文件管理利器configmap

configmap的配置和使用

1.configmap的簡單理解

提供服務的pod,比如mysql,主要有兩部分重要數據,靜態數據:mysql服務讀取的配置文件,動態數據:存儲數據.

如果pod出問題,刪除pod,假如這些重要數據不單獨備份,將隨着pod的刪除也被刪除.很不方便.

重要數據和pod分離解耦,獨立於pod之外,顯然方便許多.

存儲數據可以用pv pvc實現和pod的分離解耦,後面測試.

配置文件和pod分離解耦,也就是說mysql容器能夠直接讀取並使用預先配置好的配置文件(而不是使用容器中默認自帶的配置文件).這是configMap的主要功能.

kubernetes使用configMap實現對pod中應用配置文件管理.

2.創建configmap

有兩種方式:
1.通過yaml文件創建.
2.執行kubectl create命令,直接命令行創建.

命令行直接創建,見下:

cat mysqld.cnf 
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
no-auto-rehash

[mysqld]
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql

[mysqld_safe]
log-error= /var/log/mysql/mysql_oldboy.err
pid-file = /var/run/mysqld/mysqld.pid

創建configMap,使用mysqld.cnf的數據

kubectl create configmap mysql-config --from-file=mysqld.cnf
configmap/mysql-config created

kubectl describe configmap mysql-config
Name:         mysql-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
mysqld.cnf:
----
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
no-auto-rehash

[mysqld]
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql

[mysqld_safe]
log-error= /var/log/mysql/mysql_oldboy.err
pid-file = /var/run/mysqld/mysqld.pid

Events:  <none>

yaml文件創建configmap,見下:

注意直接寫入文件內容的格式 mysqld.cnf: |

cat mysql-config2.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: mysql-config2
data:
  mysqld.cnf: |
    [client]
    port = 3306
    socket = /var/run/mysqld/mysqld.sock
    [mysql]
    no-auto-rehash

    [mysqld]
    user = mysql
    port = 3306
    socket = /var/run/mysqld/mysqld.sock
    datadir = /var/lib/mysql

    [mysqld_safe]
    log-error= /var/log/mysql/mysql_oldboy.err
    pid-file = /var/run/mysqld/mysqld.pid

kubectl apply -f mysql-config2.yaml 
configmap/mysql-config2 created

kubectl describe configmap mysql-config2
Name:         mysql-config2
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"v1","data":{"mysqld.cnf":"[client]\nport = 3306\nsocket = /var/run/mysqld/mysqld.sock\n[mysql]\nno-auto-rehash\n\n[mysqld]\...

Data
====
mysqld.cnf:
----
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
no-auto-rehash

[mysqld]
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql

[mysqld_safe]
log-error= /var/log/mysql/mysql_oldboy.err
pid-file = /var/run/mysqld/mysqld.pid

Events:  <none>

3.使用configmap

configmap可以和secret一樣當成環境變量使用.

主要使用volume掛載方式.應用配置文件使用volume掛載方式.支持動態更新.

下面用mysql示例,啓用一個mysql容器pod,通過configmap讀取預先配置好的配置文件.

configmap,用上面的mysql-config2.配置參考見下:

cat mysql-test.yaml 
apiVersion: v1
kind: Service
metadata:
  name: mysql-t
spec:
  ports:
  - port: 3306
  selector:
    app: mysql-t
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: mysql-t
spec:
  selector:
    matchLabels:
      app: mysql-t
  template:
    metadata:
      labels:
        app: mysql-t
    spec:
      containers:
      - image: mysql:5.7
        name: mysql-t
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysecret
              key: password
        volumeMounts:
        - name: mysql-t1
          mountPath: /etc/mysql/mysql.conf.d
      volumes:
      - name: mysql-t1
        configMap:
          name: mysql-config2

kubectl apply -f mysql-test.yaml 
service/mysql-t created
deployment.apps/mysql-t created

註釋:
MYSQL_ROOT_PASSWORD使用的是secret篇裏創建的secret.
volumeMounts/mountPath:pod容器裏掛載目錄,這個目錄其實很重要,你要使用個容器的應用,需熟悉這個應用的配置文件存放目錄並且掛載到正確目錄.掛載目錄錯了容器應用無法讀取到配置文件.
volumes:使用的卷name: mysql-t1,注意volumes和volumeMounts的這個名字是相對應的.

kubectl describe pod mysql-t-8fb468bcc-6b4r7 
Name:           mysql-t-8fb468bcc-6b4r7
Namespace:      default
Priority:       0
Node:           k8s-node2/192.168.174.129
Start Time:     Fri, 22 Nov 2019 02:05:40 -0500
Labels:         app=mysql-t
                pod-template-hash=8fb468bcc
Annotations:    <none>
Status:         Running
IP:             172.30.94.5
Controlled By:  ReplicaSet/mysql-t-8fb468bcc
Containers:
  mysql-t:
    Container ID:   docker://d7fff75f23a8cdff5d1aca8807725d1f54f07e1a4c181f25f435614c71bd916c
    Image:          mysql:5.7
    Image ID:       docker-pullable://mysql@sha256:44b33224e3c406bf50b5a2ee4286ed0d7f2c5aec1f7fdb70291f7f7c570284dd
    Port:           3306/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Fri, 22 Nov 2019 02:05:41 -0500
    Ready:          True
    Restart Count:  0
    Environment:
      MYSQL_ROOT_PASSWORD:  <set to the key 'password' in secret 'mysecret'>  Optional: false
    Mounts:
      /etc/mysql/mysql.conf.d from mysql-t1 (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-fwtch (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  mysql-t1:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      mysql-config2
    Optional:  false
  default-token-fwtch:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-fwtch
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age    From                Message
  ----    ------     ----   ----                -------
  Normal  Scheduled  3m29s  default-scheduler   Successfully assigned default/mysql-t-8fb468bcc-6b4r7 to k8s-node2
  Normal  Pulled     3m28s  kubelet, k8s-node2  Container image "mysql:5.7" already present on machine
  Normal  Created    3m28s  kubelet, k8s-node2  Created container mysql-t
  Normal  Started    3m28s  kubelet, k8s-node2  Started container mysql-t

注意mounts部分

Mounts:
      /etc/mysql/mysql.conf.d from mysql-t1 (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-fwtch (ro)

檢索可見,讀取的就是我們配置的configmap.

root@mysql-t-8fb468bcc-6b4r7:/etc/mysql/mysql.conf.d# pwd
/etc/mysql/mysql.conf.d
root@mysql-t-8fb468bcc-6b4r7:/etc/mysql/mysql.conf.d# cat mysqld.cnf 
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
no-auto-rehash

[mysqld]
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql

[mysqld_safe]
log-error= /var/log/mysql/mysql_oldboy.err
pid-file = /var/run/mysqld/mysqld.pid

4.動態更新

測試熱更新

更新mysql-config2
加上以下內容:
log_bin=mysql_bin
binlog-format=Row
server-id=1

使用kubectl edit命令

kubectl edit configmap mysql-config2
configmap "mysql-config2" edited

kubectl describe configmap mysql-config2
Name:         mysql-config2
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"v1","data":{"mysqld.cnf":"[client]\nport = 3306\nsocket = /var/run/mysqld/mysqld.sock\n[mysql]\nno-auto-rehash\n\n[mysqld]\...

Data
====
mysqld.cnf:
----
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
no-auto-rehash

[mysqld]
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
log_bin=mysql_bin
binlog-format=Row
server-id=1

[mysqld_safe]
log-error= /var/log/mysql/mysql_oldboy.err
pid-file = /var/run/mysqld/mysqld.pid

Events:  <none>

實現了熱更新

kubectl exec -it mysql-t-8fb468bcc-9274l bash
root@mysql-t-8fb468bcc-9274l:/# cat /etc/mysql/mysql.conf.d/mysqld.cnf
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
no-auto-rehash

[mysqld]
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
log_bin=mysql_bin
binlog-format=Row
server-id=1

[mysqld_safe]
log-error= /var/log/mysql/mysql_oldboy.err
pid-file = /var/run/mysqld/mysqld.pid