文件中的Openshift或Kubernate环境变量 [英] Openshift or Kubernate environment variables from file
问题描述
我想知道是否有定义kubernate或openshift模板以从其中一个卷中的文件加载环境变量的方法.
I want to know if there is anyway to define the kubernate or openshift template to load environment variables from a file in one of the volumes.
我要实现的目标是:
- 在initContainer上生成一个值
- 在文件上写入值
- 在启动主容器时将值作为环境变量加载
如果有人知道允许主容器读取从initContainer生成的环境变量的替代方法,它也将解决我的问题
If anyone knows an alternative to allow the main container to read a environment variable generated from the initContainer it will solve my problem too
谢谢
推荐答案
我可以看到2种方法来达到您的需求:
I can see 2 ways to reach what you need:
1-使用configMap:您需要授予initContainer运行kubectl的权限,以创建具有所需值的configmap或secret并使主容器读取configmap和配置为环境变量.
1 - Use configMap: You need to give permissions to your initContainer runs kubectl to create a configmap or secret with the desired value and make your main container read the configmap and configure as environment variable.
2-使用persistentVolume::在initContainer中写入文件,然后它们将相同的卷装载到pod上,读取文件并根据需要使用.
2 - Use persistentVolume: In the initContainer to write the file, and them mount the same volume on the pod, read the file and use as you want.
first 方法比优雅 IMO多得多,因为您可以配置权限级别并隔离configMap对象以使用角色权限.
The first method is much more elegant IMO because you can configure the permission level and isolate the configMap object for using the Role permissions.
与第二个方法相比,第二个方法更容易并且所需的步骤更少.但是取决于明智的存储类型.数据,我建议转到第二种方法.
The second method is easier and requires less steps than the second, but it depends what kind of data you need to store, if it is a sensible data, I would recommend go to second method.
这种方法包括使用所需变量创建kubernetes configMap,并使用此configMap中的值在主容器中配置环境变量.
This way consists in create a kubernetes configMap with the variable you wish and use the value from this configMap to configure a environment variable in main container.
这需要一些额外的步骤:
It requires some extra steps:
- 创建一个serviceAccount
- 创建一个角色,以允许configmap中的serviceAccount perfom操作
- 创建一个RoleBinding将serviceAccount与Role连接起来
在这种情况下,initContainer将负责创建/更新configmap,并且您的主容器将读取此configmap并将值配置为env vars.
In this case the initContainer will be the responsible to create/update the configmap, and your main container will read this configmap and configure the values as env vars.
注意:在此示例中,我使用了 myns 名称空间中的所有资源. 您应该进行适当的更改以使其最适合您的环境,例如:Role/ClusterRole权限,您可以使用
resourceNames使ir更具限制性.看到这里
NOTE: In this examples I'm using all resource in myns namespace. You should make the proper changes to best fit in you environment such as: Role/ClusterRole permissions, you could make ir more restrictive using
resourceNames. See here
envFrom:这将负责从Kubernetes读取configMap并设置环境变量.更多信息此处.
envFrom: This will be the responsible to read the configMap from Kubernetes and set you environment variable. More information here.
以下规范将创建 serviceAccount , Role和RoleBinding :
The following spec will create the serviceAccount, Role and RoleBinding:
使用以下内容创建名为rbac-sa-myuser.yaml的文件
Create a file named rbac-sa-myuser.yaml with the following content
apiVersion: v1
kind: ServiceAccount
metadata:
name: sa-myuser
namespace: myns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: myns
name: role-configmap
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "update", "get", "patch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rolebinding-configmap
namespace: myns
roleRef:
kind: Role
name: role-configmap
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: sa-myuser
namespace: myns
应用于kubectl apply -f rbac-sa-myuser.yaml
现在,您需要在部署模板中进行适当的更改,并添加其他参数:
Now, you need to make the proper changes in you deployment template, adding the extra parameters:
serviceAccountName:
spec:
serviceAccountName: sa-myuser
env发件人:
envFrom:
- configMapRef:
name: my-var
initContainer:这只是一个initContainer运行示例以创建configMap的示例,您需要针对您的用例进行调整:
initContainer: Here is just an example of a initContainer running a command to create the configMap, you need to adjust for your use case:
initContainers:
- name: my-init
image: bitnami/kubectl
command: ['sh', '-c', 'kubectl delete cm my-var ; kubectl create cm my-var --from-literal MYVAR=UPVOTEIT']
最后,您的部署规范必须类似于以下内容:
In the end, your deployment spec must looks likes the following:
apiVersion: apps/v1
kind: Deployment
metadata:
name: var-example
namespace: myns
spec:
selector:
matchLabels:
app: var-example
template:
metadata:
labels:
app: var-example
spec:
serviceAccountName: sa-myuser
containers:
- name: var-example
image: nginx
envFrom:
- configMapRef:
name: my-var
ports:
- name: http
containerPort: 80
initContainers:
- name: my-init
image: bitnami/kubectl
command: ['sh', '-c', 'kubectl delete cm my-var ; kubectl create cm my-var --from-literal MYVAR=UPVOTEIT']
方法2:persistentVolume
您将需要创建一个persistentVolume并安装在两个吊舱中,例如,我将使用此处各种列表.
以下yaml将在您的节点上创建2Gi持久性卷和1Gi的持久性卷声明.
The follow yaml will create a 2Gi persistentVolume and a persistentVolumeClaim of 1Gi on your node.
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
然后只需创建将卷装载到initContainer和主Pod中的部署,例如:
Then just create your deployment mounting the volume in the initContainer and the main pod, example:
apiVersion: apps/v1
kind: Deployment
metadata:
name: var-example
spec:
selector:
matchLabels:
app: var-example
template:
metadata:
labels:
app: var-example
spec:
volumes:
- name: pv-storage
persistentVolumeClaim:
claimName: pv-claim
containers:
- name: var-example
image: nginx
ports:
- name: http
containerPort: 80
volumeMounts:
- mountPath: "/mnt/data"
name: pv-storage
command: ["sh", "-c", "echo MYVAR=$(cat /mnt/data/myfile.txt) >> /etc/environment ; sleep 3600"]
initContainers:
- name: my-init
image: busybox:1.28
volumeMounts:
- mountPath: "/mnt/data"
name: pv-storage
command: ['sh', '-c', 'echo "UPVOTE_IT" > /mnt/data/myfile.txt']
这篇关于文件中的Openshift或Kubernate环境变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
