kubernetes/将值注入configMap的最佳实践 [英] kubernetes / Best practice to inject values to configMap

问题描述

我是kubernetes的新手，我想知道将值注入 ConfigMap .

I'm new at kubernetes, and Im wondering the best way to inject values to ConfigMap.

现在，我定义了Deployment对象，该对象从ConfigMap文件中获取相关值.我希望在生产和暂存环境中使用相同的.yml文件.因此只有configMap中的值会被更改，而文件本身将是相同的.

for now, I defined Deployment object which takes the relevant values from ConfigMap file. I wish to use the same .yml file for my production and staging environments. so only the values in the configMap will be changed, while the file itself will be the same.

在没有使用配置管理工具(例如Ansible，puppet等)的情况下，有没有办法在kubernetes中内置它?

Is there any way to do it built-in in kubernetes, without using configuration management tools (like Ansible, puppet, etc.)?

推荐答案

您可以在答案的末尾找到引用文字的链接.

You can find the links to the quoted text in the end of the answer.

编写应用程序时的一个好习惯是将应用程序代码与配置分开.我们希望使应用程序作者能够轻松地在Kubernetes中采用这种模式.虽然Secrets API允许从应用程序中分离诸如凭据和密钥之类的信息，但过去对于普通的非秘密配置不存在任何对象.在Kubernetes 1.2中，我们添加了一个名为ConfigMap的新API资源来处理这种类型的配置数据.

A good practice when writing applications is to separate application code from configuration. We want to enable application authors to easily employ this pattern within Kubernetes. While the Secrets API allows separating information like credentials and keys from an application, no object existed in the past for ordinary, non-secret configuration. In Kubernetes 1.2, we’ve added a new API resource called ConfigMap to handle this type of configuration data.

此外，Secrets数据将以base64编码形式存储，这也适用于诸如密钥之类的二进制数据，而ConfigMaps数据将以纯文本格式存储，这对于文本文件来说是很好的.

Besides, Secrets data will be stored in a base64 encoded form, which is also suitable for binary data such as keys, whereas ConfigMaps data will be stored in plain text format, which is fine for text files.

ConfigMap API在概念上很简单.从数据的角度来看，ConfigMap类型只是一组键值对.

The ConfigMap API is simple conceptually. From a data perspective, the ConfigMap type is just a set of key-value pairs.

有几种创建配置映射的方法:

There are several ways you can create config maps:

• 在命令行中使用值列表

• Using list of values in the command line

$ kubectl create configmap special-config --from-literal=special.how=very --from-literal=special.type=charm

使用磁盘上的文件作为数据源

Using a file on the disk as a source of data

$ kubectl create configmap game-config-2 --from-file=docs/user-guide/configmap/kubectl/game.properties --from-file=docs/user-guide/configmap/kubectl/ui.properties
$ kubectl create configmap game-config-3 --from-file=game-special-key=docs/user-guide/configmap/kubectl/game.properties

使用包含文件的目录作为数据源

Using directory with files as a source of data

$ kubectl create configmap game-config --from-file=configure-pod-container/configmap/kubectl/

结合所有前面提到的三种方法

Combining all three previously mentioned methods

有几种方法可以在Pods中使用ConfigMap数据

There are several ways to consume a ConfigMap data in Pods

• 使用ConfigMap中的值作为环境变量

• Use values in ConfigMap as environment variables

spec:
  containers:
    - name: test-container
      image: k8s.gcr.io/busybox
      command: [ "/bin/sh", "-c", "echo $(SPECIAL_LEVEL_KEY)" ]
      env:
        - name: SPECIAL_LEVEL_KEY
          valueFrom:
            configMapKeyRef:
              name: special-config
              key: SPECIAL_LEVEL

将ConfigMap中的数据用作卷上的文件

Use data in ConfigMap as files on the volume

spec:
  containers:
    - name: test-container
      image: k8s.gcr.io/busybox
      command: [ "/bin/sh", "-c", "ls /etc/config/" ]
      volumeMounts:
      - name: config-volume
        mountPath: /etc/config
  volumes:
    - name: config-volume
      configMap:
        # ConfigMap containing the files
        name: special-config

在卷中使用的ConfigMap中的仅更改将在运行的pod内可见. Kubelet正在检查每个定期同步中已安装的ConfigMap是否新鲜.但是，它使用其基于本地ttl的缓存来获取ConfigMap的当前值.结果，从更新ConfigMap到将新密钥投射到Pod的时间的总延迟可能与kubelet同步时间+ kubelet中ConfigMap缓存的ttl一样.

Only changes in ConfigMaps that are consumed in a volume will be visible inside the running pod. Kubelet is checking whether the mounted ConfigMap is fresh on every periodic sync. However, it is using its local ttl-based cache for getting the current value of the ConfigMap. As a result, the total delay from the moment when the ConfigMap is updated to the moment when new keys are projected to the pod can be as long as kubelet sync period + ttl of ConfigMaps cache in kubelet.

在规范中包含对不存在的ConfigMap或Secrets的任何引用的Pod将不会启动.

Pod that contains in specification any references to non-existent ConfigMap or Secrets won't start.

考虑阅读官方文档和其他好的文章以获取更多详细信息:

Consider to read official documentation and other good articles for even more details:

• 使用容器进行配置管理
• 配置Pod以使用ConfigMap
• 使用ConfigMap
• Kubernetes ConfigMap和秘密
• 使用以下方法管理Pod配置Kubernetes中的ConfigMap和秘密

• Configuration management with Containers
• Configure a Pod to Use a ConfigMap
• Using ConfigMap
• Kubernetes ConfigMaps and Secrets
• Managing Pod configuration using ConfigMaps and Secrets in Kubernetes

这篇关于kubernetes/将值注入configMap的最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！