介紹下用k8s挂載一些常用的資源
目前版本Kubernetes版本:1.12.2
env
env:
- name: GIT_REPO
value: 'ssh://[email protected]:22/a/b.git' 嵌套env
env:
- name: spring.profiles.active
value: 'product'
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: GOMS_API_HTTP_ADDR
value: 'http://$(MY_POD_IP):9090' configMap
注意一下,修改configmap不會導緻容器裡的挂載的configmap檔案/環境變量發生改變;删除configmap也不會影響到容器内部的環境變量/檔案,但是删除configmap之後,被挂載的pod上面會出現一個warnning的事件
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedMount 64s (x13 over 11m) kubelet, cn-shenzhen.i-wz9498k1n1l7sx8bkc50 MountVolume.SetUp failed for volume "nginx" : configmaps "nginx" not found 寫的很清楚了,這裡恬不知恥得copy一下
注意,configmap有1M的限制,一般用來挂載小型配置,大量配置建議上配置中心
挂載單一項
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ "/bin/sh", "-c", "env" ]
env:
# Define the environment variable
- name: SPECIAL_LEVEL_KEY
valueFrom:
configMapKeyRef:
# The ConfigMap containing the value you want to assign to SPECIAL_LEVEL_KEY
name: special-config
# Specify the key associated with the value
key: special.how
restartPolicy: Never 表示挂載
special-config
這個configmap的
special.how
項
挂載整個configmap
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ "/bin/sh", "-c", "env" ]
envFrom:
- configMapRef:
name: special-config
restartPolicy: Never 參考:
fieldRef
可以挂載pod的一些屬性
env:
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.
resourceFieldRef
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
英文介紹得很明白,用來挂載目前yaml裡面container的資源(CPU/記憶體)限制,用得比較少啦其實.此外還可以結合
downloadAPI
注意
containerName
不能配錯,不然pod狀态會變成
CreateContainerConfigError
env:
- name: a
valueFrom:
resourceFieldRef:
containerName: nginx-test2
resource: limits.cpu secretKeyRef
Selects a key of a secret in the pod's namespace
env:
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password - Kubernetes中Secret使用詳解
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.12/#envvarsource-v1-core
目錄/檔案類挂載
k8s可以挂載的資源實在是太多,這裡挑一些比較有代表性的來講一下
這一類資源一般要先在spec層級定義
volumes
,然後在
containers
定義
volumeMounts
,有種先聲明,再使用的意思
hostPath(主控端目錄/檔案)
- 既有目錄/檔案用
Directory
File
+nodeSelector
但是用了
nodeSelector
- 應用啟用時讀寫空檔案用
DirectoryOrCreate
FileOrCreate
以下示範第一種方案
#給節點打上标簽(這裡省略)
kubectl get node --show-labels
apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
app: nginx-test2
name: nginx-test2
namespace: test
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: nginx-test2
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: nginx-test2
spec:
containers:
- image: 'nginx:1.15.4-alpine'
imagePullPolicy: Always
name: nginx-test2
resources: {}
terminationMessagePolicy: File
volumeMounts:
- name: host1
mountPath: /etc/nginx/sites-enabled
- name: host2
mountPath: /etc/nginx/sites-enabled2/a.com.conf
nodeSelector:
kubernetes.io/hostname: cn-shenzhen.i-wz9aabuytimkomdmjabq
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: host1
hostPath:
path: /root/site
type: Directory
- name: host2
hostPath:
path: /root/site/a.com.conf
type: File 單項挂載(第1種)
這種挂載會熱更新,更改後大約10秒後能看到變化
volumeMounts:
- name: config-vol
mountPath: /etc/config
volumes:
- name: config-vol
configMap:
name: log-config
items:
- key: log_level
path: log_level 單項挂載(第2種)
這種挂載方式不會熱更新
volumeMounts:
- name: nginx
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx
configMap:
name: amiba-nginx 完全挂載
volumeMounts:
- name: config-vol
mountPath: /etc/config
volumes:
- name: config-vol
configMap:
name: log-config secret
單項挂載
volumes:
- name: secrets
secret:
secretName: mysecret
items:
- key: password
mode: 511
path: tst/psd
- key: username
mode: 511
path: tst/usr 這裡用了特定權限去挂載檔案,預設好像是777
volumeMounts:
- name: sshkey
mountPath: /root/.ssh
volumes:
- name: sshkey
secret:
secretName: pull-gitea
defaultMode: 0400 kubectl create secret generic pull-gitea \
--from-file=id_rsa=/Volumes/D/temp/id_rsa \
--from-file=id_rsa.pub=/Volumes/D/temp/id_rsa.pub \
--from-file=known_hosts=/Volumes/D/temp/known_hosts \ 比如這個模式建立出來的secret,容器裡面/root/.ssh目錄就會有
id_rsa
,
id_rsa.pub
known_hosts
3個檔案
downwardAPI
參考連結:
原文:
Kubernetes挂載常用資源![niginx的location的location詳細規則和優先級關系以及測試案例2.1比對文法2.2優先級判斷2.3練習3.1處理邏輯如何執行3.2功能測試3.3流程解析[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)