配置容器化应用的方式
- 自定义命令行参数
- 把配置文件直接焙进镜像
- 环境变量
- cloud native的应用程序一般可直接通过环境变量加载配置
- 通过entrypoint脚本来预处理变量
- 存储卷
configMap(配置中心)
pod从configMap中读取配置关联到pod
创建configMap
kubectl create configmap nginx-config --from-literal=nginx_port=80 --from-literal=server_name=myapp.wuxingge.com
查看
kubectl get configmaps
kubectl describe configmaps nginx-config
cat www.conf
server {
server_name myapp.wuxingge.com;
listen 80;
root /data/web/html/;
}
kubectl create configmap nginx-www --from-file=./www.conf
编辑
kubectl edit configmaps nginx-www
pod-configmap.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-1
namespace: default
labels:
app: myapp
tier: frontend
annotations:
wuxingge.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
env:
- name: NGINX_SERVER_PORT
valueFrom:
configMapKeyRef:
name: nginx-config
key: nginx_port
- name: NGINX_SERVER_NAME
valueFrom:
configMapKeyRef:
name: nginx-config
key: server_name
pod-configmap-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-2
namespace: default
labels:
app: myapp
tier: frontend
annotations:
wuxingge.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/config.d/
readOnly: true
volumes:
- name: nginxconf
configMap:
name: nginx-config
pod-configmap-3.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-cm-3
namespace: default
labels:
app: myapp
tier: frontend
annotations:
wuxingge.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
volumeMounts:
- name: nginxconf
mountPath: /etc/nginx/conf.d/
readOnly: true
volumes:
- name: nginxconf
configMap:
name: nginx-www
secret
创建secret
kubectl create secret generic mysql-root-password --from-literal=password=MyP@ss123
查看
kubectl get secrets mysql-root-password -o yaml
apiVersion: v1
data:
password: TXlQQHNzMTIz
kind: Secret
metadata:
creationTimestamp: "2019-11-30T08:26:57Z"
name: mysql-root-password
namespace: default
resourceVersion: "711777"
selfLink: /api/v1/namespaces/default/secrets/mysql-root-password
uid: 2c259780-134b-11ea-a76c-000c29b4d624
type: Opaque
echo TXlQQHNzMTIz |base64 -d
MyP@ss123
pod-secret-1.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-1
namespace: default
labels:
app: myapp
tier: frontend
annotations:
wuxingge.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-root-password
key: password