一、介绍

ConfigMap是一种API对象,用来将非加密数据保存到键值对中。可以用作环境变量、命令行参数或者存储卷中的配置文件。 ConfigMap可以将环境变量配置信息和容器镜像解耦,便于应用配置的修改。如果需要存储加密信息时可以使用Secret对象。 configmap的主要作用 就是为了让镜像 和 配置文件解耦,以便实现镜像的可移植性和可复用性,因为一个configMap其实就是一系列配置信息的集合,将来可直接注入到Pod中的容器使用,而注入方式有两种,一种将configMap做为存储卷,一种是将configMap通过env中configMapKeyRef注入到容器中; configMap是KeyValve形式来保存数据的,如: name=zhangsan 或 nginx.conf="http{server{...}}" 对于configMap的Value的长度是没有限制的,所以它可以是一整个配置文件的信息。 configMap: 它是K8s中的标准组件,它通过两种方式实现给Pod传递配置参数:   A. 将环境变量直接定义在configMap中,当Pod启动时,通过env来引用configMap中定义的环境变量。   B. 将一个完整配置文件封装到configMap中,然后通过共享卷的方式挂载到Pod中,实现给应用传参。 secret: 它时一种相对安全的configMap,因为它将configMap通过base64做了编码, 让数据不是明文直接存储在configMap中,起到了一定的保护作用,但对Base64进行反编码,对专业人士来说,没有任何难度,因此它只是相对安全。

二、ConfigMap创建

1.通过命令行创建configmap

可以使用 kubectl create configmap 从文件、目录或者 key-value 字符串创建等创建 ConfigMap

1.1、通过文件创建configmap

[root@k8s-master configmap]# echo hello > 1.text
[root@k8s-master configmap]# echo word > 2.text
[root@k8s-master configmap]# kubectl create configmap my-config --from-file=key1=1.text  --from-file=key2=2.text
configmap/my-config created
[root@k8s-master configmap]# kubectl get configmap
NAME               DATA   AGE
kube-root-ca.crt   1      55d
my-config          2      23s
[root@k8s-master configmap]# kubectl describe configmap/my-config
Name:         my-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
key1:
----
hello

key2:
----
word


BinaryData
====

Events:  <none>

K8S(六)ConfigMap的使用#yyds干货盘点#

看到该configmap中有两个键值对,key1:hello 和 key2:world

1.2、通过文件夹创建

[root@k8s-master configmap]# mkdir config
[root@k8s-master configmap]# echo hello > config/test1
[root@k8s-master configmap]# echo world > config/test2
[root@k8s-master configmap]# kubectl create configmap dir-config --from-file=config/
configmap/dir-config created
[root@k8s-master configmap]# kubectl get configmap
NAME               DATA   AGE
dir-config         2      8s
kube-root-ca.crt   1      55d
my-config          2      6m49s
[root@k8s-master configmap]# kubectl describe configmap/dir-config
Name:         dir-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
test2:
----
world

test1:
----
hello


BinaryData
====

Events:  <none>

看到该configmap资源中有两个键值对,test1:hello和test2:world,key为文件名,value为文件内容

1.3、通过键值对创建configmap

[root@k8s-master configmap]# kubectl create configmap literal-config --from-literal=key1=hello --from-literal=key2=world
configmap/literal-config created
[root@k8s-master configmap]# kubectl get configmap
NAME               DATA   AGE
dir-config         2      17m
kube-root-ca.crt   1      55d
literal-config     2      26s
my-config          2      24m
[root@k8s-master configmap]# kubectl describe configmap/literal-config
Name:         literal-config
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
key1:
----
hello
key2:
----
world

BinaryData
====

Events:  <none>

2、通过yaml进行创建

[root@k8s-master configmap]# cat config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: myconfig
data:
  key1: hello
  key2: world
[root@k8s-master configmap]# kubectl apply -f config.yaml
configmap/myconfig created
[root@k8s-master configmap]# kubectl describe configmap/myconfig
Name:         myconfig
Namespace:    default
Labels:       <none>
Annotations:  <none>

Data
====
key1:
----
hello
key2:
----
world

BinaryData
====

Events:  <none>

三、ConfigMap的使用

Pod的使用方式:

  1. 将ConfigMap中的数据设置为容器的环境变量
  2. 将ConfigMap中的数据设置为命令行参数
  3. 使用Volume将ConfigMap作为文件或目录挂载
  4. 编写代码在 Pod 中运行,使用 Kubernetes API 来读取 ConfigMap

1.设置为容器的环境变量

[root@k8s-master configmap]# cat test-pod-configmap1.yml
apiVersion: v1
kind: Pod
metadata:
 name: test-pod-configmap
spec:
 containers:
  - name: test-busybox
    image: busybox
    imagePullPolicy: IfNotPresent
    args:
    - sleep
    - "86400"
    env:
    - name: KEY1
      valueFrom:
       configMapKeyRef:
        name: my-config
        key: key1
    - name: KEY2
      valueFrom:
       configMapKeyRef:
        name: my-config
        key: key2
[root@k8s-master configmap]# kubectl apply -f test-pod-configmap1.yml
pod/test-pod-configmap created
[root@k8s-master configmap]# kubectl get pod
NAME                       READY   STATUS             RESTARTS          AGE
nfs-pvc-587bdcb574-2ql7m   0/1     Pending            0                 5d19h
nfs-pvc-587bdcb574-5gq5n   0/1     Pending            0                 5d19h
nfs-pvc-587bdcb574-892jj   0/1     Pending            0                 5d19h
secret-pod3                1/1     Running            0                 44h
secret1-pod                0/1     CrashLoopBackOff   526 (86s ago)     45h
secret2-pod                0/1     CrashLoopBackOff   523 (2m58s ago)   44h
test-pod-configmap         1/1     Running            0                 4s

[root@k8s-master configmap]# kubectl exec  -it pod/test-pod-configmap /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ # printenv
KEY1=hello

KEY2=word

环境变量里有KEY1=hello,KEY2=world

2. 设置为命令行参数

[root@k8s-master configmap]# cat test-pod-configmap-cmd.yml
apiVersion: v1
kind: Pod
metadata:
 name: test-pod-configmap-cmd
spec:
 containers:
  - name: test-busybox
    image: busybox
    imagePullPolicy: IfNotPresent
    command: [ "/bin/sh","-c","echo $KEY1 $KEY2"]
    env:
    - name: KEY1
      valueFrom:
       configMapKeyRef:
        name: my-config
        key: key1
    - name: KEY2
      valueFrom:
       configMapKeyRef:
        name: my-config
        key: key2
 restartPolicy: Never
[root@k8s-master configmap]# kubectl apply -f test-pod-configmap-cmd.yml
pod/test-pod-configmap-cmd created
[root@k8s-master configmap]# kubectl get pod
NAME                       READY   STATUS      RESTARTS   AGE
nfs-pvc-587bdcb574-8zm2m   0/1     Pending     0          11s
nfs-pvc-587bdcb574-bqcq8   0/1     Pending     0          11s
nfs-pvc-587bdcb574-ft2f9   0/1     Pending     0          11s
test-pod-configmap-cmd     0/1     Completed   0          8s
[root@k8s-master configmap]# kubectl logs pod/test-pod-configmap-cmd
hello word

3.将configmap挂载到容器中

[root@k8s-master configmap]# cat test-pod-configmap-volume.yaml
apiVersion: v1
kind: Pod
metadata:
 name: test-pod-projected-configmap-volume
spec:
 containers:
 - name: test-pod-busybox
   image: busybox
   imagePullPolicy: IfNotPresent
   args:
   - sleep
   - "86400"
   volumeMounts:
   - name: config-volume
     mountPath: "/projected-volume"
     readOnly: true
 volumes:
 - name: config-volume
   projected:
    sources:
    - configMap:
       name: my-config
[root@k8s-master configmap]# kubectl apply -f test-pod-configmap-volume.yaml
pod/test-pod-projected-configmap-volume created
[root@k8s-master configmap]# kubectl get pod
NAME                                  READY   STATUS      RESTARTS   AGE
nfs-pvc-587bdcb574-8zm2m              0/1     Pending     0          6m17s
nfs-pvc-587bdcb574-bqcq8              0/1     Pending     0          6m17s
nfs-pvc-587bdcb574-ft2f9              0/1     Pending     0          6m17s
test-pod-configmap-cmd                0/1     Completed   0          6m14s
test-pod-projected-configmap-volume   1/1     Running     0          4s
####进入容器查看下
[root@k8s-master configmap]# kubectl exec -it test-pod-projected-configmap-volume -- /bin/sh
/ # ls
bin               etc               proc              root              tmp               var
dev               home              projected-volume  sys               usr
/ # cd projected-volume/
/projected-volume # ll
/bin/sh: ll: not found
/projected-volume # ls
key1  key2
/projected-volume # cat key2
word
/projected-volume # cat key1
hello

通过Volume挂载到容器内部时,当该configmap的值发生变化时,容器内部具备自动更新的能力,但是通过环境变量设置到容器内部该值不具备自动更新的能力。

注意: 段落引用ConfigMap必须在Pod使用它之前创建 段落引用使用envFrom时,将会自动忽略无效的键 段落引用Pod只能使用同一个命名空间的ConfigMap