提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
@关于kubernetes env资源注入
前言
关于kubernetes env引用变量方式有configMap,DownwardAPi,Resources,Secret…
一、基于ConfigMap注入
vim redis-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-conf
data:
passwd: hello
host: 192.168.10.10
创建Pod 引用上面redis-configmap中的key
vim configMap-envarg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-configmap
spec:
containers:
- image: nginx
name: nginx-env
env:
- name: PASSWD
valueFrom:
configMapKeyRef:
name: redis-conf #关联redis的config名称
key: passwd #取值redis的key
- name: HOST
valueFrom:
configMapKeyRef:
name: redis-conf
key: host
查看引用结果
[root@k8s-master1 env]# kubectl get pod,configMap
NAME READY STATUS RESTARTS AGE
pod/jenkins-7865bf69f-48dqx 1/1 Running 2 22h
pod/nginx-configmap 1/1 Running 0 50s
NAME DATA AGE
configmap/kube-root-ca.crt 1 28d
configmap/my-config 2 14d
configmap/redis-conf 2 14d
[root@k8s-master1 env]# kubectl exec -it nginx-configmap -- /bin/bash
root@nginx-configmap:/# env | grep -E '^HOST=|PASSWD'
PASSWD=hello
HOST=192.168.10.10
root@nginx-configmap:/#
二、基于DownwardAPi注入
[root@k8s-master1 env]# vim dapi-envarg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-envars-fieldref
spec:
containers:
- name: test-container
image: busybox
command: [ "sh", "-c"]
args:
- while true; do
echo -en '\n';
printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE;
printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT;
sleep 10;
done;
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
restartPolicy: Never
查看引用对应结果
[root@k8s-master1 env]# kubectl get pod
NAME READY STATUS RESTARTS AGE
dapi-envars-fieldref 1/1 Running 0 24s
jenkins-7865bf69f-48dqx 1/1 Running 2 22h
nginx-configmap 1/1 Running 0 15m
[root@k8s-master1 env]# kubectl logs -f dapi-envars-fieldref
k8s-node1
dapi-envars-fieldref
default
10.244.0.65
default
k8s-node1
dapi-envars-fieldref
default
10.244.0.65
default
三、基于Resources注入
[root@k8s-master1 env]# vim depa-envarg-container.yaml
apiVersion: v1
kind: Pod
metadata:
name: dapi-envars-resourcefieldref
spec:
containers:
- name: test-container
image: busybox:1.24
command: [ "sh", "-c"]
args:
- while true; do
echo -en '\n';
printenv MY_CPU_REQUEST MY_CPU_LIMIT;
printenv MY_MEM_REQUEST MY_MEM_LIMIT;
sleep 10;
done;
resources:
requests:
memory: "32Mi"
cpu: "125m"
limits:
memory: "64Mi"
cpu: "250m"
env:
- name: MY_CPU_REQUEST
valueFrom:
resourceFieldRef:
containerName: test-container
resource: requests.cpu
- name: MY_CPU_LIMIT
valueFrom:
resourceFieldRef:
containerName: test-container
resource: limits.cpu
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
containerName: test-container
resource: requests.memory
- name: MY_MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: test-container
resource: limits.memory
restartPolicy: Never
验证其结果
[root@k8s-master1 env]# kubectl logs -f dapi-envars-resourcefieldref
1
1
33554432
67108864
1
1
33554432
67108864
1
1
33554432
67108864
1
1
33554432
67108864
四、基于Secret注入
[root@k8s-master1 env]# vim pod-secret.yaml
apiVersion: v1
data:
password: MTIzNDU2 # 通过base64加密 密码123456
user: YWRtaW4= # admin
kind: Secret
metadata:
name: base-nginx
namespace: default
type: Opaque
[root@k8s-master1 env]# vim secret-envarg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
name: nginx
env:
- name: NGINX_USER
valueFrom:
secretKeyRef:
name: base-nginx
key: user
#command: ["/bin/bash","-c","env |grep NGINX_USER"]
- name: LOGIN_PASSWD
valueFrom:
secretKeyRef:
name: base-nginx
key: password
command:
- /bin/bash
args:
- -c
- while true;do env | grep -E "NGINX_USER|LOGIN_PASSWD" ;sleep 30;done
查看输出结果
[root@k8s-master1 env]# kubectl logs -f nginx
LOGIN_PASSWD=123456
NGINX_USER=admin
五、基于Key,Value直接注入
[root@k8s-master1 env]# vim test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-pod-configmap-cmd
spec:
containers:
- name: test-busybox
image: busybox
imagePullPolicy: IfNotPresent
command: [ "/bin/sh","-c","echo $(KEY1) $(KEY2)"]
env:
- name: KEY1
value: "key1"
- name: KEY2
value: "key2"
restartPolicy: Never
查看输出结果
[root@k8s-master1 env]# kubectl logs -f test-pod-configmap-cmd
key1 key2