Parameters passed to the implementation of the container application:
1. the configuration file directly to the mirror package, but this approach is not recommended, because not flexible enough to modify the configuration.
2. By defining Pod list, specify custom command line parameters, i.e. set args: [ "order parameter"], which also
may be started at Pod, parameter passing to modify the configuration file for the application of Pod
3. use environment variables to pass the application to modify the configuration parameters in the Pod
but you want to use this way, you must meet one of the following conditions:
1) the application must be in the Pod Cloud Native applications that support direct to load the configuration environment variable information.
2) to modify the configuration file for the application Pod by pre-defined script Entrypoint variables Entrypoint these scripts
can set, sed, grep tools to modify the like, but also to ensure that the container in these tools.
4. The storage volume: We configuration information directly into the storage volume, such as the PV, Pod start time, the automatic loading profile directory storage volume,
to achieve a Pod applications in different configurations.
5. configMap or secret
The main role of configMap:
is to allow image and configuration files decoupling, in order to achieve a mirror portability and reusability, because a configMap is actually a collection of a series of configuration information, the future can be injected directly into the container Pod uses , while injecting two ways, one to configMap storage volume as a configMap configMapKeyRef is injected into the container through the env; configMap KeyValve form is to save the data, for example: name = zhangsan or nginx.conf = "http {server {...}} " for the length of Value configMap is not limited, it can be an entire profile information.
configMap: K8s It is a standard component, which are two ways to achieve Pod pass configuration parameters:
A. directly defined in the environment variables configMap when starting Pod, references to variables defined in configMap environment env.
B. A packaged into a full profile configMap then mounted to Pod shared by volume, to achieve the application to pass parameters.
secret: when it is a relatively safe configMap, because it configMap made by base64 encoded, so that data is not stored in plain text directly in configMap, played a protective effect, but anti-Base64 encoding for professionals without any difficulty, it is only relatively safe.
For configMap in the first, let Pod way configMap the environment variable references:
kubectl EXPLAIN pods.spec.containers.env #env also directly define the environment variable passed to the Pod in the container, which points to remember.
env.valueFrom
configMapKeyRef: it can be used for reference when defining Pod start configMapKey is which.
fieldRef: may be a reference field, the environment variable for each application within the container Pod value, such as:
metadata.name: Pod reference name
metadata.namespace: refers to the namespace name Pod located
metadata.labels: reference to the Pod tags
status.hostIP: IP node from reference Pod
status.podIP: references the IP Pod
resourceFieldRef: reference to a resource or resource requirements limit
secretKeyRef: secretKey to a reference parameter passing is Pod
when defining configMap, typically only needs to define its data or binaryData (binary data), are Talia map [string] type,
so that their values are stored in a hash list, i.e. not directly related to the key and value, is the hash code key.
Creating configmap Example:
# command creates:
kubectl the Create configmap nginx-config-literal = nginx_port the --from the --from-literal = 80 = server_name = myapp.test.com
kubectl GET configmap
cm & lt Nginx config-DESCRIBE kubectl
# do the contents of the file key value
Vim w3c.conf
Server {
server_name bbs.test.com;
the listen 80;
the root / Data / Nginx / BBS /
}
# Note: The name does not support an underscore in configmap !
# This is the definition of a key called www, the content of which is www.conf.
Kubectl the Create ConfigMap nginx-the WWW-the --from the WWW File = =. / Www.conf
# This is the definition of a key called www.conf, the content of which is www.conf
kubectl ConfigMap Nginx Create File-WWW---from =. / Www.conf
kubectl GET WWW -o-cm & lt Nginx YAML
kubectl DESCRIBE cm & lt Nginx -www
Example # configMap transmission variables defined in the container to Pod: Vim POD - configmap.yaml apiVersion: V1 kind: Pod Metadata: name: POD -CM- . 1 namespace : default Labels: App: MyApp Tier: frontend Annotations: Test. COM / created- by: "Cluster ADMIN" spec: Containers: - name: myapp Image: ikubernetes / myapp: v1 the ports: - name: HTTP containerPort: 80 env: - name: NGINX_SERVER_PORT the valueFrom: configMapKeyRef: name: nginx-config key: nginx_port - name:NGINX_SERVER_NAME valueFrom: configMapKeyRef: name: nginx-config key: server_name
# The use of this application configMap the Pod
POD-configmap.yaml the Apply -f kubectl
# to enter the Pod View configMap incoming variable
kubectl Exec -it POD-cm-1 - / bin / SH
/ # # see the printenv we have no definition of variables passed in.
# Then we configmap can be modified in value, see if you can immediately enter into force in Pod:
kubectl edit cm nginx-config # nginx-config will modify the value of this configmap look.
kubectl DESCRIBE cm nginx-config # confirm edit has been modified in key configmap value.
# Next landing pod-cm-1 in the Pod, to see whether the value of the variable container changed.
# Can see the value will not change, it will only be when creating Pod, data is loaded in a configmap.
# Configmap to mount the volume by sharing manner: Vim POD -configmap- 2 .yaml apiVersion: V1 kind: Pod Metadata: name: POD -CM- 2 namespace : default Labels: App: MyApp Tier: frontend Annotations: test.com / created- by: "Cluster ADMIN" spec: Containers: - name: myapp Image: ikubernetes / myapp: v1 the ports: - name: HTTP containerPort: 80 volumeMounts: - name: nginxconf MountPath:/etc/nginx/config.d/ # mount point does not exist, Pod automatically created. readOnly: to true # can not let modify the contents of the container configuration. Volumes: - name: the name nginxconf # define the storage volume is nginxconf configMap: name: nginx -config # nginx-config to mount this configMap
# Create Pod
kubectl Apply -f-POD-ConfigMap 2.yaml
kubectl POD-cm & lt Exec Expediting IT-2 - / bin / SH
/ LS # -l /etc/nginx/config.d/
Total 0
lrwxrwxrwx the root the root. 1. 17 13:48 nginx_port 21 Jul -> ..data / nginx_port
lrwxrwxrwx 1 root root 18 Jul 21 13:48 server_name -> ..data / server_name
NOTE: you will be able to see the connection config.d below creates two files, they the content on this when nginx-config configMap defined variable values, the connection file named key name, connection file pointing to the file is actually a new version of configmap file, that is, when configmap file is modified, it will change synchronization the API Server, APIServer in the notice to change all references to those who, after the contents of references who will also become a new version of the content, so that you can achieve dynamic update configuration files.
# Test dynamic updates configmap variable values
kubectl Edit cm nginx-config
# modify nginx-config server_port in 8888 to change the view Pod.
But be patient, because it takes time to complete APIServer notice of.
If not generally sensitive data can be stored in plain text configMap do, if it comes to the password, private key and other data types must use secret.
The secret There are three types:
generic: general type normally used for storing cryptographic data.
tls: This type is only used to store private keys and certificates.
docker-registry: To save the authentication information docker warehouse, then it must use this type to create.
# Create a mysql-root-password's Secret:
kubectl the Create Secret generic mysql-root-password [email protected]*9
NOTE: This defines a generic type of secret, the name is mysql -root-password, key is the password, the value is [email protected]*9
kubectl GET Secret
kubectl DESCRIBE Secret MySQL-root-password
kubectl GET Secret MySQL-root-password # -o YAML can see the value of this key is password the encrypted
# but encryption is a pseudo-secret encryption, it is only the base64 encoded data made of.
echo password the Key values | base64 -d # -d: is decoded, so you can see the base64 overweight plaintext password.
# Create a secret list of references Pod: vim POD -secret- 1 .yaml apiVersion: v1 kind: Pod the Metadata: name: POD -secret- 1 namespace : default Labels: App: myapp Tier: frontend Annotations: test.com / the Created - by: "Cluster ADMIN" spec: Containers: - name: myapp Image: ikubernetes / myapp: v1 the ports: - name: HTTP containerPort: 80 env: - name: MYSQL_ROOT_PASSWORD # Pod start after it is successful, the environment variable name Pod in a container. the valueFrom: secretKeyRef: name: MySQL -root- password # This is the object name secret key: password # It is the key name secret in
Creating an import content # secret Pod:
kubectl Apply -f POD-secret.yaml
kubectl Exec-secret-POD. 1 - the printenv | grep 'MYSQL_ROOT_PASSWORD' # injected into the vessel can be seen that the secret is stored in clear text.
Expansion:
CoreOS :
the organization has developed a K8s component, called Operator (operation and maintenance engineers), which allows operation and maintenance engineers will deal with some of the more complex logic encapsulated in the Operator, the Operator so you can help us to complete more complex tasks.