绕不开的Config配置;
在自动化流程中,对于一个应用来说,从开发阶段的配置管理,到制作容器镜像,再到最后通过K8S集群发布为服务,整个过程涉及到的配置非常多;
应用环境:通常是指代码层面的依赖配置,以常用的Nacos来说,通常会涉及框架、组件、自定义等几个层面的配置管理;
运行环境:以微服务架构来说,实际环境中需要管理多个应用的服务发布,在整个过程中必然会存在很多配置的管理,比如应用的资源分配、不同环境交互时的身份认证、敏感信息的安全管理等;
不论是应用还是运行层面的配置,都会涉及到一个基本的逻辑:配置可以抽取出来单独管理,在流程中直接引入该配置即可;
ConfigMap用来将非机密性的数据保存到键值对中,Pod可以将其用作环境变量、命令行参数或者存储卷中的配置文件,会将环境配置信息和容器镜像解耦,便于应用配置的修改;
ConfigMap中data字段用来保存UTF-8字符串,binaryData用来保存二进制数据作为base64编码的字串;
data
UTF-8
binaryData
base64
apiVersion: v1kind: ConfigMapmetadata: name: app-config-map namespace: defaultdata: active: test started: hello program: world
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config-map
namespace: default
data:
active: test
started: hello
program: world
创建【ConfigMap】
kubectl apply -f app-config-map.yaml
查看【ConfigMap】
kubectl get cm/app-config-map -o yaml
K8S界面查看【ConfigMap】
用法一:使用「app-config-map」中的值来配置【Pod】,在env中定义多个环境变量,但是值从ConfigMap中读取;
env
apiVersion: v1kind: Podmetadata: name: auto-client-onespec: containers: - name: auto-client image: auto-client:1.1.3 imagePullPolicy: Never ports: - containerPort: 8079 env: - name: DATA_ACTIVE valueFrom: configMapKeyRef: name: app-config-map key: active - name: DATA_STARTED valueFrom: configMapKeyRef: name: app-config-map key: started - name: DATA_PROGRAM valueFrom: configMapKeyRef: name: app-config-map key: program
kind: Pod
name: auto-client-one
spec:
containers:
- name: auto-client
image: auto-client:1.1.3
imagePullPolicy: Never
ports:
- containerPort: 8079
env:
- name: DATA_ACTIVE
valueFrom:
configMapKeyRef:
key: active
- name: DATA_STARTED
key: started
- name: DATA_PROGRAM
key: program
创建【Pod】
kubectl create -f auto-client-one.yaml
用法二:在【Pod】配置中,直接使用envFrom引入「app-config-map」,从而完成环境变量的设置;
envFrom
apiVersion: v1kind: Podmetadata: name: auto-client-twospec: containers: - name: auto-client image: auto-client:1.1.3 imagePullPolicy: Never ports: - containerPort: 8079 envFrom: - configMapRef: name: app-config-map
name: auto-client-two
envFrom:
- configMapRef:
查看环境变量
# 1、执行该命令kubectl exec -it auto-client-one -- bash# 2、输入命令:envenv# 3、打印的环境变量,只留下【app-config-map】配置的参数DATA_ACTIVE=testDATA_PROGRAM=worldDATA_STARTED=hello# 4、查看【DATA_STARTED】的变量值echo $DATA_STARTED
# 1、执行该命令
kubectl exec -it auto-client-one -- bash
# 2、输入命令:env
# 3、打印的环境变量,只留下【app-config-map】配置的参数
DATA_ACTIVE=test
DATA_PROGRAM=world
DATA_STARTED=hello
# 4、查看【DATA_STARTED】的变量值
echo $DATA_STARTED
在【auto-client:1.1.3】容器镜像中,添加了一个输出环境变量的定时任务,通过查看运行日志,可以看到相关配置会被代码正确读取;
@Componentpublic class PrintEnvJob { private static final Logger LOG = LoggerFactory.getLogger(PrintEnvJob.class.getName()) ; @Scheduled(fixedDelay = 60000) public void systemData () { Map<String,String> envMap = System.getenv(); for (Map.Entry<String, String> entry:envMap.entrySet()){ String key = entry.getKey(); String value = entry.getValue(); LOG.info("【key:{},value:{}】",key,value); } }}
@Component
public class PrintEnvJob {
private static final Logger LOG = LoggerFactory.getLogger(PrintEnvJob.class.getName()) ;
@Scheduled(fixedDelay = 60000)
public void systemData () {
Map<String,String> envMap = System.getenv();
for (Map.Entry<String, String> entry:envMap.entrySet()){
String key = entry.getKey();
String value = entry.getValue();
LOG.info("【key:{},value:{}】",key,value);
}
【auto-client-one】日志输出
【auto-client-two】日志输出
注意事项
1MiB
immutable
true
Secret是一种包含少量敏感信息例如密码、令牌或密钥的对象,这样的信息可能会被放在Pod规约中或者镜像中,使用Secret意味着不需要在应用程序代码中包含敏感数据;
将【auto-client:1.1.3】镜像推送到云端的docker私有仓库里,并且删除本地相关镜像,测试下面的流程;
这里以最常见的镜像拉取场景来说,通常容器镜像文件是放在私有的云端仓库,K8S在访问时需要提供身份证明,可以通过Secret配置来处理该场景;
kubectl create secret docker-registry 【secret名称】 --docker-server=【仓库地址】 --docker-username=【用户名】 --docker-password=【密码】 --namespace=【命名空间】 -o yaml > cloud-registry-secret.yaml
在上面配置了镜像拉取的Secret对象,在Pod层面使用imagePullSecrets来引用该对象,当从私有仓库拉取容器镜像时,节点上的kubelet能够完成与镜像仓库的身份认证;
imagePullSecrets
apiVersion: apps/v1kind: Deploymentmetadata: name: auto-client-deployment labels: app: auto-clientspec: replicas: 1 selector: matchLabels: app: auto-client template: metadata: labels: app: auto-client spec: imagePullSecrets: - name: cloud-registry-secret containers: - name: auto-client image: 【仓库地址】/auto-client:1.1.3 imagePullPolicy: Always ports: - containerPort: 8079
apiVersion: apps/v1
kind: Deployment
name: auto-client-deployment
labels:
app: auto-client
replicas: 1
selector:
matchLabels:
template:
imagePullSecrets:
- name: cloud-registry-secret
image: 【仓库地址】/auto-client:1.1.3
imagePullPolicy: Always
etcd
在定义Pod时可以选择性地为每个容器设定所需要的资源数量,最常见的可设定资源是CPU和内存大小,或者其他类型的资源,这样有利于调度器给Pod选择合适的节点;
apiVersion: apps/v1kind: Deploymentmetadata: name: auto-client-rs-deployment labels: app: auto-clientspec: replicas: 1 selector: matchLabels: app: auto-client template: metadata: labels: app: auto-client spec: containers: - name: auto-serve image: auto-client:1.1.3 imagePullPolicy: Never ports: - containerPort: 8079 resources: requests: cpu: "250m" memory: "128Mi" limits: cpu: "500m" memory: "256Mi"
name: auto-client-rs-deployment
- name: auto-serve
resources:
requests:
cpu: "250m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
requests
limits
request
limit
文档仓库:https://gitee.com/cicadasmile/butte-java-note脚本仓库:https://gitee.com/cicadasmile/butte-auto-parent
文档仓库:
https://gitee.com/cicadasmile/butte-java-note
脚本仓库:
https://gitee.com/cicadasmile/butte-auto-parent
原文链接:https://www.cnblogs.com/cicada-smile/p/17604946.html
本站QQ群:前端 618073944 | Java 606181507 | Python 626812652 | C/C++ 612253063 | 微信 634508462 | 苹果 692586424 | C#/.net 182808419 | PHP 305140648 | 运维 608723728