ConfigMap
1. Concept
In K8S, ConfigMap is an API object used to store configuration data. It is generally used to store some configuration information or environment variables required by applications in Pods. Separate the configuration from the Pod to avoid having to rebuild the image and container due to modification of the configuration.
2. Create
You can see an example using kubectl create configmap -h
2.1. Create based on directory
# configmap can be abbreviated as cm kubectl create configmap <config name> --from-file=./test
2.2. Obtain configuration information
# Check which configMap there are kubectl get cm # View the contents of a configMap specifically kubectl describe <config name>
2.3, File-based creation
# can be followed by a relative path or an absolute path. kubectl create cm <cm name> --from-file=/data/k8s/configMap/test/appcation.yaml # Rename a new file kubectl create cm <cm name> --from-file=<rename a file name>=/data/k8s/configMap/test/appcation.yaml
2.4. Create based on key-value pairs
kubectl create cm test-key-value-config --from-literal=username=root --from-literal=password=123456
3. Use configuration
3.1. Use key-value pair configuration
- Create a pod configuration file
apiVersion: v1
Kind: Pod
metadata:
name: test-keyvalue-cm-po
spec:
containers:
- name: env-root
image:alpine
command: ["/bin/sh", "-c" , "env;sleep 3600"] # Print environment variables
imagePullPolicy: IfNotPresent
env:
- name: name
valueFrom:
configMapKeyRef:
name: test-key-value-config #configMap name
key: username #The key in the specified config is username
- name: password
valueFrom:
configMapKeyRef:
name: test-key-value-config
key: password
restartPolicy: Never
- View environment variables through logs
kubectl logs -f test-keyvalue-cm-po
3.2. Hang on file path
apiVersion: v1
Kind: Pod
metadata:
name: test-files-cm-po
spec:
containers:
- name: env-root
image:alpine
command: ["/bin/sh", "-c" , "env;sleep 3600"]
imagePullPolicy: IfNotPresent
volumeMounts: # Mount data volumes
- name: redis-config
mountPath: "/usr/local/redis"
restartPolicy: Never
volumes:
- name: redis-config #The name of the data volume
configMap:
name: test-dir-config #name in configMap
items: #Load some of the items in test-dir-config, if not specified, it means all
- key: 'redis.config' # key in configMap
path: 'redis.conf' # Subpath address, you can convert the key into a file
4. subPath
The function of subPath is to allow specific files or directories in the Volume to be selectively mounted inside the container instead of mounting the entire Volume into the container.
4.1. Preparation work, create cm
In configMap, nginx-html and nginx-config are created in advance. There are two files under nginx-html, one is test.html and index.html; There is a file under nginx-config, nginx.conf;
4.2. Full folder coverage and single file coverage
apiVersion: v1
Kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx-container
image: nginx
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/index.html
subPath: index.html
- name: conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: html
configMap:
name: nginx-html
items:
- key: 'index.html'
path: 'index.html'
- name: conf
configMap:
name: nginx-config
Cover the entire html file into the nginx container. nginx.conf only covers the nginx.conf file in the container. If conf is not added with subPath, /etc/nginx/ will only have the nginx.conf file left
4.3. Overwrite a file in the specified folder
Only overwrite index.html in the html folder to index.html in the container
apiVersion: v1
Kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx-container
image: nginx
volumeMounts:
- name: html
mountPath: /usr/share/nginx/html/index.html
subPath: index.html #Needs to correspond to items[0].path value, and must be included by mountPath
volumes:
- name: html
configMap:
name: nginx-html
items:
- key: 'index.html'
path: 'index.html'
4.4, Summary
subPath must be included by the mountPath in volumeMounts. If items are specified under configMap, the following path must correspond to the subPath under volumeMounts.
5. Hot update of configuration
After using configMap to mount to a pod, sometimes you need to modify the configuration and update it to the pod.
In some scenarios, the Pod will not update the configuration:
-
1. Use subPath
-
2. In the form of variables, if a variable in the pod is obtained from configmap or secret, it will also not be updated.
For the subPath method, we can cancel the use of subPath, mount the configuration file to a non-existent directory to avoid directory overwriting, and then use a soft link to link the file to the target location.
However, if there is a file in the target location, it may not be possible to create a soft link. In this case, you can execute the delete command based on the postStart operation mentioned earlier and delete the default file.
5.1, edit to modify configMap
kubectl edit cm spring-boot-test-yaml
5.2. Replace by replace
# (--dry-run=client -o yaml | kubectl replace -f -) is a fixed format kubectl create cm <cm name> --from-file=./test --dry-run=client -o yaml | kubectl replace -f -
–dry-run parameter, this parameter means printing the yaml file, but not sending the file to the apiserver. Combined with -oyaml to output the yaml file, you can get a configured file but not sent to the apiserver, and then combined with replace to monitor The replacement can be realized by obtaining the yaml data from the console output.
kubectl create cm –from-file=nginx.conf –dry-run -oyaml | kubectl replace -f-
6. Configuration files are immutable
If modification of the configuration file is prohibited, you can directly modify the cm information and add immutable: true, for example
apiVersion: v1
data:
appcation.yaml: |
...profile information
kind: ConfigMap
metadata:
creationTimestamp: "2023-10-18T13:16:22Z"
name: spring-boot-test-yaml
namespace:default
resourceVersion: "558771"
uid: ba7d135f-7aff-4005-8360-5eba74bc7d31
#Add this column
immutable: true
After adding immutable: true, an error will be prompted when the configuration file is modified again.
# * data: Forbidden: field is immutable when `immutable` is set