ConfigMap
1. Concept
In K8S, ConfigMap is an API object used to store configuration data. It is generally used to store some configuration information or environment variables required by applications in Pods. Separate the configuration from the Pod to avoid having to rebuild the image and container due to modification of the configuration.
2. Create
You can see an example using kubectl create configmap -h
2.1. Create based on directory
# configmap can be abbreviated as cm kubectl create configmap <config name> --from-file=./test
2.2. Obtain configuration information
# Check which configMap there are kubectl get cm # View the contents of a configMap specifically kubectl describe <config name>
2.3, File-based creation
# can be followed by a relative path or an absolute path. kubectl create cm <cm name> --from-file=/data/k8s/configMap/test/appcation.yaml # Rename a new file kubectl create cm <cm name> --from-file=<rename a file name>=/data/k8s/configMap/test/appcation.yaml
2.4. Create based on key-value pairs
kubectl create cm test-key-value-config --from-literal=username=root --from-literal=password=123456
3. Use configuration
3.1. Use key-value pair configuration
- Create a pod configuration file
apiVersion: v1 Kind: Pod metadata: name: test-keyvalue-cm-po spec: containers: - name: env-root image:alpine command: ["/bin/sh", "-c" , "env;sleep 3600"] # Print environment variables imagePullPolicy: IfNotPresent env: - name: name valueFrom: configMapKeyRef: name: test-key-value-config #configMap name key: username #The key in the specified config is username - name: password valueFrom: configMapKeyRef: name: test-key-value-config key: password restartPolicy: Never
- View environment variables through logs
kubectl logs -f test-keyvalue-cm-po
3.2. Hang on file path
apiVersion: v1 Kind: Pod metadata: name: test-files-cm-po spec: containers: - name: env-root image:alpine command: ["/bin/sh", "-c" , "env;sleep 3600"] imagePullPolicy: IfNotPresent volumeMounts: # Mount data volumes - name: redis-config mountPath: "/usr/local/redis" restartPolicy: Never volumes: - name: redis-config #The name of the data volume configMap: name: test-dir-config #name in configMap items: #Load some of the items in test-dir-config, if not specified, it means all - key: 'redis.config' # key in configMap path: 'redis.conf' # Subpath address, you can convert the key into a file
4. subPath
The function of subPath
is to allow specific files or directories in the Volume to be selectively mounted inside the container instead of mounting the entire Volume into the container.
4.1. Preparation work, create cm
In configMap, nginx-html
and nginx-config
are created in advance. There are two files under nginx-html
, one is test.html and index.html; There is a file under nginx-config
, nginx.conf;
4.2. Full folder coverage and single file coverage
apiVersion: v1 Kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx-container image: nginx volumeMounts: - name: html mountPath: /usr/share/nginx/html/index.html subPath: index.html - name: conf mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: html configMap: name: nginx-html items: - key: 'index.html' path: 'index.html' - name: conf configMap: name: nginx-config
Cover the entire html file into the nginx container. nginx.conf only covers the nginx.conf file in the container. If conf
is not added with subPath
, /etc/nginx/
will only have the nginx.conf
file left
4.3. Overwrite a file in the specified folder
Only overwrite index.html in the html folder to index.html in the container
apiVersion: v1 Kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx-container image: nginx volumeMounts: - name: html mountPath: /usr/share/nginx/html/index.html subPath: index.html #Needs to correspond to items[0].path value, and must be included by mountPath volumes: - name: html configMap: name: nginx-html items: - key: 'index.html' path: 'index.html'
4.4, Summary
subPath must be included by the mountPath in volumeMounts. If items are specified under configMap, the following path must correspond to the subPath under volumeMounts.
5. Hot update of configuration
After using configMap to mount to a pod, sometimes you need to modify the configuration and update it to the pod.
In some scenarios, the Pod will not update the configuration:
-
1. Use subPath
-
2. In the form of variables, if a variable in the pod is obtained from configmap or secret, it will also not be updated.
For the subPath method, we can cancel the use of subPath, mount the configuration file to a non-existent directory to avoid directory overwriting, and then use a soft link to link the file to the target location.
However, if there is a file in the target location, it may not be possible to create a soft link. In this case, you can execute the delete command based on the postStart operation mentioned earlier and delete the default file.
5.1, edit to modify configMap
kubectl edit cm spring-boot-test-yaml
5.2. Replace by replace
# (--dry-run=client -o yaml | kubectl replace -f -) is a fixed format kubectl create cm <cm name> --from-file=./test --dry-run=client -o yaml | kubectl replace -f -
–dry-run parameter, this parameter means printing the yaml file, but not sending the file to the apiserver. Combined with -oyaml to output the yaml file, you can get a configured file but not sent to the apiserver, and then combined with replace to monitor The replacement can be realized by obtaining the yaml data from the console output.
kubectl create cm –from-file=nginx.conf –dry-run -oyaml | kubectl replace -f-
6. Configuration files are immutable
If modification of the configuration file is prohibited, you can directly modify the cm information and add immutable: true
, for example
apiVersion: v1 data: appcation.yaml: | ...profile information kind: ConfigMap metadata: creationTimestamp: "2023-10-18T13:16:22Z" name: spring-boot-test-yaml namespace:default resourceVersion: "558771" uid: ba7d135f-7aff-4005-8360-5eba74bc7d31 #Add this column immutable: true
After adding immutable: true
, an error will be prompted when the configuration file is modified again.
# * data: Forbidden: field is immutable when `immutable` is set