K8S - ConfigMap的简介和使用

什么是configMap

Kubernetes中的ConfigMap 是用于存储非敏感数据的API对象，用于将配置数据与应用程序的镜像分离。ConfigMap可以包含键值对、文件或者环境变量等配置信息，应用程序可以通过挂载ConfigMap来访问其中的数据，从而实现应用配置的动态管理。ConfigMap的使用有助于提高应用程序的可移植性、可伸缩性和可维护性。

简单来讲， configmap 是用来存储app的配置或者容器的环境变量的， 避免这些配置hard code 在容器内。
但是configMap 并不适合存放敏感数据（例如帐号密码） ， 敏感数据应该存放在secret manager中。

configMap的创建

1. by kubectl command line

我们可以用 kubectl create configMap -h 查看官方的一些示例

Aliases:
configmap, cmExamples:# Create a new config map named my-config based on folder barkubectl create configmap my-config --from-file=path/to/bar# Create a new config map named my-config with specified keys instead of file basenames on diskkubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt# Create a new config map named my-config with key1=config1 and key2=config2kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2# Create a new config map named my-config from the key=value pairs in the filekubectl create configmap my-config --from-file=path/to/bar# Create a new config map named my-config from an env filekubectl create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env

可见， 用命令行创建configMap的都必须提供一个or 若干文件，甚至可以是文件夹， 而且真正的内容都要写在文件中的。
而-from-literal 可以在不提供文件的情况下直接在命令指定key value

例子1 基于文件夹

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI/test$ cd ..
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ ls test/
db1.config  db2.config
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ cat test/db1.config 
db1.hostname=db1
db1.port=3309gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ cat test/db2.config 
db2.hostname=db1
db2.port=3309gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl create cm test-dir-config --from-file=test/
configmap/test-dir-config created

上面我创建了两个config files 在test 文件夹中， 并用folder 名创建了1个configMap item

查看 configMap 的items

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl get cm
NAME                DATA   AGE
kube-root-ca.crt    1      172d
test-dir-config     2      2m28s

可以见到 test-dir-config 被创建出来了

查看 configMap的内容

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl describe cm test-dir-config
Name:         test-dir-config
Namespace:    default
Labels:       <none>
Annotations:  <none>Data
====
db1.config:
----
db1.hostname=db1
db1.port=3309db2.config:
----
db2.hostname=db1
db2.port=3309BinaryData
====Events:  <none>
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ 

可以到这个configMap item 中有两个item, 注意的是
db.hostname 这种细节不是key

keys 只有两个
db1.config
db2.config

里面的内容的整体是key 对应的value！

例子2 基于某个文件

我们在另1个folder test2 created 了1个文件pgsql.yml

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ ls test2
pgsql.yml
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ cat test2/pgsql.yml 
hostname:db3.hostname
port:3310

注意格式是yaml的

这时我们创建1个configmap item

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl create cm db3.config --from-file=test2/pgsql.yml
configmap/db3.config created

查看configMap item

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl get cm
NAME                DATA   AGE
db3.config          1      67s
kube-root-ca.crt    1      172d
test-dir-config     2      52m

新建的configMap item 名字是db3.config
查看内容

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl describe cm db3.config
Name:         db3.config
Namespace:    default
Labels:       <none>
Annotations:  <none>Data
====
pgsql.yml:
----
hostname:db3.hostname
port:3310BinaryData
====Events:  <none>

key 是 pgsql.yml

这时我们再创建1个configMap item

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl create cm db4.config --from-file=db4-config=test2/pgsql.yml
configmap/db4.config created

注意这里的 --from-fille=db4-config=test2/pgsql.yaml
db4-config 是指定key的名字， overwrite掉 文件名作为key

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl get cm
NAME                DATA   AGE
db3.config          1      5m33s
db4.config          1      85s
kube-root-ca.crt    1      172d
test-dir-config     2      57m
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl describe cm db4.config
Name:         db4.config
Namespace:    default
Labels:       <none>
Annotations:  <none>Data
====
db4-config:
----
hostname:db3.hostname
port:3310BinaryData
====Events:  <none>

再查看内容：
这时的key 已经是 db4-config了

例子3 直接在命令行带上key value 的值

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl create cm db5.config --from-literal=hostname=db5.hostname --from-literal=port=3311
configmap/db5.config created
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl get cm
NAME                DATA   AGE
cloud-user-config   1      33d
db3.config          1      36m
db4.config          1      32m
db5.config          2      3s
kube-root-ca.crt    1      172d
test-dir-config     2      88m
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/CLI$ kubectl describe cm db5.config
Name:         db5.config
Namespace:    default
Labels:       <none>
Annotations:  <none>Data
====
port:
----
3311
hostname:
----
db5.hostnameBinaryData
====Events:  <none>

注意这句命令创建了 1个 configmap item, 但是里面有两对KV
分别是
key： hostname
key: port

2. by yaml file

在项目中， 更常用定义资源应该是yaml file 格式

为了实现与上面命令同样的效果， 我们创建了1个yaml file, 内容如下

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/yaml$ ls
db6-config.yaml
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/yaml$ cat db6-config.yaml 
apiVersion: v1
kind: ConfigMap
metadata:name: db6.config
data:hostname: db6.hostnameport: "3311"g

apply 资源

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/yaml$ kubectl apply -f db6-config.yaml 
configmap/db6.config created

查看configMap items

configmap/db6.config created
gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/yaml$ kubectl get cm
NAME                DATA   AGE
db3.config          1      85m
db4.config          1      81m
db5.config          2      48m
db6.config          2      33s
kube-root-ca.crt    1      172d
test-dir-config     2      137m

查看内容

gateman@MoreFine-S500:~/projects/coding/k8s-s/configMap/yaml$ kubectl describe cm db6.config
Name:         db6.config
Namespace:    default
Labels:       <none>
Annotations:  <none>Data
====
hostname:
----
db6.hostname
port:
----
3311BinaryData
====Events:  <none>

可见 效果时间一样的

configMap的使用

在yaml 里大概有两种使用方法

1. 利用configMapKeyRef 读取配置
2. 利用volumes 把配置写入1个文件

1. 利用configMapKeyRef 读取配置

例子：

我们首先准备1个springboot serice - cloud order
令其的actuator/info 接口可以return 当前环境的所有环境变量

@Component
@Slf4j
public class AppVersionInfo implements InfoContributor {@Value("${pom.version}") // https://stackoverflow.com/questions/3697449/retrieve-version-from-maven-pom-xml-in-codeprivate String appVersion;@Autowiredprivate String hostname;@Autowiredprivate InfoService infoservice;@Value("${spring.datasource.url}")private String dbUrl;@Override// https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html#production-ready-endpoints-infopublic void contribute(Info.Builder builder) {log.info("AppVersionInfo: contribute ...");builder.withDetail("app", "Cloud Order Service").withDetail("version", appVersion).withDetail("hostname",hostname).withDetail("dbUrl", dbUrl).withDetail("description", "This is a simple Spring Boot application to for cloud order.").withDetail("SystemVariables", infoservice.getSystemVariables());}
}

@Service
public class InfoService {public String getHostName() {return "unknown";}public HashMap<String, String> getSystemVariables() {Map<String, String> envVariables = System.getenv();//envVariables.forEach((key, value) -> systemVariables.put(key, value));return new HashMap<>(envVariables);}
}

然后我们利用yaml 创建1个configMap
cloud-order-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:name: cloud-order-app-tag-config
data:APP_TAG: cloud-order-app-tag

里面指定一了1个KV 对

部署

kubectl apply -f cloud-order-configmap.yaml

然后再编写 deployment 的yaml

apiVersion: apps/v1
kind: Deployment
metadata:labels: # label of this deploymentapp: cloud-order # custom definedauthor: nvd11name: deployment-cloud-order # name of this deploymentnamespace: default
spec:replicas: 3            # desired replica count, Please note that the replica Pods in a Deployment are typically distributed across multiple nodes.revisionHistoryLimit: 10 # The number of old ReplicaSets to retain to allow rollbackselector: # label of the Pod that the Deployment is managing,, it's mandatory, without it , we will get this error # error: error validating data: ValidationError(Deployment.spec.selector): missing required field "matchLabels" in io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector ..matchLabels:app: cloud-orderstrategy: # Strategy of upodatetype: RollingUpdate # RollingUpdate or RecreaterollingUpdate:maxSurge: 25% # The maximum number of Pods that can be created over the desired number of Pods during the updatemaxUnavailable: 25% # The maximum number of Pods that can be unavailable during the updatetemplate: # Pod templatemetadata:labels:app: cloud-order # label of the Pod that the Deployment is managing. must match the selector, otherwise, will get the error Invalid value: map[string]string{"app":"bq-api-xxx"}: `selector` does not match template `labels`spec: # specification of the Podcontainers:- image: europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/cloud-order:1.0.2 # image of the containerimagePullPolicy: IfNotPresentname: container-cloud-orderenv: # set env varaibles- name: APP_ENVIRONMENT # name of the environment variablevalue: prod # value of the environment variable- name: APP_TAG valueFrom: # value from config mapconfigMapKeyRef: name: cloud-order-app-tag-config # name of the configMap itemkey: APP_TAG # key from the config map itemrestartPolicy: Always # Restart policy for all containers within the PodterminationGracePeriodSeconds: 10 # The period of time in seconds given to the Pod to terminate gracefully

注意， 我们在环境变量那里 新增了1个item ， 环境变量的名字是 APP_TAG, 而 环境变量的value 是从 configmap 里获取的
部署成功后

测试api /actuator/info

ateman@MoreFine-S500:~/projects/coding/k8s-s/service-case/cloud-order$ curl http://www.jp-gcp-vms.cloud:8085/cloud-order/actuator/info | jq .% Total    % Received % Xferd  Average Speed   Time    Time     Time  CurrentDload  Upload   Total   Spent    Left  Speed
100  1777    0  1777    0     0   3067      0 --:--:-- --:--:-- --:--:--  3063
{"app": "Cloud Order Service","version": "1.0.2","hostname": "deployment-cloud-order-c56db7848-lt5wc","dbUrl": "jdbc:mysql://192.168.0.42:3306/demo_cloud_order?useUnicode=true&characterEncoding=utf-8&useSSL=false&allowPublicKeyRetrieval=true","description": "This is a simple Spring Boot application to for cloud order.","SystemVariables": {"PATH": "/usr/java/openjdk-17/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","CLUSTERIP_CLOUD_ORDER_SERVICE_HOST": "10.98.117.97","CLUSTERIP_BQ_API_SERVICE_SERVICE_PORT": "8080","KUBERNETES_PORT": "tcp://10.96.0.1:443","JAVA_HOME": "/usr/java/openjdk-17","KUBERNETES_SERVICE_HOST": "10.96.0.1","LANG": "C.UTF-8","CLUSTERIP_CLOUD_ORDER_PORT": "tcp://10.98.117.97:8080","CLUSTERIP_BQ_API_SERVICE_PORT_8080_TCP": "tcp://10.100.68.154:8080","CLUSTERIP_CLOUD_ORDER_PORT_8080_TCP": "tcp://10.98.117.97:8080","CLUSTERIP_BQ_API_SERVICE_PORT_8080_TCP_PROTO": "tcp","PWD": "/app","JAVA_VERSION": "17.0.2","_": "/usr/java/openjdk-17/bin/java","CLUSTERIP_CLOUD_ORDER_PORT_8080_TCP_ADDR": "10.98.117.97","KUBERNETES_PORT_443_TCP": "tcp://10.96.0.1:443","KUBERNETES_PORT_443_TCP_ADDR": "10.96.0.1","CLUSTERIP_CLOUD_ORDER_PORT_8080_TCP_PORT": "8080","CLUSTERIP_BQ_API_SERVICE_PORT": "tcp://10.100.68.154:8080","CLUSTERIP_BQ_API_SERVICE_PORT_8080_TCP_PORT": "8080","KUBERNETES_PORT_443_TCP_PROTO": "tcp","APP_ENVIRONMENT": "prod","KUBERNETES_SERVICE_PORT": "443","CLUSTERIP_CLOUD_ORDER_SERVICE_PORT": "8080","CLUSTERIP_BQ_API_SERVICE_PORT_8080_TCP_ADDR": "10.100.68.154","APP_TAG": "cloud-order-app-tag","HOSTNAME": "deployment-cloud-order-c56db7848-lt5wc","CLUSTERIP_CLOUD_ORDER_PORT_8080_TCP_PROTO": "tcp","CLUSTERIP_BQ_API_SERVICE_SERVICE_HOST": "10.100.68.154","KUBERNETES_PORT_443_TCP_PORT": "443","KUBERNETES_SERVICE_PORT_HTTPS": "443","SHLVL": "1","HOME": "/root"}
}

查看 APP_TAG 的那一行， 的确能正确地获取configmap 里的配置信息！

2. 利用volumes 把配置写入1个文件

在这个例子中
我们再利用yaml 创建另1个configMap

apiVersion: v1
kind: ConfigMap
metadata:name: cloud-order-os-version-config
data:OS_VERSION: ubuntu-x.x

部署

gateman@MoreFine-S500:~/projects/coding/k8s-s/service-case/cloud-order$ kubectl apply -f cloud-order-configmap2.yaml
configmap/cloud-order-os-version-config created

修改 cloud order service 的deployment yaml

apiVersion: apps/v1
kind: Deployment
metadata:labels: # label of this deploymentapp: cloud-order # custom definedauthor: nvd11name: deployment-cloud-order # name of this deploymentnamespace: default
spec:replicas: 3            # desired replica count, Please note that the replica Pods in a Deployment are typically distributed across multiple nodes.revisionHistoryLimit: 10 # The number of old ReplicaSets to retain to allow rollbackselector: # label of the Pod that the Deployment is managing,, it's mandatory, without it , we will get this error # error: error validating data: ValidationError(Deployment.spec.selector): missing required field "matchLabels" in io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector ..matchLabels:app: cloud-orderstrategy: # Strategy of upodatetype: RollingUpdate # RollingUpdate or RecreaterollingUpdate:maxSurge: 25% # The maximum number of Pods that can be created over the desired number of Pods during the updatemaxUnavailable: 25% # The maximum number of Pods that can be unavailable during the updatetemplate: # Pod templatemetadata:labels:app: cloud-order # label of the Pod that the Deployment is managing. must match the selector, otherwise, will get the error Invalid value: map[string]string{"app":"bq-api-xxx"}: `selector` does not match template `labels`spec: # specification of the Podcontainers:- image: europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/cloud-order:1.0.2 # image of the containerimagePullPolicy: IfNotPresentname: container-cloud-orderenv: # set env varaibles- name: APP_ENVIRONMENT # name of the environment variablevalue: prod # value of the environment variable- name: APP_TAG valueFrom: # value from config mapconfigMapKeyRef: name: cloud-order-app-tag-config # name of the configMap itemkey: APP_TAG # key from the config map itemvolumeMounts: # volume mount- name: config-volumemountPath: /app/configvolumes:- name: config-volumeconfigMap:name: cloud-order-os-version-config # name of the config mapitems:- key: OS_VERSION # key of the config map itempath: os-version.conf # name of the file, it will only contain the content of the keyrestartPolicy: Always # Restart policy for all containers within the PodterminationGracePeriodSeconds: 10 # The period of time in seconds given to the Pod to terminate gracefully

注意我们在这里新增了1个卷 把configmap cloud-order-os-version-config 指定某个key的value 保存到1个文件中 os-version.conf
而在container 的配置中， 我们 吧这个卷mount 在 /app/config 路径下

重新部署：

gateman@MoreFine-S500:~/projects/coding/k8s-s/service-case/cloud-order$ kubectl apply -f deployment-cloud-order.yaml 
deployment.apps/deployment-cloud-order configured
gateman@MoreFine-S500:~/projects/coding/k8s-s/service-case/cloud-order$ kubectl get pods
NAME                                         READY   STATUS    RESTARTS         AGE
deployment-bq-api-service-6f6ffc7866-8djx9   1/1     Running   0                26h
deployment-bq-api-service-6f6ffc7866-g4854   1/1     Running   9 (3d21h ago)    45d
deployment-bq-api-service-6f6ffc7866-lwxt7   1/1     Running   11 (3d21h ago)   47d
deployment-bq-api-service-6f6ffc7866-mxwcq   1/1     Running   8 (3d21h ago)    45d
deployment-cloud-order-7cb8466d48-2kcnn      1/1     Running   0                8s
deployment-cloud-order-7cb8466d48-57w6n      1/1     Running   0                7s
deployment-cloud-order-7cb8466d48-d6jk7      1/1     Running   0                5s

进入容器：

gateman@MoreFine-S500:~$ kubectl exec -it deployment-cloud-order-7cb8466d48-d6jk7 /bin/bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
bash-4.4# cd /app/config
bash-4.4# ls
os-version.conf
bash-4.4# cat os-version.conf 
ubuntu-x.x

可以见到configmap的内容的确放入了 容器内的对应的目录下