关于kubernetes:K8S-笔记-创建和使用-Nginx-configmap

49次阅读

共计 11228 个字符,预计需要花费 29 分钟才能阅读完成。

ConfigMap 简介

ConfigMap 是 k8s 中的一种 API 对象,用于镜像和配置文件解耦(对标非 k8s 环境,咱们常常用配置管理核心解耦代码和配置,其实是一个意思),这样镜像就具备了可移植性和可复用性。Pods 能够将其用作环境变量、命令行参数或者存储卷中的配置文件。在生产环境中,它作为环境变量配置的应用十分常见。

跟它相似的,还有另一个 API 对象 Secret。

二者的区别是,前者用于存储不敏感和非保密性数据。例如 ip 和端口。后者用于存储敏感和保密性数据,例如用户名和明码,秘钥,等等,应用 base64 编码贮存。

对于 configmap 的更多内容能够看看官网:
https://kubernetes.io/zh-cn/d…

应用 ConfigMap 的限度条件

  • ConfigMap 要在 Pod 启动前创立好。因为它是要被 Pod 应用的嘛。
  • 只有当 ConfigMap 和 Pod 处于同一个 NameSpace 时 Pod 才能够援用它。
  • 当 Pod 对 ConfigMap 进行挂载(VolumeMount)操作时,在容器外部只能挂载为目录,不能挂载为文件。
  • 当挂载曾经存在的目录时,且目录内含有其它文件,ConfigMap 会将其笼罩掉。

实操

本次操作,最后的 yaml 配置如下,总共蕴含三个局部:

  • ConfigMap
  • Deployment
  • Service

也能够将这三个局部拆分到 3 个 yaml 文件中别离执行。

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
data:
  nginx.conf: |
    user nginx;
    worker_processes  2;
    error_log  /var/log/nginx/error.log;
    events {worker_connections  1024;}

    http {
      include       mime.types;
      #sendfile        on;
      keepalive_timeout  1800;
      log_format  main
              'remote_addr:$remote_addr'
              'time_local:$time_local'
              'method:$request_method'
              'uri:$request_uri'
              'host:$host'
              'status:$status'
              'bytes_sent:$body_bytes_sent'
              'referer:$http_referer'
              'useragent:$http_user_agent'
              'forwardedfor:$http_x_forwarded_for'
              'request_time:$request_time';
      access_log        /var/log/nginx/access.log main;
      server {
          listen       80;
          server_name  localhost;
          location / {
              root   html;
              index  index.html index.htm;
          }
          error_page   500 502 503 504  /50x.html;
      }
      include /etc/nginx/conf.d/*.conf;
    }

  virtualhost.conf: |
    upstream app {
      server localhost:8080;
      keepalive 1024;
    }

    server {
      listen 80 default_server;
      root /usr/local/app;
      access_log /var/log/nginx/app.access_log main;
      error_log  /var/log/nginx/app.error_log;

      location / {
        proxy_pass http://app/;
        proxy_http_version 1.1;
      }
    }

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-demo-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-demo-nginx
  template:
    metadata:
      labels:
        app: my-demo-nginx
    spec:
      containers:
      - name: my-demo-nginx
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - mountPath: /etc/nginx/nginx.conf # mount nginx-conf volumn to /etc/nginx
          #readOnly: true
          #name: nginx-conf
          #name: my-demo-nginx
          name: nginx
          subPath: nginx.conf
        - mountPath: /var/log/nginx
          name: log
      volumes:
      - name: nginx
        configMap:
          name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx
          items:
            - key: nginx.conf
              path: nginx.conf
            - key: virtualhost.conf
              path: conf.d/virtualhost.conf # dig directory
      - name: log
        emptyDir: {}

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service #定义 service 名称为 nginx-service
  labels:
    app: nginx-service #为 service 打上 app 标签
spec:
  type: NodePort #应用 NodePort 形式开明,在每个 Node 上调配一个端口作为内部拜访入口
  #type: LoadBalancer #工作在特定的 Cloud Provider 上,例如 Google Cloud,AWS,OpenStack
  #type: ClusterIP #默认,调配一个集群外部能够拜访的虚构 IP(VIP)ports:
  - port: 8000 #port 是 k8s 集群外部拜访 service 的端口,即通过 clusterIP: port 能够拜访到某个 service
    targetPort: 80 #targetPort 是 pod 的端口,从 port 和 nodePort 来的流量通过 kube-proxy 流入到后端 pod 的 targetPort 上,最初进入容器
    nodePort: 32500 #nodePort 是内部拜访 k8s 集群中 service 的端口,通过 nodeIP: nodePort 能够从内部拜访到某个 service
  selector:
    app: my-nginx

执行该 yaml 文件,遇到了问题:
本模板 & 此实操中 Deployment 的配置,它的 spec.template.spec.containers.volumeMounts.name 的值应用 nginx 能力胜利,如果是 my-demo-nginx 则报错如下:

[root@k8s-master k8s-install]# kubectl create -f configmap-nginx.yaml
configmap/nginx-conf created
service/nginx-service created
The Deployment "my-demo-nginx" is invalid: spec.template.spec.containers[0].volumeMounts[0].name: Not found: "my-demo-nginx"

如果是 nginx-conf 则报错如下:

[root@k8s-master k8s-install]# kubectl apply -f configmap-nginx.yaml
Warning: resource configmaps/nginx-conf is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
configmap/nginx-conf configured
Warning: resource services/nginx-service is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
service/nginx-service configured
The Deployment "my-demo-nginx" is invalid: spec.template.spec.containers[0].volumeMounts[0].name: Not found: "nginx-conf"

当改为 nginx 后才失常:

[root@k8s-master k8s-install]# kubectl apply -f configmap-nginx.yaml
configmap/nginx-conf unchanged
deployment.apps/my-demo-nginx created
service/nginx-service unchanged

该报错的起因是 spec.template.spec.volumes.name 的值为 nginx,二者需保持一致( 编辑和应用 yaml 比拟蛋疼的中央也在于此:字段越多,坑越多。官网没有具体的阐明文档间接通知你每个字段的意义,以及哪里跟哪里应该保持一致,哪里须要留神什么,等等。很多货色须要你通过实际本人发现。所以 yaml 的最佳实际也不是很容易总结 )。

查看 ConfigMap、Deployment、Service、Pod 是否创立胜利:

[root@k8s-master k8s-install]# kubectl get cm nginx-conf
NAME         DATA   AGE
nginx-conf   2      12m

[root@k8s-master k8s-install]# kubectl get deploy
NAME            READY   UP-TO-DATE   AVAILABLE   AGE
my-demo-nginx   0/2     2            0           7m29s

[root@k8s-master k8s-install]# kubectl get svc nginx-service
NAME            TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
nginx-service   NodePort   10.103.221.135   <none>        8000:32500/TCP   10m

[root@k8s-master k8s-install]# kubectl get po -A | grep nginx
default       my-demo-nginx-7bff4cd4dd-hs4bx               0/1     CrashLoopBackOff   6 (4m18s ago)    10m
default       my-demo-nginx-7bff4cd4dd-tdjqd               0/1     CrashLoopBackOff   6 (4m11s ago)    10m

此时遇到了第二个问题:
查看 pod 状态发现始终是 CrashLoopBackOff 状态,阐明 pod 没有失常运行。
查看 pod 和容器的日志,均为空。
应用 describe 查看 pod 事件,只有一条无价值的信息:Back-off restarting failed container。删除方才部署的所有重复从新创立也不行。

[root@k8s-master k8s-install]# kubectl describe po my-demo-nginx-9c5b6cc8c-5bws7
Name:         my-demo-nginx-9c5b6cc8c-5bws7
Namespace:    default
Priority:     0
Node:         k8s-slave2/192.168.100.22
Start Time:   Tue, 14 Jun 2022 00:13:44 +0800
Labels:       app=my-demo-nginx
              pod-template-hash=9c5b6cc8c
Annotations:  <none>
Status:       Running
IP:           10.244.1.25
IPs:
  IP:           10.244.1.25
Controlled By:  ReplicaSet/my-demo-nginx-9c5b6cc8c
Containers:
  my-demo-nginx:
    Container ID:   docker://cd6c27ee399cce85adf64465dce43e7b361c92f5f85b46944a2749068a111a5e
    Image:          192.168.100.20:8888/my-demo/nginx
    Image ID:       docker-pullable://192.168.100.20:5000/mynginx@sha256:a12ca72a7db4dfdd981003da98491c8019d2de1da53c1bff4f1b378da5b1ca32
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Tue, 14 Jun 2022 00:14:22 +0800
      Finished:     Tue, 14 Jun 2022 00:14:22 +0800
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Tue, 14 Jun 2022 00:13:59 +0800
      Finished:     Tue, 14 Jun 2022 00:13:59 +0800
    Ready:          False
    Restart Count:  3
    Environment:    <none>
    Mounts:
      /etc/nginx/nginx.conf from nginx (rw,path="nginx.conf")
      /var/log/nginx from log (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nxbxk (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  nginx:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      nginx-conf
    Optional:  false
  log:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  kube-api-access-nxbxk:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  39s               default-scheduler  Successfully assigned default/my-demo-nginx-9c5b6cc8c-5bws7 to k8s-slave2
  Normal   Pulled     38s               kubelet            Successfully pulled image "192.168.100.20:8888/my-demo/nginx" in 135.495946ms
  Normal   Pulled     37s               kubelet            Successfully pulled image "192.168.100.20:8888/my-demo/nginx" in 68.384569ms
  Normal   Pulled     24s               kubelet            Successfully pulled image "192.168.100.20:8888/my-demo/nginx" in 81.06582ms
  Normal   Created    1s (x4 over 38s)  kubelet            Created container my-demo-nginx
  Normal   Started    1s (x4 over 38s)  kubelet            Started container my-demo-nginx
  Normal   Pulling    1s (x4 over 38s)  kubelet            Pulling image "192.168.100.20:8888/my-demo/nginx"
  Normal   Pulled     1s                kubelet            Successfully pulled image "192.168.100.20:8888/my-demo/nginx" in 178.317289ms
  Warning  BackOff    0s (x5 over 36s)  kubelet            Back-off restarting failed container

解决办法:
在 spec.template.spec.containers.image 这一行上面减少如下 3 行配置:别离是 command、args、imagePullPolicy 这个 3 个参数:

spec:
  containers:
  - name: my-demo-nginx
    image: 192.168.100.20:8888/my-demo/nginx
    command: ["/bin/bash", "-c", "--"]
    args: ["while true; do sleep 30; done;"]
    imagePullPolicy: IfNotPresent

重新部署,pod 终于失常运行:

[root@k8s-master k8s-install]# kubectl create -f configmap-nginx.yaml
configmap/nginx-conf created
deployment.apps/my-demo-nginx created
service/nginx-service created
[root@k8s-master k8s-install]# 

[root@k8s-master k8s-install]# kubectl get po
NAME                             READY   STATUS    RESTARTS   AGE
my-demo-nginx-6849476467-7bml4   1/1     Running   0          10s

起因:
本次导致 pod 始终没能失常运行的起因是援用的 nginx 镜像本身存在问题,容器中的 nginx 过程没能失常启动,所以容器和 pod 都无奈失常运行。所以减少以上参数后,应用 /bin/bash 代替 nginx 作为根过程,容器就能失常运行了。这是容器运行的设定决定的。不懂的同学再温习一下容器的内容。
晓得了问题的起因,就能晓得本次实操中起初追加的三个参数,其实外围参数只有一个,就是 command,另外两个参数可有可无。所以也能够只减少一个参数即可,例如:command: [“/bin/bash”, “-ce”, “tail -f /dev/null”]
如果是援用的 nginx 镜像没问题的话,就不会遇到第二个问题。所以这里要顺便分享下本次的解决思路: 当 pod 状态为 CrashLoopBackOff,并且 pod 和容器的日志都为空,能够思考是援用的容器镜像出了问题 。以本例来说,镜像启动容器后,本来应该运行的 nginx 过程没有启动。加个 command 参数很容易就能验进去这个问题。

如下所示,当 pod 和容器失常启动后(通过减少 command 参数),登录容器后发现,根过程是 /bin/bash,而不是 nginx,从而验证了后面的判断:

[root@k8s-master ~]# kubectl exec my-demo-nginx-6849476467-7bml4 -c my-demo-nginx -it -- /bin/bash
[root@my-demo-nginx-6849476467-7bml4 /]#
[root@my-demo-nginx-6849476467-7bml4 /]# ps aux
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0  11904  1512 ?        Ss   Jun14   0:00 /bin/bash -c -- while true; do sleep 30; done;
root       1463  0.0  0.1  12036  2096 pts/0    Ss   03:34   0:00 /bin/bash
root       1479  0.0  0.0  23032   932 ?        S    03:34   0:00 /usr/bin/coreutils --coreutils-prog-shebang=sleep /usr/bin/sleep 30
root       1480  0.0  0.0  44652  1772 pts/0    R+   03:34   0:00 ps aux

最终残缺的配置如下:

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
data:
  nginx.conf: |
    user nginx;
    worker_processes  2;
    error_log  /var/log/nginx/error.log;
    events {worker_connections  1024;}

    http {
      include       mime.types;
      #sendfile        on;
      keepalive_timeout  1800;
      log_format  main
              'remote_addr:$remote_addr'
              'time_local:$time_local'
              'method:$request_method'
              'uri:$request_uri'
              'host:$host'
              'status:$status'
              'bytes_sent:$body_bytes_sent'
              'referer:$http_referer'
              'useragent:$http_user_agent'
              'forwardedfor:$http_x_forwarded_for'
              'request_time:$request_time';
      access_log        /var/log/nginx/access.log main;
      server {
          listen       80;
          server_name  localhost;
          location / {
              root   html;
              index  index.html index.htm;
          }
          error_page   500 502 503 504  /50x.html;
      }
      include /etc/nginx/conf.d/*.conf;
    }

  virtualhost.conf: |
    upstream app {
      server localhost:8080;
      keepalive 1024;
    }

    server {
      listen 80 default_server;
      root /usr/local/app;
      access_log /var/log/nginx/app.access_log main;
      error_log  /var/log/nginx/app.error_log;

      location / {
        proxy_pass http://app/;
        proxy_http_version 1.1;
      }
    }

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-demo-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-demo-nginx
  template:
    metadata:
      labels:
        app: my-demo-nginx
    spec:
      containers:
      - name: my-demo-nginx
        image: 192.168.100.20:8888/my-demo/nginx
        command: ["/bin/bash", "-c", "--"]
        args: ["while true; do sleep 30; done;"]
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - mountPath: /etc/nginx/nginx.conf # mount nginx-conf volumn to /etc/nginx
          #readOnly: true
          #name: nginx-conf
          #name: my-demo-nginx
          name: nginx
          subPath: nginx.conf
        - mountPath: /var/log/nginx
          name: log
      volumes:
      - name: nginx
        configMap:
          name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx
          items:
            - key: nginx.conf
              path: nginx.conf
            - key: virtualhost.conf
              path: conf.d/virtualhost.conf # dig directory
      - name: log
        emptyDir: {}

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service #定义 service 名称为 nginx-service
  labels:
    app: nginx-service #为 service 打上 app 标签
spec:
  type: NodePort #应用 NodePort 形式开明,在每个 Node 上调配一个端口作为内部拜访入口
  #type: LoadBalancer #工作在特定的 Cloud Provider 上,例如 Google Cloud,AWS,OpenStack
  #type: ClusterIP #默认,调配一个集群外部能够拜访的虚构 IP(VIP)ports:
  - port: 8000 #port 是 k8s 集群外部拜访 service 的端口,即通过 clusterIP: port 能够拜访到某个 service
    targetPort: 80 #targetPort 是 pod 的端口,从 port 和 nodePort 来的流量通过 kube-proxy 流入到后端 pod 的 targetPort 上,最初进入容器
    nodePort: 32500 #nodePort 是内部拜访 k8s 集群中 service 的端口,通过 nodeIP: nodePort 能够从内部拜访到某个 service
  selector:
    app: my-nginx

正文完
 0