Deamonset
deamonSet可以保证集群的每一个物理节点上都可以运行某些服务的一个pod,就是说集群增加一个node,他自动在这个node上部署该服务。这适合监控、日志收集等服务。
部署deamonset:
apiVsersion: apps/v1
kind: DeamonSet
metadata:
name: deamonset1
namespace: kube-system
spec:
selector:
matchLabels:
app: fluentd-elasticsearch
template:
metadata:
name: fluentd-elasticsearch
labels:
app: fluentd-elasticsearch
spec:
containers:
- name: fluentd-elasticsearch
image: xianchao/fluentd:v2.5.1
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
toletations:
- key: node-role.kubernetes.io/master
effect: NoSchedule然后会在每一个节点上部署一个pod,包括master节点(因为设置了toleration)。
deamonset保证一个node上只有一个pod,所以它的更新策略是,先停掉原本的pod,然后再启动新的pod。
configMap
configmap用于保存非机密性的配置,从而让相同的镜像可以部署在不同的运行环境中。
k8s通过configMap实现了配置和镜像的分离,从而减少镜像的大小,增强镜像的可移植性和可复制性,而且方便配置的管理。configMap可以做成volume卷,pod启动后就会自动挂载到容器里面,对代码没有侵入。
在微服务架构中,存在多个服务共享配置的情况,这种情况每个服务单独配置就很麻烦,如果通过configmap就可以友好的进行配置共享。
创建configMap
1.通过命令行创建configMap,其中的标签有--from-literal
kubectl create configmap tomcat-config --from-literal=tomcat_port=80 --from-literal=server_name=myapp.tomcat.com
configmap/tomcat-config created
[root@master yam_files]# kubectl get configmap
NAME DATA AGE
kube-root-ca.crt 1 15d
tomcat-config 2 13s
[root@master yam_files]# kubectl describe configmap tomcat-config
Name: tomcat-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
server_name:
----
myapp.tomcat.com
tomcat_port:
----
8080
BinaryData
====
Events: <none>2.通过编写文件来创建configMap,标签有from-file,其中规定了这个configmap的名字叫做www
[root@master configmap]# cat nginx.conf
server {
server_name www.nginx.com;
listen 80;
root /home/nginx/www
}
[root@master configmap]# kubectl create configmap www-nginx --from-file=www=./nginx.conf
查看config文件,这个配置的key为www
[root@master configmap]# kubectl describe configmap www-nginx
Name: www-nginx
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
www:
----
server {
server_name www.nginx.com;
listen 80;
root /home/nginx/www
}
BinaryData
====
Events: <none>
3.通过指定文件路径来创建configMap
[root@master aa]# cat my_server.cnf
server_id =1
[root@master aa]# cat my_slave.cnf
server_id =2
[root@master configmap]# kubectl create configmap server-config --from-file=./aa
configmap/server-config created
[root@master configmap]# kubectl describe cm server-config
Name: server-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
my_server.cnf:
----
server_id =1
my_slave.cnf:
----
server_id =2
BinaryData
====
Events: <none>4.通过yaml资源清单创建configmap,这里的cnf文件因为是多行的,所以需要在文件名称后面打竖线
# cat mysql-configmap.yaml
>
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql
labels:
app: mysql
data:
master.cnf: |
[mysqld]
log-bin
log_bin_trust_function_creators=1
lower_case_table_names=1
slave.cnf: |
[mysqld]
super-read-only
log_bin_trust_function_creators=1将configMap配置给pod
1.通过configMapKeyRef配置pod
写一个configMap文件,再写一个pod文件
[root@master configmap]# cat mysql.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: mysql
labels:
app: mysql
data:
log: "1"
lower: "1"
[root@master configmap]# kubectl apply -f mysql.yaml
configmap/mysql created
[root@master configmap]# cat mysql-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql-pod
spec:
containers:
- name: mysql
image: busybox
command: [ "/bin/sh", "-c", "sleep 3600" ]
env:
- name: log_bin #定义环境变量 log_bin
valueFrom:
configMapKeyRef:
name: mysql #指定 configmap 的名字
key: log #指定 configmap 中的 key
- name: lower #定义环境变量 lower
valueFrom:
configMapKeyRef:
name: mysql
key: lower
restartPolicy: Never可以看到通过env字段中的configMapkeyRef字段,就可以把configmap中的值挂载到pod的环境变量中。
创建pod后查看环境变量,会看到挂载的值
[root@master configmap]# kubectl exec -it mysql-pod -- /bin/sh
/ # printenv
log_bin=1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
HOSTNAME=mysql-pod
MY_NGINX_NODEPORT_SERVICE_HOST=10.99.238.240
SHLVL=1
HOME=/root
MY_NGINX_NODEPORT_PORT=tcp://10.99.238.240:80
MY_NGINX_NODEPORT_SERVICE_PORT=80
TERM=xterm
MY_NGINX_NODEPORT_PORT_80_TCP_ADDR=10.99.238.240
lower=1
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MY_NGINX_NODEPORT_PORT_80_TCP_PORT=80
MY_NGINX_NODEPORT_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
MY_NGINX_NODEPORT_PORT_80_TCP=tcp://10.99.238.240:80
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
2.通过envfrom将configmap应用到pod,直接将configmap都挂载到pod
apiVersion: v1
kind: Pod
metadata:
name: mysql-pod-envfrom
spec:
containers:
- name: busybox
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","sleep 3600"]
envFrom:
- configMapRef:
name: mysql
restartPolicy: Never运行后进入该pod,查看环境变量,可以看到生效:
[root@master configmap]# kubectl exec -it mysql-pod-envfrom -c busybox -- /bin/sh
/ # printenv
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT=443
HOSTNAME=mysql-pod-envfrom
MY_NGINX_NODEPORT_SERVICE_HOST=10.99.238.240
SHLVL=1
HOME=/root
MY_NGINX_NODEPORT_PORT=tcp://10.99.238.240:80
MY_NGINX_NODEPORT_SERVICE_PORT=80
TERM=xterm
MY_NGINX_NODEPORT_PORT_80_TCP_ADDR=10.99.238.240
lower=1
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MY_NGINX_NODEPORT_PORT_80_TCP_PORT=80
log=1
KUBERNETES_PORT_443_TCP_PORT=443
MY_NGINX_NODEPORT_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PROTO=tcp
MY_NGINX_NODEPORT_PORT_80_TCP=tcp://10.99.238.240:80
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
3.通过卷挂载将configmap传给pod,可以在pod内部看到配置文件,这是最常见的一种挂载configmap的方式
[root@master configmap]# cat mysql-config-volume.yaml
apiVersion: v1
kind: Pod
metadata:
name: mysql-pod-volumes
spec:
containers:
- name: busybox
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","sleep 3600"]
volumeMounts:
- name: mysql-config
mountPath: /tmp/config
volumes:
- name: mysql-config
configMap:
name: mysql
restartPolicy: Never
[root@master configmap]# kubectl exec -it mysql-pod-volumes -c busybox -- /bin/sh
/ # cd /tmp
/tmp # ls
config
/tmp # cd config
/tmp/config # ls
log lower
/tmp/config # exit
此时如果查看环境变量是不会有lower 和log的,因为这一次挂载的是卷的形式。
configmap热更新
通过卷挂载的config可以实现热更新,而通过环境变量的不行。
现在修改mysql这个configMap的值,分别看看在mysql-config-envfrom和mysql-config-volume两个pod里面的值的更新状况。
将mysql里面的log改为2,进入mysql-config-volume可以看到log已被修改
[root@master configmap]# kubectl edit cm mysql
configmap/mysql edited
[root@master configmap]# kubectl exec -it mysql-pod-volumes -c busybox -- /bin/sh
/ # cd /tmp/config
/tmp/config # ls
log lower
/tmp/config # cat log
2/tmp/config # exit而mysql-config-envfrom的环境变量没有改变。所以挂载卷是configMap最合适的方式。
[root@master configmap]# kubectl exec -it mysql-pod-envfrom -c busybox -- /bin/sh
/ # printenv
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT=443
HOSTNAME=mysql-pod-envfrom
MY_NGINX_NODEPORT_SERVICE_HOST=10.99.238.240
SHLVL=1
HOME=/root
MY_NGINX_NODEPORT_PORT=tcp://10.99.238.240:80
MY_NGINX_NODEPORT_SERVICE_PORT=80
TERM=xterm
MY_NGINX_NODEPORT_PORT_80_TCP_ADDR=10.99.238.240
lower=1
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MY_NGINX_NODEPORT_PORT_80_TCP_PORT=80
log=1
KUBERNETES_PORT_443_TCP_PORT=443
MY_NGINX_NODEPORT_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PROTO=tcp
MY_NGINX_NODEPORT_PORT_80_TCP=tcp://10.99.238.240:80
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
/ # secret
configmap保存的是明文的配置,而有些敏感的数据,需要用secret数据。secret解决了密码、token、密钥等的配置问题,而不需要把敏感数据暴露到镜像或者pod中。
secret有三种类型:generic: 通用类型,通常用于存储密码数据。 tls:此类型仅用于存储私钥和证书。 docker-registry: 若要保存 docker 仓库的认证信息的话,就必须使用此种类型来创建。
1.通过命令行定义
kubectl create secret generic sqlsecret --from-literal=password=fdflhs --from-literal=username=admin1则创建了一个secret,通过kubectl describe查看
[root@master secret]# kubectl describe secret sqlsecret
Name: sqlsecret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
password: 9 bytes
username: 6 bytes
2.通过环境变量引入上面的secret
定义一个pod
apiVersion: v1
kind: Pod
metadata:
name: sql-secret
spec:
containers:
- name: busybox
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","sleep 3600"]
env:
- name:MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: password
name:sqlsecret
- name:MYSQL_USERNAME
valueFrom:
secretKeyRef:
key: username
name:sqlsecret
查看pod的环境变量,发现引入成功
3.通过卷挂载
定义secret卷
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: SSBhbSBtYWNoaW5l定义一个pod的yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-secret-volume
spec:
containers:
- name: busybox
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh","-c","sleep 3600"]
volumeMounts:
- name: secret-volume
mountPath: /tmp/config
volumes:
- name: secret-volume
secret:
secretName: mysecret创建pod后,进入pod,查看挂载的目录,发现了解密后的password和username文件。
[root@master secret]# kubectl exec -it pod-secret-volume -c busybox -- /bin/sh
/ # cd tmp
/tmp # ls
config
/tmp # cd config
/tmp/config # ls
password username
/tmp/config # cat password
I am machine
/tmp/config # cat usernmae
/tmp/config # cat username
admin
/tmp/config # exit
尝试热更新,成功
[root@master secret]# kubectl exec -it pod-secret-volume -c busybox -- /bin/sh
/ # cd /tmp/config
/tmp/config # ls
password username
/tmp/config # cat username
hahades
/tmp/config # 
