kubernetes

configmap 으로 값 전달

misankim 2023. 3. 9. 22:22

configmap 으로 값 전달




# configmap 생성하여 파드의 특정 경로에 마운트

apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-nginx
data:
  default.conf:  |+
    server {
        listen       80;
        listen  [::]:80;
        server_name  localhost;

        #access_log  /var/log/nginx/host.access.log  main;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

  nginx.conf:  |+
    user  nginx;
    worker_processes  auto;

    error_log  /var/log/nginx/error.log notice;
    pid        /var/run/nginx.pid;

    events {
        worker_connections  2048;
    }

    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';

        access_log  /var/log/nginx/access.log  main;

        sendfile        on;
        #tcp_nopush     on;

        keepalive_timeout  65;

        #gzip  on;

        include /etc/nginx/conf.d/*.conf;
    }
---
apiVersion: v1
kind: Pod
metadata:
  name: configmap-pod
spec:
  containers:
  - name: mycontainer
    image: nginx
    ports:
    - containerPort: 80
      protocol: TCP
    volumeMounts:
    - name: conf
      mountPath: /etc/nginx/conf.d/default.conf
      subPath: default.conf
    - name: conf
      mountPath: /etc/nginx/nginx.conf
      subPath: nginx.conf
  volumes:
  - name: conf
    configMap:
      name: cm-nginx


## 확인

➜  [test123] kubectl exec -it configmap-pod -- ls -al /etc/nginx/nginx.conf
-rw-r--r-- 1 root root 645 May 23 09:02 /etc/nginx/nginx.conf

➜  [test123] kubectl exec -it configmap-pod -- ls -al /etc/nginx/conf.d/default.conf
-rw-r--r-- 1 root root 469 May 23 09:02 /etc/nginx/conf.d/default.conf

➜  [test123] kubectl exec -it configmap-pod -- cat /etc/nginx/nginx.conf
user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  2048;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

➜  [test123] k exec -it configmap-pod -- cat /etc/nginx/conf.d/default.conf
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

➜  [test123] kubectl exec -it configmap-pod -- cat /etc/nginx/conf.d/default.conf
server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}


# 파일에서 configmap 생성
-> --dry-run=server 옵션으로 출력만 할 수 있음

vim my.cnf

[mysqld]
skip-host-cache
skip-name-resolve
datadir=/var/lib/mysql
socket=/var/run/mysqld/mysqld.sock
secure-file-priv=/var/lib/mysql-files
user=mysql
symbolic-links=0
pid-file=/var/run/mysqld/mysqld.pid
character-set-server = utf8
collation-server = utf8_general_ci

[client]
socket=/var/run/mysqld/mysqld.sock
default-character-set = utf8
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/


kubectl create configmap [configmap_이름] --from-file=[configmap에서_보여지는_파일명]=[실제_파일경로] -o yaml --dry-run=server

kubectl create configmap mysql-conf --from-file=mysql.conf=my.cnf -o yaml --dry-run=server

실제 출력(출력만하고 생성은 하지 않음)
apiVersion: v1
data:
  mysql.conf: |+
    [mysqld]
    skip-host-cache
    skip-name-resolve
    datadir=/var/lib/mysql
    socket=/var/run/mysqld/mysqld.sock
    secure-file-priv=/var/lib/mysql-files
    user=mysql
    symbolic-links=0
    pid-file=/var/run/mysqld/mysqld.pid
    character-set-server = utf8
    collation-server = utf8_general_ci

    [client]
    socket=/var/run/mysqld/mysqld.sock
    default-character-set = utf8
    !includedir /etc/mysql/conf.d/
    !includedir /etc/mysql/mysql.conf.d/

kind: ConfigMap
metadata:
  creationTimestamp: "2022-12-08T05:08:58Z"
  name: mysql-conf
  namespace: my-flask-app
  uid: 64633b55-8b9f-4121-a6da-59851dff8dea


# kustomize 로 설정 파일을 configmap 으로 변환

vim default.conf

server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}


vim nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  2048;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}


vim kustomization.yaml

namespace: my-flask-app
configMapGenerator:
- name: cm-nginx
  files:
  - default.conf
  - nginx.conf
generatorOptions:
  disableNameSuffixHash: true
  labels:
    type: generated
  annotations:
    note: generated


kubectl kustomize ./


# configmap 생성하여 환경변수로 사용

vim configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: cm-mgmt
data:
  LDAP_SERVER: "ldaps://10.0.0.18:636"
  LDAP_ROOT_DN: "dc=example,dc=com"
  LDAP_OU: "ou=secuser"
  LDAP_ADMINS: '["abc@abc.com", "test@test.com"]'

 



vim rollout.yaml

apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: mgmt
spec:
...
  template:
    metadata:
      labels:
        app: mgmt
    spec:
      terminationGracePeriodSeconds: 30
      containers:
      - name: mgmt
        image: asia.gcr.io/my-project-id/mgmt:2.0
        imagePullPolicy: Always
...
        env:
          - name: "LDAP_SERVER"
            valueFrom:
              configMapKeyRef:
                name: cm-mgmt
                key: LDAP_SERVER
          - name: "LDAP_ROOT_DN"
            valueFrom:
              configMapKeyRef:
                name: cm-mgmt
                key: LDAP_ROOT_DN
          - name: "LDAP_OU"
            valueFrom:
              configMapKeyRef:
                name: cm-mgmt
                key: LDAP_OU
          - name: "LDAP_ADMINS"
            valueFrom:
              configMapKeyRef:
                name: cm-mgmt
                key: LDAP_ADMINS

 
혹은 envFrom.configMapRef 사용하여 설정

        env:
          - name: "DEBUG"
            value: "False"
        envFrom:
        - configMapRef:
            name: cm-mgmt
        volumeMounts:
        - mountPath: "/var/secrets"
          name: secret-vol​