kubernetes
configmap 으로 값 전달
misankim
2023. 3. 9. 22:22
configmap 으로 값 전달
# configmap 생성하여 파드의 특정 경로에 마운트
apiVersion: v1
kind: ConfigMap
metadata:
name: cm-nginx
data:
default.conf: |+
server {
listen 80;
listen [::]:80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
nginx.conf: |+
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
---
apiVersion: v1
kind: Pod
metadata:
name: configmap-pod
spec:
containers:
- name: mycontainer
image: nginx
ports:
- containerPort: 80
protocol: TCP
volumeMounts:
- name: conf
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
- name: conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: conf
configMap:
name: cm-nginx## 확인
➜ [test123] kubectl exec -it configmap-pod -- ls -al /etc/nginx/nginx.conf
-rw-r--r-- 1 root root 645 May 23 09:02 /etc/nginx/nginx.conf➜ [test123] kubectl exec -it configmap-pod -- ls -al /etc/nginx/conf.d/default.conf
-rw-r--r-- 1 root root 469 May 23 09:02 /etc/nginx/conf.d/default.conf➜ [test123] kubectl exec -it configmap-pod -- cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
➜ [test123] k exec -it configmap-pod -- cat /etc/nginx/conf.d/default.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}➜ [test123] kubectl exec -it configmap-pod -- cat /etc/nginx/conf.d/default.conf
server {
listen 80;
listen [::]:80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}# 파일에서 configmap 생성
-> --dry-run=server 옵션으로 출력만 할 수 있음
vim my.cnf[mysqld]
skip-host-cache
skip-name-resolve
datadir=/var/lib/mysql
socket=/var/run/mysqld/mysqld.sock
secure-file-priv=/var/lib/mysql-files
user=mysql
symbolic-links=0
pid-file=/var/run/mysqld/mysqld.pid
character-set-server = utf8
collation-server = utf8_general_ci
[client]
socket=/var/run/mysqld/mysqld.sock
default-character-set = utf8
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/kubectl create configmap [configmap_이름] --from-file=[configmap에서_보여지는_파일명]=[실제_파일경로] -o yaml --dry-run=serverkubectl create configmap mysql-conf --from-file=mysql.conf=my.cnf -o yaml --dry-run=server실제 출력(출력만하고 생성은 하지 않음)
apiVersion: v1
data:
mysql.conf: |+
[mysqld]
skip-host-cache
skip-name-resolve
datadir=/var/lib/mysql
socket=/var/run/mysqld/mysqld.sock
secure-file-priv=/var/lib/mysql-files
user=mysql
symbolic-links=0
pid-file=/var/run/mysqld/mysqld.pid
character-set-server = utf8
collation-server = utf8_general_ci
[client]
socket=/var/run/mysqld/mysqld.sock
default-character-set = utf8
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
kind: ConfigMap
metadata:
creationTimestamp: "2022-12-08T05:08:58Z"
name: mysql-conf
namespace: my-flask-app
uid: 64633b55-8b9f-4121-a6da-59851dff8dea# kustomize 로 설정 파일을 configmap 으로 변환
vim default.confserver {
listen 80;
listen [::]:80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}vim nginx.confuser nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}vim kustomization.yamlnamespace: my-flask-app
configMapGenerator:
- name: cm-nginx
files:
- default.conf
- nginx.conf
generatorOptions:
disableNameSuffixHash: true
labels:
type: generated
annotations:
note: generatedkubectl kustomize ./# configmap 생성하여 환경변수로 사용
vim configmap.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: cm-mgmt
data:
LDAP_SERVER: "ldaps://10.0.0.18:636"
LDAP_ROOT_DN: "dc=example,dc=com"
LDAP_OU: "ou=secuser"
LDAP_ADMINS: '["abc@abc.com", "test@test.com"]'
vim rollout.yamlapiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: mgmt
spec:
...
template:
metadata:
labels:
app: mgmt
spec:
terminationGracePeriodSeconds: 30
containers:
- name: mgmt
image: asia.gcr.io/my-project-id/mgmt:2.0
imagePullPolicy: Always
...
env:
- name: "LDAP_SERVER"
valueFrom:
configMapKeyRef:
name: cm-mgmt
key: LDAP_SERVER
- name: "LDAP_ROOT_DN"
valueFrom:
configMapKeyRef:
name: cm-mgmt
key: LDAP_ROOT_DN
- name: "LDAP_OU"
valueFrom:
configMapKeyRef:
name: cm-mgmt
key: LDAP_OU
- name: "LDAP_ADMINS"
valueFrom:
configMapKeyRef:
name: cm-mgmt
key: LDAP_ADMINS혹은 envFrom.configMapRef 사용하여 설정
env:
- name: "DEBUG"
value: "False"
envFrom:
- configMapRef:
name: cm-mgmt
volumeMounts:
- mountPath: "/var/secrets"
name: secret-vol