ConfigMap挂载与Subpath在Nginx容器中的应用
本文分享自华为云社区《nginx.conf以configmap文件形式挂载到nginx容器中以及subpath利用场景》,作者:可以交个朋侪。背景
nginx.conf通过configmap文件形式挂载到容器内,可以更加方便的修改nginx.conf配置
方案简介
将配置文件nginx.conf以configmap文件的方式挂载到容器中。为了更通用,可以将利用主nginx.conf include 指定xx.conf方式,主nginx.conf作为一个cm,具体xx.conf对应一个cm
configmap可以通过ENV环境变量和文件两种方式挂载到容器中,修改configmap后容器中对应的ENV环境变量不会更新;修改configmap后容器中对应的file会自动更新,如果以subpath方式挂载文件,文件内容不会自动更新将nginx.conf作为configmap挂载到容器中
1.创建configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: default
data:
nginx.conf: |+
usernginx;
worker_processes8;
error_log/var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections1024;
}
http {
include /etc/nginx/mime.types;
default_typeapplication/octet-stream;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log/var/log/nginx/access.logmain;
sendfile on;
keepalive_timeout65;
#gzipon;
include /etc/nginx/conf.d/*.conf;
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-server-config
namespace: default
data:
server1.conf: |+
server {
listen 80;
server_nameserver1.com;
location / {
root /usr/share/nginx/html/;
indexindex.html index.htm;
}
error_page 500 502 503 504/50x.html;
location = /50x.html {
root html;
}
}
server2.conf: |+
server {
listen 81;
server_nameserver2.com;
location / {
root /usr/share/nginx/html/;
indexindex.html index.htm;
}
error_page 500 502 503 504/50x.html;
location = /50x.html {
root html;
}
}2.部署nginx业务利用对应的cm
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
version: v1
name: test-reload
namespace: default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: test-reload
template:
metadata:
labels:
app: test-reload
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: container-1
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: vol-168233491311961268
- mountPath: /etc/nginx/nginx.conf
name: vol-168249948123126427
readOnly: true
subPath: nginx.conf
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: default-secret
restartPolicy: Always
volumes:
- configMap:
defaultMode: 420
name: nginx-server-config
name: vol-168233491311961268
- configMap:
defaultMode: 420
name: nginx-config
name: vol-168249948123126427subpath拓展
subpath的作用如下:
[*]避免覆盖。如果挂载路径是一个已存在的目次,则目次下的内容不会被覆盖。直接将configMap/Secret挂载在容器的路径,会覆盖掉容器路径下原有的文件,利用subpath选定configMap/Secret的指定的key-value挂载在容器中,则不会覆盖掉原目次下的其他文件
[*]文件隔离。pod中含有多个容器公用一个日志volume,差别容器日志路径挂载的到差别的子目次,而不是根路径(Subpath目次会在底层存储自动创建且权限为777,无需手动创建)
避免覆盖效果演示
1.创建一个工作负载nginx,并用平常方式挂载configmap配置文件
apiVersion: v1
kind: ConfigMap
metadata:
name: config
data:
test-subpath.conf: |+
test subpath;
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test
name: test
spec:
replicas: 1
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
volumes:
- configMap:
defaultMode: 420
name: config
name: vol-168249948123126427
containers:
- image: centos:latest
name: centos
command:
- /bin/bash
args:
- -c
- while true;do sleep 1 &&echo hello;done
volumeMounts:
- mountPath: /tmp
name: vol-1682499481231264272.利用docker inspect ${容器id}命令查看容器挂载信息,挂载目标为tmp目次,tmp目次下原有内容被覆盖
https://alliance-communityfile-drcn.dbankcdn.com/FileServer/getFile/cmtybbs/519/984/817/2850086000519984817.20240305104658.74985364613750686002478595007898:50001231000000:2800:55CCF566D88C3DA31F4C05A93B56BA1FCA7AD9645786BEC21109587C4A5A398B.png
# ls -l /tmp/
total 0
lrwxrwxrwx 1 root root 24 Feb 27 03:02 test-subpath.conf -> ..data/test-subpath.conf3.创建一个工作负载nginx,并用subpath方式挂载configmap配置文件
apiVersion: v1
kind: ConfigMap
metadata:
name: config
data:
test-subpath.conf: |+
test subpath;
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test
name: test
spec:
replicas: 1
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
volumes:
- configMap:
defaultMode: 420
name: config
name: vol-168249948123126427
containers:
- image: centos:latest
name: centos
command:
- /bin/bash
args:
- -c
- while true;do sleep 1 &&echo hello;done
volumeMounts:
- mountPath: /tmp/test-subpath.conf
name: vol-168249948123126427
subPath: test-subpath.conf4.利用docker inspect ${容器Id}命令查看容器挂载信息,挂载目标为test-subpath.conf文件,所以tmp目次下原来的文件不会被覆盖
https://alliance-communityfile-drcn.dbankcdn.com/FileServer/getFile/cmtybbs/519/984/817/2850086000519984817.20240305104658.61863822583239128702403303131873:50001231000000:2800:5EBCE9317DCE8368A873F8628A6488588704159BDB660521857CF64F0857263C.png
# ls -l /tmp/
total 12
-rwx------ 1 root root 701 Dec42020 ks-script-esd4my7v
-rwx------ 1 root root 671 Dec42020 ks-script-eusq_sc5
-rw-r--r-- 1 root root14 Feb 27 03:07 test-subpath.conf文件隔离演示
1.创建工作负载test,利用hostPath卷类型长期化日志文件
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: test
name: test
spec:
replicas: 2
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
volumes:
- hostPath:
path: /tmp/log #该路径必须在节点上已存在
name: vol-168249948123126427
containers:
- image: centos:latest
name: centos
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command:
- /bin/bash
args:
- -c
- while true;do echo $(POD_NAME) >> /tmp/log/app.log && sleep 900 ;done
volumeMounts:
- mountPath: /tmp/log
name: vol-168249948123126427
subPathExpr: $(POD_NAME)2.两个Pod实例调度至同一个节点
# kubectl get pod -owide -l app=test
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-69dfc665cd-2nhg5 1/1 Running 0 95s 172.16.4.59 172.16.2.172 <none> <none>
test-69dfc665cd-z7rsj 1/1 Running 0 77s 172.16.4.25 172.16.2.172 <none> <none>3.进入容器内查看日志文件
# kubectl exec -it test-69dfc665cd-2nhg5 bash
# cat /tmp/log/app.log
test-69dfc665cd-2nhg5
# exit
exit
# kubectl exec -it test-69dfc665cd-z7rsj bash
# cat /tmp/log/app.log
test-69dfc665cd-z7rsj4.在节点上查看挂载路径,每个Pod的日志文件用目次进行隔离,目次名为Pod名称
# pwd
/tmp/log
# ll
total 0
drwxr-xr-x 2 root root 60 Feb 27 15:08 test-69dfc665cd-2nhg5
drwxr-xr-x 2 root root 60 Feb 27 15:09 test-69dfc665cd-z7rsj
# cat test-69dfc665cd-2nhg5/app.log
test-69dfc665cd-2nhg5
# cat test-69dfc665cd-z7rsj/app.log
test-69dfc665cd-z7rsj点击关注,第一时间相识华为云新鲜技能~
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]