本文分享自华为云社区《nginx.conf以configmap文件形式挂载到nginx容器中以及subpath使用场景》,作者:可以交个朋友。
背景
nginx.conf 通过 configmap 文件形式挂载到容器内,可以更加方便的修改 nginx.conf 配置
方案简介
将配置文件 nginx.conf 以 configmap 文件的方式挂载到容器中。为了更通用,可以将使用主 nginx.conf include 指定 xx.conf 方式,主 nginx.conf 作为一个 cm,具体 xx.conf 对应一个 cm
configmap 可以通过 ENV 环境变量和文件两种方式挂载到容器中,修改 configmap 后容器中对应的 ENV 环境变量不会更新;修改 configmap 后容器中对应的 file 会自动更新,如果以 subpath 方式挂载文件,文件内容不会自动更新
将 nginx.conf 作为 configmap 挂载到容器中
1.创建 configmap
apiVersion: v1kind: ConfigMapmetadata: name: nginx-config namespace: defaultdata: nginx.conf: |+ user nginx; worker_processes 8; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; }---apiVersion: v1kind: ConfigMapmetadata: name: nginx-server-config namespace: defaultdata: server1.conf: |+ server { listen 80; server_name server1.com; location / { root /usr/share/nginx/html/; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server2.conf: |+ server { listen 81; server_name server2.com; location / { root /usr/share/nginx/html/; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
复制代码
2.部署 nginx 业务使用对应的 cm
apiVersion: apps/v1kind: Deploymentmetadata: labels: version: v1 name: test-reload namespace: defaultspec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: test-reload template: metadata: labels: app: test-reload spec: containers: - image: nginx:latest imagePullPolicy: Always name: container-1 volumeMounts: - mountPath: /etc/nginx/conf.d name: vol-168233491311961268 - mountPath: /etc/nginx/nginx.conf name: vol-168249948123126427 readOnly: true subPath: nginx.conf dnsPolicy: ClusterFirst imagePullSecrets: - name: default-secret restartPolicy: Always volumes: - configMap: defaultMode: 420 name: nginx-server-config name: vol-168233491311961268 - configMap: defaultMode: 420 name: nginx-config name: vol-168249948123126427
复制代码
subpath 拓展
subpath 的作用如下:
避免覆盖。如果挂载路径是一个已存在的目录,则目录下的内容不会被覆盖。直接将 configMap/Secret 挂载在容器的路径,会覆盖掉容器路径下原有的文件,使用 subpath 选定 configMap/Secret 的指定的 key-value 挂载在容器中,则不会覆盖掉原目录下的其他文件
文件隔离。pod 中含有多个容器公用一个日志 volume,不同容器日志路径挂载的到不同的子目录,而不是根路径(Subpath 目录会在底层存储自动创建且权限为 777,无需手动创建)
避免覆盖效果演示
1.创建一个工作负载 nginx,并用普通方式挂载 configmap 配置文件
apiVersion: v1kind: ConfigMapmetadata: name: configdata: test-subpath.conf: |+ test subpath;---apiVersion: apps/v1kind: Deploymentmetadata: labels: app: test name: testspec: replicas: 1 selector: matchLabels: app: test template: metadata: labels: app: test spec: volumes: - configMap: defaultMode: 420 name: config name: vol-168249948123126427 containers: - image: centos:latest name: centos command: - /bin/bash args: - -c - while true;do sleep 1 && echo hello;done volumeMounts: - mountPath: /tmp name: vol-168249948123126427
复制代码
2.使用 docker inspect ${容器 id}命令查看容器挂载信息,挂载目标为 tmp 目录,tmp 目录下原有内容被覆盖
[root@test-746c64649c-pzztn /]# ls -l /tmp/total 0lrwxrwxrwx 1 root root 24 Feb 27 03:02 test-subpath.conf -> ..data/test-subpath.conf
复制代码
3.创建一个工作负载 nginx,并用 subpath 方式挂载 configmap 配置文件
apiVersion: v1kind: ConfigMapmetadata: name: configdata: test-subpath.conf: |+ test subpath;---apiVersion: apps/v1kind: Deploymentmetadata: labels: app: test name: testspec: replicas: 1 selector: matchLabels: app: test template: metadata: labels: app: test spec: volumes: - configMap: defaultMode: 420 name: config name: vol-168249948123126427 containers: - image: centos:latest name: centos command: - /bin/bash args: - -c - while true;do sleep 1 && echo hello;done volumeMounts: - mountPath: /tmp/test-subpath.conf name: vol-168249948123126427 subPath: test-subpath.conf
复制代码
4.使用 docker inspect ${容器 Id}命令查看容器挂载信息,挂载目标为 test-subpath.conf 文件,所以 tmp 目录下原来的文件不会被覆盖
[root@test-7b64fd6bb-56lpp /]# ls -l /tmp/total 12-rwx------ 1 root root 701 Dec 4 2020 ks-script-esd4my7v-rwx------ 1 root root 671 Dec 4 2020 ks-script-eusq_sc5-rw-r--r-- 1 root root 14 Feb 27 03:07 test-subpath.conf
复制代码
文件隔离演示
1.创建工作负载 test,使用 hostPath 卷类型持久化日志文件
apiVersion: apps/v1kind: Deploymentmetadata: labels: app: test name: testspec: replicas: 2 selector: matchLabels: app: test template: metadata: labels: app: test spec: volumes: - hostPath: path: /tmp/log #该路径必须在节点上已存在 name: vol-168249948123126427 containers: - image: centos:latest name: centos env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name command: - /bin/bash args: - -c - while true;do echo $(POD_NAME) >> /tmp/log/app.log && sleep 900 ;done volumeMounts: - mountPath: /tmp/log name: vol-168249948123126427 subPathExpr: $(POD_NAME)
复制代码
2.两个 Pod 实例调度至同一个节点
[root@test ~]# kubectl get pod -owide -l app=testNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATEStest-69dfc665cd-2nhg5 1/1 Running 0 95s 172.16.4.59 172.16.2.172 <none> <none>test-69dfc665cd-z7rsj 1/1 Running 0 77s 172.16.4.25 172.16.2.172 <none> <none>
复制代码
3.进入容器内查看日志文件
[root@test ~]# kubectl exec -it test-69dfc665cd-2nhg5 bash[root@test-69dfc665cd-2nhg5 /]# cat /tmp/log/app.log test-69dfc665cd-2nhg5[root@test-69dfc665cd-2nhg5 /]# exitexit[root@test ~]# kubectl exec -it test-69dfc665cd-z7rsj bash[root@test-69dfc665cd-z7rsj /]# cat /tmp/log/app.log test-69dfc665cd-z7rsj
复制代码
4.在节点上查看挂载路径,每个 Pod 的日志文件用目录进行隔离,目录名为 Pod 名称
[root@172 log]# pwd/tmp/log[root@172 log]# lltotal 0drwxr-xr-x 2 root root 60 Feb 27 15:08 test-69dfc665cd-2nhg5drwxr-xr-x 2 root root 60 Feb 27 15:09 test-69dfc665cd-z7rsj[root@172 log]# cat test-69dfc665cd-2nhg5/app.log test-69dfc665cd-2nhg5[root@172 log]# cat test-69dfc665cd-z7rsj/app.log test-69dfc665cd-z7rsj
复制代码
点击关注,第一时间了解华为云新鲜技术~
评论