琼杰笔记一、简介
在编写kubernetes的manifest清单文件的时候,一般会涉及到变量的使用,用以替换yaml文件中某字段的实际值。我们在实际使用过程中,为了使目录结构简单明了,通常会结合kustomize来渲染清单文件,从而对kubernetes的对象进行控制和管理。下面就针对kustomization来对变量的定义和使用做演示。
二、文件格式变量
1.定义变量
1.在自定义文件中定义变量
在文件中以key=value的形式定义变量,多个变量可以写多行。如下,编辑名为params.env的文件,内容如下:
COP_DUMP_URL=__COP_DUMP_URL__
2.定义变量可使用位置
如下所示,列出来的项目不一定全面,如果所定义的变量无法引用可以基于如下内容进行补充。
varReference: - path: metadata/name kind: Deployment - path: metadata/namespace kind: Deployment - path: metadata/labels kind: Deployment - path: spec/template/metadata/labels kind: Deployment - path: spec/template/spec/containers/name kind: Deployment - path: spec/template/spec/containers/env/value kind: Deployment - path: spec/template/spec/containers/env/valueFrom/secretKeyRef kind: Deployment - path: spec/template/spec/containers/volumeMounts/name kind: Deployment - path: spec/template/spec/containers/volumeMounts/mountPath kind: Deployment - path: spec/template/spec/containers/envFrom/configMapRef kind: Deployment - path: spec/template/spec/containers/envFrom/secretRef kind: Deployment - path: spec/template/spec/volumes/configMap/name kind: Deployment - path: spec/template/spec/volumes/secret/secretName kind: Deployment - path: spec/template/spec/volumes/secret/items/key kind: Deployment - path: spec/template/spec/volumes/secret/items/path kind: Deployment - path: spec/template/spec/volumes/name kind: Deployment - path: spec/selector/matchLabels kind: Deployment - path: metadata/labels kind: Service - path: metadata/name kind: Service - path: metadata/namespace kind: Service - path: metadata/annotations kind: Service - path: spec/ports/name kind: Service - path: spec/selector kind: Service - path: metadata/name kind: Ingress - path: metadata/namespace kind: Ingress - path: spec/rules/http/paths/backend kind: Ingress - path: spec/rules/host kind: Ingress - path: spec/tls/secretName kind: Ingress - path: spec/tls/hosts kind: Ingress - path: metadata/name kind: BackendConfig - path: metadata/namespace kind: BackendConfig - path: metadata/name kind: Namespace - path: metadata/name kind: Secret - path: metadata/namespace kind: Secret - path: data kind: Secret - path: metadata/name kind: ConfigMap - path: metadata/namespace kind: ConfigMap - path: data kind: ConfigMap - path: metadata/name kind: VirtualService - path: metadata/namespace kind: VirtualService - path: spec/gateways kind: VirtualService - path: spec/http/route/destination/host kind: VirtualService - path: metadata/name kind: Gateway - path: metadata/namespace kind: Gateway
3.在kustomization.yaml中定义变量
这里定义的主要作用是对前面定义的parames.env和params.yaml的引用,原理是通过将变量内容创建为configmap,然后从configmap中读取变量。参考内容如下:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- job.yaml
vars:
- name: COP_DUMP_URL
objref:
kind: ConfigMap
name: update-esa-policy-cop
apiVersion: v1
fieldref:
fieldpath: data.COP_DUMP_URL
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: update-esa-policy-cop
env: params.env
configurations:
- params.yaml
2.使用变量
这里使用变量就比较简单了,只需要在yaml清单文件中通过$()的方式进行引用。如下$(COP_DUMP_URL):
---
apiVersion: batch/v1
kind: Job
metadata:
name: update-esa-policy-cop
namespace: edsf-dsg
labels:
app.kubernetes.io/name: update-esa-policy-cop
app.kubernetes.io/instance: update-esa-policy-cop
spec:
backoffLimit: 0
template:
metadata:
labels:
app.kubernetes.io/name: update-esa-policy-cop
spec:
automountServiceAccountToken: false
restartPolicy: Never
containers:
- args:
- "-c"
- "curl -k $(COP_DUMP_URL) -o /var/data/policy/cop_dump.tgz"
command:
- "/bin/sh"
name: update-esa-policy-cop
image: update-esa-policy-cop
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
volumeMounts:
- name: policy-storage
mountPath: /var/data/policy
subPath: policy-storage
resources:
limits:
cpu: 500m
memory: 3500Mi
requests:
cpu: 200m
memory: 256Mi
volumes:
- name: policy-storage
persistentVolumeClaim:
claimName: dsg-policy-pv-claim
三、pod信息变量
将pod信息作为变量传递给容器,一般有两种使用场景:
1.用 Pod 字段作为环境变量的值
参考代码如下:
apiVersion: v1
kind: Pod
metadata:
name: dapi-envars-fieldref
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox
command: [ "sh", "-c"]
args:
- while true; do
echo -en '\n';
printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE;
printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT;
sleep 10;
done;
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MY_POD_SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
restartPolicy: Never
这个配置文件中,你可以看到五个环境变量。env 字段是一个 EnvVars. 对象的数组。 数组中第一个元素指定 MY_NODE_NAME 这个环境变量从 Pod 的 spec.nodeName 字段获取变量值。 同样,其它环境变量也是从 Pod 的字段获取它们的变量值。
2.用 Container 字段作为环境变量的值
参考代码如下:
apiVersion: v1
kind: Pod
metadata:
name: dapi-envars-resourcefieldref
spec:
containers:
- name: test-container
image: k8s.gcr.io/busybox:1.24
command: [ "sh", "-c"]
args:
- while true; do
echo -en '\n';
printenv MY_CPU_REQUEST MY_CPU_LIMIT;
printenv MY_MEM_REQUEST MY_MEM_LIMIT;
sleep 10;
done;
resources:
requests:
memory: "32Mi"
cpu: "125m"
limits:
memory: "64Mi"
cpu: "250m"
env:
- name: MY_CPU_REQUEST
valueFrom:
resourceFieldRef:
containerName: test-container
resource: requests.cpu
- name: MY_CPU_LIMIT
valueFrom:
resourceFieldRef:
containerName: test-container
resource: limits.cpu
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
containerName: test-container
resource: requests.memory
- name: MY_MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: test-container
resource: limits.memory
restartPolicy: Never
这个配置文件中,你可以看到四个环境变量。env 字段是一个 EnvVars. 对象的数组。数组中第一个元素指定 MY_CPU_REQUEST 这个环境变量从 Container 的 requests.cpu 字段获取变量值。同样,其它环境变量也是从 Container 的字段获取它们的变量值。
评论前必须登录!
注册