Kevin
536 words
3 minutes
kubernetes-configuration
2024-11-27
K8S
kubernetes
config

1.ConfigMap#

概述#

  • overview
    kubernetes 对象, 通过键值对为 Pod 提供配置信息, 环境变量或文件

  • 用途
    存储非机密性配置信息

  • 优势
    灵活性:更新配置信息,无需重新部署应用
    易读性:明文显示
    分离关注点:配置内容与应用程序代码分离

创建与管理#

  • kubectl操作
    kubectl create configmap my-configmap --from-literal=key1=value1 通过命令直接创建
    kubectl create configmap my-config --from-file=path/to/config/file

  • YAML文件操作

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-configmap
data:
  key: value
  another-key: another-value

挂载方式#

  • 环境变量
  • 文件挂载
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  volumes: # 在spec中指定挂载的configmap并命名
    - name: configmap-volume
      configMap:
        name: my-configmap
  containers:
    - name: my-container
      image: nginx
      env: # 环境变量
        - name: ENV_FROM_CONFIGMAP
          valueFrom: 
            configMapKeyRef:
              name: my-configmap
              key: another-key
      volumeMounts: # 文件挂载
        name: configmap-volume
        mountPath: /etc/config

2.Secret#

概述#

  • overview
    Secret 是一种 Kubernetes 对象,用于存储敏感数据(例如密码、API 密钥、证书)。它对数据进行了 Base64 编码,但并未加密。
特性ConfigMapSecret
数据类型明文base64编码
数据大小限制最大1MB最大1MB
数据加密支持不支持支持

创建与管理#

  • kubectl操作
kubectl create secret generic my-secret --from-literal=mykey1=myvalue2 \
--from-literal=mykey1=myvalue2
  • YAML文件操作
# 通过base64为value编码
echo -n "myvalue1" | base64
bXl2YWx1ZTE=

echo -n "myvalue2" | base64
bXl2YWx1ZTI=

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
data:
  mykey1: bXl2YWx1ZTE=
  mykey2: bXl2YWx1ZTI=

挂载方式#

  • 环境变量
  • 文件挂载
apiVersion: v1
kind: Pod
metadata: 
  name: my-pod
  labels:
    key: value
spec:
  volumes:
    - name: secret-volume
      secret: 
        secretName: my-secret
  containers:
    -

资源限制&请求#

23      resources:
24        limits:
25          memory: 20Mi
26        requests:
27          memory: 5Mi

LimitRange#

生效范围:Namespace Level 内的所有Pod

生效时间:Pod创建时

apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-constraints
spec: 
  limits:
    - default: 
        cpu: 500m
        memory: 1Gi
      defaultRequest:
        cpu: 200m
        memory: 1Gi
      max:
        cpu: 1000m
        memory: 1Gi
      min: 
        cpu: 100m
        memory: 500mi
      type: Container

ResourceQuota#

生效范围:整个Namespace

apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-quota
spec:
  hard:
    requests.cpu: 4
    requests.memory: 4Gi
    limits.cpu: 8
    limits.memory: 8Gi

Taints & Tolerations#

Taints#

kubectl taint nodes node-name key=value:taint-effect

taint-effect:

  • NoSchedult: pod 不会被调度到该节点
  • PreferNoSchedlue: 尽量不调度
  • NoExecute: pod不调度,已存在的pod会被驱逐

Tolerations#

Pod level, 容忍node中对应的taint

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  contianers:
  - name: nginx-contianer
    image: nginx
  tolerations:
    - key: "key"
      operator: "Equal"
      value: "value"
      effect: "taint-effect"

实例, 通过taint,scheduler不会将pod调度到master node

$ kubectl describe node kubemaster | grep Taints
Taints:             node-role.kubernetes.io/control-plane:NoSchedule
kubernetes-configuration
https://fuwari.vercel.app/posts/kubernetes-configuration/kubernetes-configuration/
Author
Kevin
Published at
2024-11-27
kubernetes-service
kubernetes