ConfigMap挂载与Subpath在Nginx容器中的应用

华为云开发者联盟 11-16 67

前言：

眼前我们对“nginx50xhtm”大概比较着重，姐妹们都需要剖析一些“nginx50xhtm”的相关资讯。那么小编同时在网摘上搜集了一些有关“nginx50xhtm””的相关知识，希望我们能喜欢，看官们一起来学习一下吧！

本文分享自华为云社区《nginx.conf以configmap文件形式挂载到nginx容器中以及subpath使用场景》，作者：可以交个朋友。

背景

nginx.conf通过configmap文件形式挂载到容器内，可以更加方便的修改nginx.conf配置

方案简介

将配置文件nginx.conf以configmap文件的方式挂载到容器中。为了更通用，可以将使用主nginx.conf include 指定xx.conf方式，主nginx.conf作为一个cm，具体xx.conf对应一个cm

configmap可以通过ENV环境变量和文件两种方式挂载到容器中，修改configmap后容器中对应的ENV环境变量不会更新；修改configmap后容器中对应的file会自动更新，如果以subpath方式挂载文件，文件内容不会自动更新

将nginx.conf作为configmap挂载到容器中

1.创建configmap

apiVersion: v1kind: ConfigMapmetadata:  name: nginx-config  namespace: defaultdata:  nginx.conf: |+    user  nginx;    worker_processes  8;    error_log  /var/log/nginx/error.log warn;    pid        /var/run/nginx.pid;    events {        worker_connections  1024;    }    http {        include       /etc/nginx/mime.types;        default_type  application/octet-stream;        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                          '$status $body_bytes_sent "$http_referer" '                          '"$http_user_agent" "$http_x_forwarded_for"';        access_log  /var/log/nginx/access.log  main;        sendfile        on;        keepalive_timeout  65;        #gzip  on;        include /etc/nginx/conf.d/*.conf;    }---apiVersion: v1kind: ConfigMapmetadata:  name: nginx-server-config  namespace: defaultdata:  server1.conf: |+    server {            listen       80;            server_name  server1.com;            location / {                root   /usr/share/nginx/html/;                index  index.html index.htm;            }            error_page   500 502 503 504  /50x.html;            location = /50x.html {                root   html;            }        }  server2.conf: |+    server {            listen       81;            server_name  server2.com;            location / {                root   /usr/share/nginx/html/;                index  index.html index.htm;            }            error_page   500 502 503 504  /50x.html;            location = /50x.html {                root   html;            }        }

2.部署nginx业务使用对应的cm

apiVersion: apps/v1kind: Deploymentmetadata:  labels:    version: v1  name: test-reload  namespace: defaultspec:  progressDeadlineSeconds: 600  replicas: 1  revisionHistoryLimit: 10  selector:    matchLabels:      app: test-reload  template:    metadata:       labels:        app: test-reload    spec:      containers:      - image: nginx:latest        imagePullPolicy: Always        name: container-1        volumeMounts:        - mountPath: /etc/nginx/conf.d          name: vol-168233491311961268        - mountPath: /etc/nginx/nginx.conf          name: vol-168249948123126427          readOnly: true          subPath: nginx.conf      dnsPolicy: ClusterFirst      imagePullSecrets:      - name: default-secret      restartPolicy: Always      volumes:      - configMap:          defaultMode: 420          name: nginx-server-config        name: vol-168233491311961268      - configMap:          defaultMode: 420          name: nginx-config        name: vol-168249948123126427

subpath拓展

subpath的作用如下:

避免覆盖。如果挂载路径是一个已存在的目录，则目录下的内容不会被覆盖。直接将configMap/Secret挂载在容器的路径，会覆盖掉容器路径下原有的文件，使用subpath选定configMap/Secret的指定的key-value挂载在容器中，则不会覆盖掉原目录下的其他文件文件隔离。pod中含有多个容器公用一个日志volume，不同容器日志路径挂载的到不同的子目录，而不是根路径（Subpath目录会在底层存储自动创建且权限为777，无需手动创建）避免覆盖效果演示

1.创建一个工作负载nginx，并用普通方式挂载configmap配置文件

apiVersion: v1kind: ConfigMapmetadata:  name: configdata:  test-subpath.conf: |+    test subpath;---apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: test  name: testspec:  replicas: 1  selector:    matchLabels:      app: test  template:    metadata:      labels:        app: test    spec:      volumes:      - configMap:          defaultMode: 420          name: config        name: vol-168249948123126427      containers:      - image: centos:latest        name: centos        command:        - /bin/bash        args:        - -c        - while true;do sleep 1 &&  echo hello;done        volumeMounts:        - mountPath: /tmp          name: vol-168249948123126427

2.使用docker inspect ${容器id}命令查看容器挂载信息，挂载目标为tmp目录，tmp目录下原有内容被覆盖

[root@test-746c64649c-pzztn /]# ls -l /tmp/total 0lrwxrwxrwx 1 root root 24 Feb 27 03:02 test-subpath.conf -> ..data/test-subpath.conf

3.创建一个工作负载nginx，并用subpath方式挂载configmap配置文件

apiVersion: v1kind: ConfigMapmetadata:  name: configdata:  test-subpath.conf: |+    test subpath;---apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: test  name: testspec:  replicas: 1  selector:    matchLabels:      app: test  template:    metadata:      labels:        app: test    spec:      volumes:      - configMap:          defaultMode: 420          name: config        name: vol-168249948123126427      containers:      - image: centos:latest        name: centos        command:        - /bin/bash        args:        - -c        - while true;do sleep 1 &&  echo hello;done        volumeMounts:        - mountPath: /tmp/test-subpath.conf          name: vol-168249948123126427          subPath: test-subpath.conf

4.使用docker inspect ${容器Id}命令查看容器挂载信息，挂载目标为test-subpath.conf文件，所以tmp目录下原来的文件不会被覆盖

[root@test-7b64fd6bb-56lpp /]# ls -l /tmp/total 12-rwx------ 1 root root 701 Dec  4  2020 ks-script-esd4my7v-rwx------ 1 root root 671 Dec  4  2020 ks-script-eusq_sc5-rw-r--r-- 1 root root  14 Feb 27 03:07 test-subpath.conf

文件隔离演示

1.创建工作负载test，使用hostPath卷类型持久化日志文件

apiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: test  name: testspec:  replicas: 2  selector:    matchLabels:      app: test  template:    metadata:      labels:        app: test    spec:      volumes:      - hostPath:          path: /tmp/log   #该路径必须在节点上已存在        name: vol-168249948123126427      containers:      - image: centos:latest        name: centos        env:        - name: POD_NAME          valueFrom:            fieldRef:              fieldPath: metadata.name        command:        - /bin/bash        args:        - -c        - while true;do echo $(POD_NAME) >> /tmp/log/app.log && sleep 900 ;done        volumeMounts:        - mountPath: /tmp/log          name: vol-168249948123126427          subPathExpr: $(POD_NAME)

2.两个Pod实例调度至同一个节点

[root@test ~]# kubectl get pod -owide -l app=testNAME                    READY   STATUS    RESTARTS   AGE   IP            NODE           NOMINATED NODE   READINESS GATEStest-69dfc665cd-2nhg5   1/1     Running   0          95s   172.16.4.59   172.16.2.172   <none>           <none>test-69dfc665cd-z7rsj   1/1     Running   0          77s   172.16.4.25   172.16.2.172   <none>           <none>

3.进入容器内查看日志文件

[root@test ~]# kubectl exec -it test-69dfc665cd-2nhg5 bash[root@test-69dfc665cd-2nhg5 /]# cat /tmp/log/app.log test-69dfc665cd-2nhg5[root@test-69dfc665cd-2nhg5 /]# exitexit[root@test ~]# kubectl exec -it test-69dfc665cd-z7rsj bash[root@test-69dfc665cd-z7rsj /]# cat /tmp/log/app.log test-69dfc665cd-z7rsj

4.在节点上查看挂载路径，每个Pod的日志文件用目录进行隔离，目录名为Pod名称

[root@172 log]# pwd/tmp/log[root@172 log]# lltotal 0drwxr-xr-x 2 root root 60 Feb 27 15:08 test-69dfc665cd-2nhg5drwxr-xr-x 2 root root 60 Feb 27 15:09 test-69dfc665cd-z7rsj[root@172 log]# cat test-69dfc665cd-2nhg5/app.log test-69dfc665cd-2nhg5[root@172 log]# cat test-69dfc665cd-z7rsj/app.log test-69dfc665cd-z7rsj

关注@华为云开发者联盟，第一时间了解华为云新鲜技术~

本文地址：http://www.longkongtuishu.com/caaf0BAJsB1MFD1xV.html

标签： #nginx50xhtm