如何将二进制文件存储在 Kubernetes ConfigMap 中?
How can I store a binary file in a Kubernetes ConfigMap?
能否将二进制文件存储在 Kubernetes ConfigMap 中,然后从装载此 ConfigMap 的卷中读取相同的内容?例如,如果目录 /etc/mycompany/myapp/config
包含二进制文件 keystore.jks
,则将
kubectl create configmap myapp-config --from-file=/etc/mycompany/myapp/config
在 ConfigMap myapp-config
中包含文件 keystore.jks
,稍后可以将其映射到卷、装载到容器中并作为二进制文件读取?
例如,给定以下 pod 规格,keystore.jks
是否应该对 /etc/mycompany/myapp/config/keystore.jks
的 myapp
可用?
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: mycompany/myapp
volumeMounts:
- name: myapp-config
mountPath: /etc/mycompany/myapp/config
volumes:
- name: myapp-config
configMap:
name: myapp-config
Kubernetes 版本详情:
derek@derek-HP-EliteOne-800-G1-AiO:~/Documents/platinum/fix/brvm$ kubectl version
Client Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.6", GitCommit:"ae4550cc9c89a593bcda6678df201db1b208133b", GitTreeState:"clean", BuildDate:"2016-08-26T18:13:23Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.6+coreos.0", GitCommit:"f6f0055b8e503cbe5fb7b6f1a2ee37d0f160c1cd", GitTreeState:"clean", BuildDate:"2016-08-29T17:01:01Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}
根据 Jorgan Liggitt in Kubernetes issue "Enable ConfigMaps to store binary files as well as character files.",Kubernetes 1.3.6 无法在 ConfigMap 中存储二进制文件。
GitHub评论1:
config maps store data as string, not []byte... not sure I'd expect
to be able to put arbitrary binary content in them"
GitHub评论2:
@liggitt Do ConfigMaps not encode binary content as strings?
他们没有,他们存储字符串。 base64编码可以分层
如果需要,顶部有应用程序逻辑
我随后 demonstrated ConfigMaps 不支持二进制文件。
我要做的是用 base64 编码这个文件,然后使用解码的容器才能使用它
根据其他答案,Base64 对我有效(仅一次)
步骤:
在我的工作站上
base64 -w 0 cacerts > cacerts.base64
sha256sum.exe cacerts.base64
keytool.exe -list -v -keystore cacerts
OpenShift
我连接到 openshift 并创建配置映射
oc 创建 configmap cacerts.base64 --from-file=cacerts.base64
部署配置
...
template:
metadata:
name: mydeployment...
spec:
volumes:
- name: cacerts-volume
configMap:
name: cacerts.base64
containers:
- name: crg-driver
command:
- base64
args:
- '--decode'
- '-w 0'
- '/opt/axatech/openpaas/certificates/cacerts.base64 > /opt/axatech/openpaas/certificates/cacerts' #this does not work yet
env:
- name: SWARM_JVM_ARGS
value: >-
-Djavax.net.ssl.trustStore=/opt/certificates/cacerts.base64
-Djavax.net.ssl.trustStorePassword=changeit
volumeMounts:
- name: cacerts-volume
mountPath: /opt/certificates
edit/update 现有 cacerts 的最简单方法是将新的 cacerts 编码为 base64(使用选项 -w 0),使用文件编辑器(即记事本)打开它,复制内容并通过OpenShift 控制台 UI
https://osconsole.mycloud.something.example/console/project/project-dev/browse/config-maps/cacerts.base64
或在命令行中
oc 编辑 configmap cacerts.base64
从 Kubernetes 版本 1.10.0 开始支持二进制 ConfigMap。来自自述文件:
ConfigMap objects now support binary data via a new binaryData field. When using kubectl create configmap --from-file, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Note that kubectl's --append-hash feature doesn't take binaryData into account. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)
查看更新日志了解更多详情:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.10.md#apps
我使用二进制文件的秘密。您可以使用 --from-file
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
如果您使用 Secret 来存储值,您可以利用 stringData 字段的 属性。对值进行一次编码并将其放入 stringData 字段而不是数据字段。 Kubernetes 对存在的值 stringData 进行编码。这样我们将手动 base64 编码从两个减少到一个。
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
stringData:
some_key: YWJjZA==
二进制数据为什么需要双重编码,可以参考这个link
如果您不想手动操作,我建议您查看 https://kustomize.io/
他们有一个 configMap 生成器,可以从文件生成 configMap:https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/configmapgenerator/#configmap-from-file
也支持二进制文件。示例:
configMapGenerator:
- name: text-config
files:
- configs/some.properties
- name: binary-cacerts
files:
- configs/keystore.jks
能否将二进制文件存储在 Kubernetes ConfigMap 中,然后从装载此 ConfigMap 的卷中读取相同的内容?例如,如果目录 /etc/mycompany/myapp/config
包含二进制文件 keystore.jks
,则将
kubectl create configmap myapp-config --from-file=/etc/mycompany/myapp/config
在 ConfigMap myapp-config
中包含文件 keystore.jks
,稍后可以将其映射到卷、装载到容器中并作为二进制文件读取?
例如,给定以下 pod 规格,keystore.jks
是否应该对 /etc/mycompany/myapp/config/keystore.jks
的 myapp
可用?
apiVersion: v1
kind: Pod
metadata:
name: myapp
spec:
containers:
- name: myapp
image: mycompany/myapp
volumeMounts:
- name: myapp-config
mountPath: /etc/mycompany/myapp/config
volumes:
- name: myapp-config
configMap:
name: myapp-config
Kubernetes 版本详情:
derek@derek-HP-EliteOne-800-G1-AiO:~/Documents/platinum/fix/brvm$ kubectl version
Client Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.6", GitCommit:"ae4550cc9c89a593bcda6678df201db1b208133b", GitTreeState:"clean", BuildDate:"2016-08-26T18:13:23Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.6+coreos.0", GitCommit:"f6f0055b8e503cbe5fb7b6f1a2ee37d0f160c1cd", GitTreeState:"clean", BuildDate:"2016-08-29T17:01:01Z", GoVersion:"go1.6.2", Compiler:"gc", Platform:"linux/amd64"}
根据 Jorgan Liggitt in Kubernetes issue "Enable ConfigMaps to store binary files as well as character files.",Kubernetes 1.3.6 无法在 ConfigMap 中存储二进制文件。
GitHub评论1:
config maps store data as string, not []byte... not sure I'd expect to be able to put arbitrary binary content in them"
GitHub评论2:
@liggitt Do ConfigMaps not encode binary content as strings?
他们没有,他们存储字符串。 base64编码可以分层 如果需要,顶部有应用程序逻辑
我随后 demonstrated ConfigMaps 不支持二进制文件。
我要做的是用 base64 编码这个文件,然后使用解码的容器才能使用它
根据其他答案,Base64 对我有效(仅一次)
步骤:
在我的工作站上
base64 -w 0 cacerts > cacerts.base64
sha256sum.exe cacerts.base64
keytool.exe -list -v -keystore cacerts
OpenShift
我连接到 openshift 并创建配置映射
oc 创建 configmap cacerts.base64 --from-file=cacerts.base64
部署配置
...
template:
metadata:
name: mydeployment...
spec:
volumes:
- name: cacerts-volume
configMap:
name: cacerts.base64
containers:
- name: crg-driver
command:
- base64
args:
- '--decode'
- '-w 0'
- '/opt/axatech/openpaas/certificates/cacerts.base64 > /opt/axatech/openpaas/certificates/cacerts' #this does not work yet
env:
- name: SWARM_JVM_ARGS
value: >-
-Djavax.net.ssl.trustStore=/opt/certificates/cacerts.base64
-Djavax.net.ssl.trustStorePassword=changeit
volumeMounts:
- name: cacerts-volume
mountPath: /opt/certificates
edit/update 现有 cacerts 的最简单方法是将新的 cacerts 编码为 base64(使用选项 -w 0),使用文件编辑器(即记事本)打开它,复制内容并通过OpenShift 控制台 UI
https://osconsole.mycloud.something.example/console/project/project-dev/browse/config-maps/cacerts.base64
或在命令行中
oc 编辑 configmap cacerts.base64
从 Kubernetes 版本 1.10.0 开始支持二进制 ConfigMap。来自自述文件:
ConfigMap objects now support binary data via a new binaryData field. When using kubectl create configmap --from-file, files containing non-UTF8 data will be placed in this new field in order to preserve the non-UTF8 data. Note that kubectl's --append-hash feature doesn't take binaryData into account. Use of this feature requires 1.10+ apiserver and kubelets. (#57938, @dims)
查看更新日志了解更多详情:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.10.md#apps
我使用二进制文件的秘密。您可以使用 --from-file
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt
如果您使用 Secret 来存储值,您可以利用 stringData 字段的 属性。对值进行一次编码并将其放入 stringData 字段而不是数据字段。 Kubernetes 对存在的值 stringData 进行编码。这样我们将手动 base64 编码从两个减少到一个。
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
stringData:
some_key: YWJjZA==
二进制数据为什么需要双重编码,可以参考这个link
如果您不想手动操作,我建议您查看 https://kustomize.io/
他们有一个 configMap 生成器,可以从文件生成 configMap:https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/configmapgenerator/#configmap-from-file
也支持二进制文件。示例:
configMapGenerator:
- name: text-config
files:
- configs/some.properties
- name: binary-cacerts
files:
- configs/keystore.jks