pod定义中env变量名重复,确定最终值的优先规则是什么?
Duplicated env variable names in pod definition, what is the precedence rule to determine the final value?
使用 Kubernetes 1.19.3,我使用 3 种不同的方式初始化环境变量值:
env 字段在 pod 定义中具有显式 key/valueenvFrom 使用 configMapRef 和 secretRef
当键名重复时,如下例所示,DUPLIK1 和 DUPLIK2 被定义了多次不同的值。
Kubernetes 使用什么优先规则为变量分配最终值?
# create some test Key/Value configs and Key/Value secrets
kubectl create configmap myconfigmap --from-literal=DUPLIK1=myConfig1 --from-literal=CMKEY1=CMval1 --from-literal=DUPLIK2=FromConfigMap -n mydebugns
kubectl create secret generic mysecret --from-literal=SECRETKEY1=SECval1 --from-literal=SECRETKEY2=SECval2 --from-literal=DUPLIK2=FromSecret -n mydebugns
# create a test pod
cat <<EOF | kubectl apply -n mydebugns -f -
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: container1
image: busybox
command: [ "/bin/sh", "-c", "env" ]
env:
- name: DUPLIK1
value: "Key/Value defined in field env"
envFrom:
- configMapRef:
name: myconfigmap
- secretRef:
name: mysecret
restartPolicy: Never
EOF
显示环境变量值。结果是确定性的。删除资源 + 重新创建总是以相同的结果结束。
kubectl logs pod/pod1 -n mydebugns
CMKEY1=CMval1
DUPLIK1=Key/Value defined in field env
DUPLIK2=FromSecret
SECRETKEY1=SECval1
SECRETKEY2=SECval2
清理测试资源
kubectl delete pod/pod1 -n mydebugns
kubectl delete cm/myconfigmap -n mydebugns
kubectl delete secret/mysecret -n mydebugns
来自 Kubernetes docs:
envVar: List of environment variables to set in the container.
Cannot be updated.
envFrom: List of sources to populate environment variables in the
container. The keys defined within a source must be a C_IDENTIFIER.
All invalid keys will be reported as an event when the container is
starting. When a key exists in multiple sources, the value associated
with the last source will take precedence. Values defined by an Env
with a duplicate key will take precedence. Cannot be updated.
上面的link明确表示env将优先于envFrom并且不能更新。
此外,当多个资源中存在引用键时,与最后一个源关联的值将覆盖所有先前的值。
根据以上所述,您看到的结果是预期的行为:
DUPLIK1 添加为 env 字段,因此无法更新DUPLIK2 添加为 envFrom,因此秘密中的那个优先,因为它在最后一个
使用 Kubernetes 1.19.3,我使用 3 种不同的方式初始化环境变量值:
env字段在 pod 定义中具有显式 key/valueenvFrom使用configMapRef和secretRef
当键名重复时,如下例所示,DUPLIK1 和 DUPLIK2 被定义了多次不同的值。
Kubernetes 使用什么优先规则为变量分配最终值?
# create some test Key/Value configs and Key/Value secrets
kubectl create configmap myconfigmap --from-literal=DUPLIK1=myConfig1 --from-literal=CMKEY1=CMval1 --from-literal=DUPLIK2=FromConfigMap -n mydebugns
kubectl create secret generic mysecret --from-literal=SECRETKEY1=SECval1 --from-literal=SECRETKEY2=SECval2 --from-literal=DUPLIK2=FromSecret -n mydebugns
# create a test pod
cat <<EOF | kubectl apply -n mydebugns -f -
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: container1
image: busybox
command: [ "/bin/sh", "-c", "env" ]
env:
- name: DUPLIK1
value: "Key/Value defined in field env"
envFrom:
- configMapRef:
name: myconfigmap
- secretRef:
name: mysecret
restartPolicy: Never
EOF
显示环境变量值。结果是确定性的。删除资源 + 重新创建总是以相同的结果结束。
kubectl logs pod/pod1 -n mydebugns
CMKEY1=CMval1
DUPLIK1=Key/Value defined in field env
DUPLIK2=FromSecret
SECRETKEY1=SECval1
SECRETKEY2=SECval2
清理测试资源
kubectl delete pod/pod1 -n mydebugns
kubectl delete cm/myconfigmap -n mydebugns
kubectl delete secret/mysecret -n mydebugns
来自 Kubernetes docs:
envVar: List of environment variables to set in the container. Cannot be updated.
envFrom: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
上面的link明确表示env将优先于envFrom并且不能更新。
此外,当多个资源中存在引用键时,与最后一个源关联的值将覆盖所有先前的值。
根据以上所述,您看到的结果是预期的行为:
DUPLIK1添加为env字段,因此无法更新DUPLIK2添加为envFrom,因此秘密中的那个优先,因为它在最后一个 中定义