Spring Cloud Kubernetes 和跨多个命名空间的 ConfigMaps
Spring Cloud Kubernetes and ConfigMaps across multiple namespaces
阅读 Spring Cloud Kubernetes documentation 后,似乎 Spring Cloud Kubernetes 支持跨多个命名空间从 ConfigMaps 加载属性。以下是文档中的示例:
spring:
application:
name: cloud-k8s-app
cloud:
kubernetes:
config:
name: default-name
namespace: default-namespace
sources:
# Spring Cloud Kubernetes looks up a ConfigMap named c1 in namespace default-namespace
- name: c1
# Spring Cloud Kubernetes looks up a ConfigMap named default-name in whatever namespace n2
- namespace: n2
# Spring Cloud Kubernetes looks up a ConfigMap named c3 in namespace n3
- namespace: n3
name: c3
但是,根据 Kubernetes documentation,“Pod 和 ConfigMap 必须在同一个命名空间中。”
那么,Spring Cloud Kubernetes 是否支持跨多个命名空间从 ConfigMaps 加载属性?如果是,允许这样做的正确配置是什么?
我从与 Spring Boot pod 相同的命名空间中的 ConfigMaps 加载属性时没有问题,但是当我尝试加载来自不同命名空间中的 ConfigMap 的 属性 时(在此case, common), 我遇到以下异常:
2021-07-22 21:28:06.658 WARN 1 --- [ main] .KubernetesClientConfigMapPropertySource : Unable to get ConfigMap common in namespace common
io.kubernetes.client.openapi.ApiException: Forbidden
at io.kubernetes.client.openapi.ApiClient.handleResponse(ApiClient.java:993) ~[client-java-api-11.0.2.jar!/:na]
at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:905) ~[client-java-api-11.0.2.jar!/:na]
at io.kubernetes.client.openapi.apis.CoreV1Api.listNamespacedConfigMapWithHttpInfo(CoreV1Api.java:28375) ~[client-java-api-11.0.2.jar!/:na]
at io.kubernetes.client.openapi.apis.CoreV1Api.listNamespacedConfigMap(CoreV1Api.java:28263) ~[client-java-api-11.0.2.jar!/:na]
at org.springframework.cloud.kubernetes.client.config.KubernetesClientConfigMapPropertySource.getData(KubernetesClientConfigMapPropertySource.java:56) ~[spring-cloud-kubernetes-client-config-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.client.config.KubernetesClientConfigMapPropertySource.<init>(KubernetesClientConfigMapPropertySource.java:41) ~[spring-cloud-kubernetes-client-config-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.client.config.KubernetesClientConfigMapPropertySourceLocator.getMapPropertySource(KubernetesClientConfigMapPropertySourceLocator.java:62) ~[spring-cloud-kubernetes-client-config-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.commons.config.ConfigMapPropertySourceLocator.getMapPropertySourceForSingleConfigMap(ConfigMapPropertySourceLocator.java:81) ~[spring-cloud-kubernetes-commons-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.commons.config.ConfigMapPropertySourceLocator.lambda$locate[=12=](ConfigMapPropertySourceLocator.java:67) ~[spring-cloud-kubernetes-commons-2.0.3.jar!/:2.0.3]
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) ~[na:na]
at org.springframework.cloud.kubernetes.commons.config.ConfigMapPropertySourceLocator.locate(ConfigMapPropertySourceLocator.java:67) ~[spring-cloud-kubernetes-commons-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:51) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:47) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:639) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:402) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:338) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1318) ~[spring-boot-2.4.9.jar!/:2.4.9]
at com.example.echo.Bootstrapper.main(Bootstrapper.java:23) ~[classes!/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[service.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) ~[service.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[service.jar:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[service.jar:na]
总而言之,我正在尝试确定在 Kubernetes 世界中如何进行类似于 Spring Cloud Config 目前在我们正在使用的 Docker Swarm 环境中为我提供的设置由 Spring Cloud Eureka、Spring Cloud Config 和 Spring Cloud Gateway 组成的堆栈。例如,今天我的 Git 存储库中的 application.yml 和 application-profile.yml 文件中有与我的所有微服务相关的通用属性。我的想法是,这些属性将在 Kubernetes 中作为 common 命名空间中的 ConfigMaps 提供,而我今天的 xyz-microservice.yml 由 Spring Cloud Config 加载并与 application.yml 和 application-profile.yml 属性将在其自己的命名空间中。
Spring Cloud Kubernetes 需要访问 Kubernetes API 以便能够为单个服务检索 pods 运行 的地址列表。
您尝试过“服务帐户”部分吗? - https://cloud.spring.io/spring-cloud-kubernetes/reference/html/#service-account
基本上,您需要为 ServiceAccount 应该有权访问的每个命名空间创建一个 RoleBinding。
阅读 Spring Cloud Kubernetes documentation 后,似乎 Spring Cloud Kubernetes 支持跨多个命名空间从 ConfigMaps 加载属性。以下是文档中的示例:
spring:
application:
name: cloud-k8s-app
cloud:
kubernetes:
config:
name: default-name
namespace: default-namespace
sources:
# Spring Cloud Kubernetes looks up a ConfigMap named c1 in namespace default-namespace
- name: c1
# Spring Cloud Kubernetes looks up a ConfigMap named default-name in whatever namespace n2
- namespace: n2
# Spring Cloud Kubernetes looks up a ConfigMap named c3 in namespace n3
- namespace: n3
name: c3
但是,根据 Kubernetes documentation,“Pod 和 ConfigMap 必须在同一个命名空间中。”
那么,Spring Cloud Kubernetes 是否支持跨多个命名空间从 ConfigMaps 加载属性?如果是,允许这样做的正确配置是什么?
我从与 Spring Boot pod 相同的命名空间中的 ConfigMaps 加载属性时没有问题,但是当我尝试加载来自不同命名空间中的 ConfigMap 的 属性 时(在此case, common), 我遇到以下异常:
2021-07-22 21:28:06.658 WARN 1 --- [ main] .KubernetesClientConfigMapPropertySource : Unable to get ConfigMap common in namespace common
io.kubernetes.client.openapi.ApiException: Forbidden
at io.kubernetes.client.openapi.ApiClient.handleResponse(ApiClient.java:993) ~[client-java-api-11.0.2.jar!/:na]
at io.kubernetes.client.openapi.ApiClient.execute(ApiClient.java:905) ~[client-java-api-11.0.2.jar!/:na]
at io.kubernetes.client.openapi.apis.CoreV1Api.listNamespacedConfigMapWithHttpInfo(CoreV1Api.java:28375) ~[client-java-api-11.0.2.jar!/:na]
at io.kubernetes.client.openapi.apis.CoreV1Api.listNamespacedConfigMap(CoreV1Api.java:28263) ~[client-java-api-11.0.2.jar!/:na]
at org.springframework.cloud.kubernetes.client.config.KubernetesClientConfigMapPropertySource.getData(KubernetesClientConfigMapPropertySource.java:56) ~[spring-cloud-kubernetes-client-config-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.client.config.KubernetesClientConfigMapPropertySource.<init>(KubernetesClientConfigMapPropertySource.java:41) ~[spring-cloud-kubernetes-client-config-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.client.config.KubernetesClientConfigMapPropertySourceLocator.getMapPropertySource(KubernetesClientConfigMapPropertySourceLocator.java:62) ~[spring-cloud-kubernetes-client-config-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.commons.config.ConfigMapPropertySourceLocator.getMapPropertySourceForSingleConfigMap(ConfigMapPropertySourceLocator.java:81) ~[spring-cloud-kubernetes-commons-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.kubernetes.commons.config.ConfigMapPropertySourceLocator.lambda$locate[=12=](ConfigMapPropertySourceLocator.java:67) ~[spring-cloud-kubernetes-commons-2.0.3.jar!/:2.0.3]
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) ~[na:na]
at org.springframework.cloud.kubernetes.commons.config.ConfigMapPropertySourceLocator.locate(ConfigMapPropertySourceLocator.java:67) ~[spring-cloud-kubernetes-commons-2.0.3.jar!/:2.0.3]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:51) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.cloud.bootstrap.config.PropertySourceLocator.locateCollection(PropertySourceLocator.java:47) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:95) ~[spring-cloud-context-3.0.3.jar!/:3.0.3]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:639) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:402) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:338) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1329) ~[spring-boot-2.4.9.jar!/:2.4.9]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1318) ~[spring-boot-2.4.9.jar!/:2.4.9]
at com.example.echo.Bootstrapper.main(Bootstrapper.java:23) ~[classes!/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[service.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) ~[service.jar:na]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[service.jar:na]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[service.jar:na]
总而言之,我正在尝试确定在 Kubernetes 世界中如何进行类似于 Spring Cloud Config 目前在我们正在使用的 Docker Swarm 环境中为我提供的设置由 Spring Cloud Eureka、Spring Cloud Config 和 Spring Cloud Gateway 组成的堆栈。例如,今天我的 Git 存储库中的 application.yml 和 application-profile.yml 文件中有与我的所有微服务相关的通用属性。我的想法是,这些属性将在 Kubernetes 中作为 common 命名空间中的 ConfigMaps 提供,而我今天的 xyz-microservice.yml 由 Spring Cloud Config 加载并与 application.yml 和 application-profile.yml 属性将在其自己的命名空间中。
Spring Cloud Kubernetes 需要访问 Kubernetes API 以便能够为单个服务检索 pods 运行 的地址列表。
您尝试过“服务帐户”部分吗? - https://cloud.spring.io/spring-cloud-kubernetes/reference/html/#service-account
基本上,您需要为 ServiceAccount 应该有权访问的每个命名空间创建一个 RoleBinding。