LinuCエヴァンジェリスト・Open Source Summit Japanボランティアリーダーの鯨井貴博@opensourcetechです。
はじめに
KubernetesのPodへ環境変数を渡す方法に関するメモです。
その1
env/valueで定義する
root@rke2-1:~# kubectl explain pod.spec.containers.env KIND: Pod VERSION: v1 FIELD: env <[]EnvVar> DESCRIPTION: List of environment variables to set in the container. Cannot be updated. EnvVar represents an environment variable present in a Container. FIELDS: name <string> -required- Name of the environment variable. Must be a C_IDENTIFIER. value <string> Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". valueFrom <EnvVarSource> Source for the environment variable's value. Cannot be used if value is not empty.
実際にやってみます。
root@rke2-1:~# kubectl run envpod --image=nginx --dry-run=client -o yaml > pod11.yaml root@rke2-1:~# vi pod11.yaml root@rke2-1:~# cat pod11.yaml apiVersion: v1 kind: Pod metadata: labels: run: envpod name: envpod spec: containers: - image: nginx name: envpod env: - name: DEMO1 value: demo1 - name: DEMO2 value: demo2 root@rke2-1:~# kubectl apply -f pod11.yaml pod/envpod created root@rke2-1:~# kubectl get pods envpod NAME READY STATUS RESTARTS AGE envpod 1/1 Running 0 9s
想定通りか確認。
root@rke2-1:~# kubectl describe pod envpod Name: envpod Namespace: default Priority: 0 Service Account: default Node: rke2-2/192.168.1.64 Start Time: Wed, 24 Jan 2024 07:36:09 +0000 Labels: run=envpod Annotations: cni.projectcalico.org/containerID: 50527aad0034b87e5d70670e3a131a234d17d915234de5b73443975cb1329bac cni.projectcalico.org/podIP: 10.42.1.20/32 cni.projectcalico.org/podIPs: 10.42.1.20/32 Status: Running IP: 10.42.1.20 IPs: IP: 10.42.1.20 Containers: envpod: Container ID: containerd://772384c6acc81dfa6e54bcd96a1cb17cb47e251175217b49ff59a170e519c52d Image: nginx Image ID: docker.io/library/nginx@sha256:4c0fdaa8b6341bfdeca5f18f7837462c80cff90527ee35ef185571e1c327beac Port: <none> Host Port: <none> State: Running Started: Wed, 24 Jan 2024 07:36:12 +0000 Ready: True Restart Count: 0 Environment: DEMO1: demo1 DEMO2: demo2 Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-jcv22 (ro) Conditions: Type Status PodReadyToStartContainers True Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-jcv22: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 18s default-scheduler Successfully assigned default/envpod to rke2-2 Normal Pulling 17s kubelet Pulling image "nginx" Normal Pulled 15s kubelet Successfully pulled image "nginx" in 1.903s (1.903s including waiting) Normal Created 15s kubelet Created container envpod Normal Started 15s kubelet Started container envpod root@rke2-1:~# kubectl exec -it envpod -- sh -c /bin/bash root@envpod:/# echo $DEMO1 demo1 root@envpod:/# echo $DEMO2 demo2 root@envpod:/# env | grep DEMO DEMO1=demo1 DEMO2=demo2 root@envpod:/# exit exit
その2
ConfigMapで定義して、環境変数全体をenvFromで渡す
root@rke2-1:~# kubectl explain pod.spec.containers.envFrom KIND: Pod VERSION: v1 FIELD: envFrom <[]EnvFromSource> DESCRIPTION: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. EnvFromSource represents the source of a set of ConfigMaps FIELDS: configMapRef <ConfigMapEnvSource> The ConfigMap to select from prefix <string> An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. secretRef <SecretEnvSource> The Secret to select from root@rke2-1:~# kubectl explain pod.spec.containers.envFrom.configMapRef KIND: Pod VERSION: v1 FIELD: configMapRef <ConfigMapEnvSource> DESCRIPTION: The ConfigMap to select from ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. FIELDS: name <string> Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names optional <boolean> Specify whether the ConfigMap must be defined
ConfigMapの作成。
root@rke2-1:~# kubectl create configmap test-cm --from-literal=DEMO1=demo1 --from-literal=DEMO2=demo2 configmap/test-cm created root@rke2-1:~# kubectl get cm NAME DATA AGE kube-root-ca.crt 1 2d1h test-cm 2 5s root@rke2-1:~# kubectl describe cm test-cm Name: test-cm Namespace: default Labels: <none> Annotations: <none> Data ==== DEMO1: ---- demo1 DEMO2: ---- demo2 BinaryData ==== Events: <none>
root@rke2-1:~# vi pod12.yaml root@rke2-1:~# cat pod12.yaml apiVersion: v1 kind: Pod metadata: labels: run: envpod2 name: envpod2 spec: containers: - image: nginx name: envpod2 envFrom: - configMapRef: name: test-cm root@rke2-1:~# kubectl apply -f pod12.yaml pod/envpod2 created root@rke2-1:~# kubectl get pod NAME READY STATUS RESTARTS AGE envpod2 1/1 Running 0 4s
確認。
root@rke2-1:~# kubectl describe pods envpod2 Name: envpod2 Namespace: default Priority: 0 Service Account: default Node: rke2-2/192.168.1.64 Start Time: Wed, 24 Jan 2024 08:23:26 +0000 Labels: run=envpod2 Annotations: cni.projectcalico.org/containerID: eabe3c1829d59192d9b9604ea2273edc18758d303dba06d3f720ebb0e84e4f11 cni.projectcalico.org/podIP: 10.42.1.21/32 cni.projectcalico.org/podIPs: 10.42.1.21/32 Status: Running IP: 10.42.1.21 IPs: IP: 10.42.1.21 Containers: envpod2: Container ID: containerd://1c80629d399d7a68559665648d520e22296d470bd83a4622b4fe4289db4b5d11 Image: nginx Image ID: docker.io/library/nginx@sha256:4c0fdaa8b6341bfdeca5f18f7837462c80cff90527ee35ef185571e1c327beac Port: <none> Host Port: <none> State: Running Started: Wed, 24 Jan 2024 08:23:29 +0000 Ready: True Restart Count: 0 Environment Variables from: test-cm ConfigMap Optional: false Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-6tvf2 (ro) Conditions: Type Status PodReadyToStartContainers True Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-6tvf2: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 5m57s default-scheduler Successfully assigned default/envpod2 to rke2-2 Normal Pulling 5m56s kubelet Pulling image "nginx" Normal Pulled 5m55s kubelet Successfully pulled image "nginx" in 1.505s (1.505s including waiting) Normal Created 5m54s kubelet Created container envpod2 Normal Started 5m54s kubelet Started container envpod2 root@rke2-1:~# kubectl exec -it envpod2 -- sh -c /bin/bash root@envpod2:/# echo $DEMO1 demo1 root@envpod2:/# echo $DEMO2 demo2 root@envpod2:/# env | grep DEMO DEMO1=demo1 DEMO2=demo2 root@envpod2:/# exit exit
その3
ConfigMapで定義して、1部の環境変数だけをenv/valueFrom/configMapKeyRefで渡す
root@rke2-1:~# kubectl explain pod.spec.containers.env.valueFrom KIND: Pod VERSION: v1 FIELD: valueFrom <EnvVarSource> DESCRIPTION: Source for the environment variable's value. Cannot be used if value is not empty. EnvVarSource represents a source for the value of an EnvVar. FIELDS: configMapKeyRef <ConfigMapKeySelector> Selects a key of a ConfigMap. fieldRef <ObjectFieldSelector> Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. resourceFieldRef <ResourceFieldSelector> Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. secretKeyRef <SecretKeySelector> Selects a key of a secret in the pod's namespace root@rke2-1:~# kubectl explain pod.spec.containers.env.valueFrom.configMapKeyRef KIND: Pod VERSION: v1 FIELD: configMapKeyRef <ConfigMapKeySelector> DESCRIPTION: Selects a key of a ConfigMap. Selects a key from a ConfigMap. FIELDS: key <string> -required- The key to select. name <string> Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names optional <boolean> Specify whether the ConfigMap or its key must be defined
root@rke2-1:~# vi pod13.yaml root@rke2-1:~# cat pod13.yaml apiVersion: v1 kind: Pod metadata: labels: run: envpod3 name: envpod3 spec: containers: - image: nginx name: envpod3 env: - name: DEMO1A valueFrom: configMapKeyRef: name: test-cm key: DEMO1 root@rke2-1:~# kubectl apply -f pod13.yaml pod/envpod3 created root@rke2-1:~# kubectl get pods NAME READY STATUS RESTARTS AGE envpod3 1/1 Running 0 7s
確認。
root@rke2-1:~# kubectl descrobe pod envpod3 error: unknown command "descrobe" for "kubectl" Did you mean this? describe root@rke2-1:~# kubectl describe pod envpod3 Name: envpod3 Namespace: default Priority: 0 Service Account: default Node: rke2-2/192.168.1.64 Start Time: Wed, 24 Jan 2024 08:38:29 +0000 Labels: run=envpod3 Annotations: cni.projectcalico.org/containerID: c56a636d10a767b68e57868b198b16db2683b93a8cafcd60aa604a4ecfc697a6 cni.projectcalico.org/podIP: 10.42.1.22/32 cni.projectcalico.org/podIPs: 10.42.1.22/32 Status: Running IP: 10.42.1.22 IPs: IP: 10.42.1.22 Containers: envpod3: Container ID: containerd://ad88f1bc309e5ea19a0b5f42f241732636ffa7fbdfa79c57edb32f89849aa2dc Image: nginx Image ID: docker.io/library/nginx@sha256:4c0fdaa8b6341bfdeca5f18f7837462c80cff90527ee35ef185571e1c327beac Port: <none> Host Port: <none> State: Running Started: Wed, 24 Jan 2024 08:38:31 +0000 Ready: True Restart Count: 0 Environment: DEMO1A: <set to the key 'DEMO1' of config map 'test-cm'> Optional: false Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7ddkr (ro) Conditions: Type Status PodReadyToStartContainers True Initialized True Ready True ContainersReady True PodScheduled True Volumes: kube-api-access-7ddkr: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 55s default-scheduler Successfully assigned default/envpod3 to rke2-2 Normal Pulling 54s kubelet Pulling image "nginx" Normal Pulled 53s kubelet Successfully pulled image "nginx" in 1.404s (1.404s including waiting) Normal Created 53s kubelet Created container envpod3 Normal Started 53s kubelet Started container envpod3 root@rke2-1:~# kubectl exec -it envpod3 -- sh -c /bin/bash root@envpod3:/# echo $DEMO1A demo1 root@envpod3:/# env | grep DEMO DEMO1A=demo1 root@envpod3:/# exit exit
その4
ConfigMapをVolumeとして定義し、1部の環境変数だけを指定ファイルに格納する
root@rke2-1:~# kubectl explain pod.spec.containers.volumeMounts KIND: Pod VERSION: v1 FIELD: volumeMounts <[]VolumeMount> DESCRIPTION: Pod volumes to mount into the container's filesystem. Cannot be updated. VolumeMount describes a mounting of a Volume within a container. FIELDS: mountPath <string> -required- Path within the container at which the volume should be mounted. Must not contain ':'. mountPropagation <string> mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. Possible enum values: - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. name <string> -required- This must match the Name of a Volume. readOnly <boolean> Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. subPath <string> Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). subPathExpr <string> Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. root@rke2-1:~# kubectl explain pod.spec.volumes KIND: Pod VERSION: v1 FIELD: volumes <[]Volume> DESCRIPTION: List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes Volume represents a named volume in a pod that may be accessed by any container in the pod. FIELDS: awsElasticBlockStore <AWSElasticBlockStoreVolumeSource> awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore azureDisk <AzureDiskVolumeSource> azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. azureFile <AzureFileVolumeSource> azureFile represents an Azure File Service mount on the host and bind mount to the pod. cephfs <CephFSVolumeSource> cephFS represents a Ceph FS mount on the host that shares a pod's lifetime cinder <CinderVolumeSource> cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md configMap <ConfigMapVolumeSource> configMap represents a configMap that should populate this volume csi <CSIVolumeSource> csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). downwardAPI <DownwardAPIVolumeSource> downwardAPI represents downward API about the pod that should populate this volume emptyDir <EmptyDirVolumeSource> emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir ephemeral <EphemeralVolumeSource> ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. fc <FCVolumeSource> fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. flexVolume <FlexVolumeSource> flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. flocker <FlockerVolumeSource> flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running gcePersistentDisk <GCEPersistentDiskVolumeSource> gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk gitRepo <GitRepoVolumeSource> gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. glusterfs <GlusterfsVolumeSource> glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md hostPath <HostPathVolumeSource> hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath iscsi <ISCSIVolumeSource> iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md name <string> -required- name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names nfs <NFSVolumeSource> nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs persistentVolumeClaim <PersistentVolumeClaimVolumeSource> persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims photonPersistentDisk <PhotonPersistentDiskVolumeSource> photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine portworxVolume <PortworxVolumeSource> portworxVolume represents a portworx volume attached and mounted on kubelets host machine projected <ProjectedVolumeSource> projected items for all in one resources secrets, configmaps, and downward API quobyte <QuobyteVolumeSource> quobyte represents a Quobyte mount on the host that shares a pod's lifetime rbd <RBDVolumeSource> rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md scaleIO <ScaleIOVolumeSource> scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. secret <SecretVolumeSource> secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret storageos <StorageOSVolumeSource> storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. vsphereVolume <VsphereVirtualDiskVolumeSource> vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine root@rke2-1:~# kubectl explain pod.spec.volumes.configMap KIND: Pod VERSION: v1 FIELD: configMap <ConfigMapVolumeSource> DESCRIPTION: configMap represents a configMap that should populate this volume Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling. FIELDS: defaultMode <integer> defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. items <[]KeyToPath> items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. name <string> Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names optional <boolean> optional specify whether the ConfigMap or its keys must be defined root@rke2-1:~# kubectl explain pod.spec.volumes.configMap.items KIND: Pod VERSION: v1 FIELD: items <[]KeyToPath> DESCRIPTION: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. Maps a string key to a path within a volume. FIELDS: key <string> -required- key is the key to project. mode <integer> mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. path <string> -required- path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
root@rke2-1:~# vi pod14.yaml root@rke2-1:~# cat pod14.yaml apiVersion: v1 kind: Pod metadata: labels: run: envpod4 name: envpod4 spec: containers: - image: nginx name: envpod4 volumeMounts: - name: config-volume mountPath: /tmp/cm volumes: - name: config-volume configMap: name: test-cm items: - key: DEMO1 path: demo1 root@rke2-1:~# kubectl apply -f pod14.yaml pod/envpod4 created root@rke2-1:~# kubectl get pods NAME READY STATUS RESTARTS AGE envpod4 1/1 Running 0 4s
確認。
root@rke2-1:~# kubectl describe pods envpod4 Name: envpod4 Namespace: default Priority: 0 Service Account: default Node: rke2-2/192.168.1.64 Start Time: Wed, 24 Jan 2024 08:55:14 +0000 Labels: run=envpod4 Annotations: cni.projectcalico.org/containerID: c9e471ed5e6ad7b8e29e397fda07a0dc46861b4e4b3f936d49caace1ed81ebff cni.projectcalico.org/podIP: 10.42.1.23/32 cni.projectcalico.org/podIPs: 10.42.1.23/32 Status: Running IP: 10.42.1.23 IPs: IP: 10.42.1.23 Containers: envpod4: Container ID: containerd://750b336e798b66122807f127f755fb280273a07780d0211ef3e9368f55ddb232 Image: nginx Image ID: docker.io/library/nginx@sha256:4c0fdaa8b6341bfdeca5f18f7837462c80cff90527ee35ef185571e1c327beac Port: <none> Host Port: <none> State: Running Started: Wed, 24 Jan 2024 08:55:17 +0000 Ready: True Restart Count: 0 Environment: <none> Mounts: /tmp/cm from config-volume (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-jk29d (ro) Conditions: Type Status PodReadyToStartContainers True Initialized True Ready True ContainersReady True PodScheduled True Volumes: config-volume: Type: ConfigMap (a volume populated by a ConfigMap) Name: test-cm Optional: false kube-api-access-jk29d: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 41s default-scheduler Successfully assigned default/envpod4 to rke2-2 Normal Pulling 40s kubelet Pulling image "nginx" Normal Pulled 38s kubelet Successfully pulled image "nginx" in 1.391s (1.391s including waiting) Normal Created 38s kubelet Created container envpod4 Normal Started 38s kubelet Started container envpod4 root@rke2-1:~# kubectl exec -it envpod4 -- sh -c /bin/bash root@envpod4:/# ls /tmp/cm/ demo1 root@envpod4:/# cat /tmp/cm/demo1 demo1 root@envpod4:/# exit exit
おわりに
今回、"Podに環境変数を渡す"が複数あることが分かりました。
使い分けとしては、 おそらく以下のようになるのかなと感じました。
- 単体のPodを起動するだけ:その1(env/valueで定義する)
- 同じ環境変数を複数のPodで利用する:その2~4
参照サイト
Define Environment Variables for a Container
Configure a Pod to Use a ConfigMap