K8S|config自动更新器reloader

背景

在不使用配置中心的情况,我们写应用一般会使用环境变量和配置文件保存程序运行的依赖条件,比如:监听IP,端口等.这类应用迁入k8s时,一般都会通过configmap的方式来进行管理.那么问题来了:configmap修改以后有时需要重启pod以实现让应用重新加载配置的目的,尤其像如果将配置文件放在了configmap里,只能通过滚动更新来实现加载新配置.
reloader的工作便是:当你修改了configmap或secret,它来帮你重启相应的Pod.

部署

默认部署到default名称空间

wget https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
sed -i 's#RELEASE-NAME#config#g' reloader.yaml
kubectl apply -f reloader.yaml

部署到 kube-system 命名空间下

reloader.yaml

---
# Source: reloader/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: kube-system
  labels:
    app: config-reloader
    chart: "reloader-v0.0.39"
    release: "config"
    heritage: "Tiller"
    group: com.stakater.platform
    provider: stakater
    version: v0.0.39

  name: config-reloader
spec:
  replicas: 1
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: config-reloader
      release: "config"
  template:
    metadata:
      namespace: kube-system
      labels:
        app: config-reloader
        chart: "reloader-v0.0.39"
        release: "config"
        heritage: "Tiller"
        group: com.stakater.platform
        provider: stakater
        version: v0.0.39

    spec:
      containers:
      - env:
        image: "stakater/reloader:v0.0.39"
        imagePullPolicy: IfNotPresent
        name: config-reloader
        args:
      serviceAccountName: reloader

---
# Source: reloader/templates/clusterrole.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  labels:
    app: config-reloader
    chart: "reloader-v0.0.39"
    release: "config"
    heritage: "Tiller"
  name: config-reloader-role
  namespace: kube-system
rules:
  - apiGroups:
      - ""
    resources:
      - secrets
      - configmaps
    verbs:
      - list
      - get
      - watch
  - apiGroups:
      - "apps"
    resources:
      - deployments
      - daemonsets
      - statefulsets
    verbs:
      - list
      - get
      - update
      - patch
  - apiGroups:
      - "extensions"
    resources:
      - deployments
      - daemonsets
    verbs:
      - list
      - get
      - update
      - patch

---
# Source: reloader/templates/rolebinding.yaml

---
# Source: reloader/templates/clusterrolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  labels:
    app: config-reloader
    chart: "reloader-v0.0.39"
    release: "config"
    heritage: "Tiller"
  name: config-reloader-role-binding
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: config-reloader-role
subjects:
  - kind: ServiceAccount
    name: reloader
    namespace: kube-system

---
# Source: reloader/templates/serviceaccount.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: kube-system
  labels:
    app: config-reloader
    chart: "reloader-v0.0.39"
    release: "config"
    heritage: "Tiller"
  name: reloader
kubectl apply -f reloader.yaml

deployment 使用说明

如果某deployment需要随着configmap的更新而自动重启pods
只需要添加注释reloader.stakater.com/auto: "true"即可:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {APP_NAME}-deployment
  annotations:
    reloader.stakater.com/auto: "true"
... ...

拓展

  • 指定 configmap 更新,滚动更新deployment

configmap中以逗号间隔

kind: Deployment
metadata:
  annotations:
    configmap.reloader.stakater.com/reload: "foo-configmap,bar-configmap,baz-configmap"
spec:
  template:
    metadata:
  • 指定 secret, 与 configmap 配置一致

参考链接

https://github.com/stakater/Reloader


相关博文

About rainbird

IOS攻城狮
This entry was posted in K8S and tagged , , , , , , , , . Bookmark the permalink.

发表评论