Kubernetes体积绑定导致陈旧数据
Kubernetes体积绑定导致陈旧数据
提问于 2020-02-14 11:41:21
我的Kubernetes部署如下:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: "{{ .Release.Name }}-{{ .Values.web.service.name }}"
namespace: "{{ .Values.namespace }}"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
name: "{{ .Values.web.deployment.selector }}"
template:
metadata:
labels:
name: "{{ .Values.web.deployment.selector }}"
spec:
{{- if $.Values.vault.serviceAccount }}
serviceAccountName: "{{ $.Release.Name }}-vault-auth"
automountServiceAccountToken: true
{{- end }}
volumes:
- name: shared-data
emptyDir: {}
- name: vault-token
emptyDir:
medium: Memory
- name: company-config
configMap:
name: "{{ .Release.Name }}-config"
items:
- key: companyRootCA.crt
path: companyRootCA.crt
- name: vault-consul-config
configMap:
name: "{{ .Release.Name }}-vault-configmap"
items:
- key: vault_agent.hcl
path: vault_agent.hcl
- key: consul_template_config.hcl
path: consul_template_config.hcl
- key: config.tmpl
path: config.tmpl
containers:
- name: vault-agent-auth
image: vault
volumeMounts:
- name: company-config
mountPath: /etc/pki/ca-trust/source/anchors/companyRootCA.crt
subPath: companyRootCA.crt
- name: vault-consul-config
mountPath: /etc/vault/vault_agent.hcl
subPath: vault_agent.hcl
- name: vault-token
mountPath: /home/vault/
env:
- name: VAULT_ADDR
value: "{{ .Values.vault.endpoint }}"
- name: VAULT_NAMESPACE
value: "company/devops/tarchon/{{ .Values.environmentName }}"
args:
[
"agent",
"-config=/etc/vault/vault_agent.hcl",
"-log-level=debug"
]
- name: consul-template
image: hashicorp/consul-template:alpine
imagePullPolicy: Always
volumeMounts:
- name: company-config
mountPath: /etc/pki/ca-trust/source/anchors/companyRootCA.crt
subPath: companyRootCA.crt
- name: vault-consul-config
mountPath: /etc/consul-template/consul_template_config.hcl
subPath: consul_template_config.hcl
- name: vault-token
mountPath: /home/vault
- name: vault-consul-config
mountPath: /etc/templates/config.tmpl
subPath: config.tmpl
- name: shared-data
mountPath: /etc/secrets
env:
- name: HOME
value: /home/vault
- name: VAULT_ADDR
value: "{{ .Values.vault.endpoint }}"
- name: VAULT_NAMESPACE
value: "company/devops/tarchon/{{ .Values.environmentName }}"
args:
[
"-config=/etc/consul-template/consul_template_config.hcl",
"-log-level=trace",
]
- name: "{{ .Values.web.service.name }}"
image: "{{ .Values.image.registry }}:{{ .Values.image.tag }}"
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
args: [
"bash",
"-c",
"python manage.py collectstatic --noinput && gunicorn --bind :8000 --workers 3 ecops_cross_team_platform_backend.wsgi:application"
]
volumeMounts:
- name: shared-data
mountPath: /usr/src/app/config.json
subPath: config.json
{{- if $.Values.environmentVariables }}
env:
{{- range $key, $value := $.Values.environmentVariables }}
- name: {{ $key }}
valueFrom:
configMapKeyRef:
name: "{{ $.Release.Name }}-config"
key: {{ $key | quote }}
{{- end }}
{{- end }}
ports:
- containerPort: {{ .Values.web.service.port }}
resources: {}
restartPolicy: Always
status: {}consul-template生成一个文件/etc/secrets/config.json,其凭据来自共享卷shared-data中的HashiCorp Vault。
在我的应用程序容器中,我将文件绑定到不同的目录(/usr/src/app/config.json)中(因为与consul-template生成文件的位置相比,应用程序希望文件位于不同的目录中)。
问题是,每当文件config.json在安装在consul-template容器中的卷中更新时,修改就不会传播到其他容器,因此我最终会使用陈旧的非工作数据的应用程序容器。
起初,我认为这是由readOnly volumeMount选项引起的问题,但是删除后问题仍然存在。
回答 1
Stack Overflow用户
回答已采纳
发布于 2020-02-18 18:13:43
正如anmol在评论中所说的,使用目录中的subPath绑定单个文件确实是事实。
解决方案是删除subPath并将shared-data卷绑定到一个单作用域文件夹(即。/usr/src/app/credentials),这样它就不会在其他事情上出错。
解决方案:
volumeMounts:
- name: shared-data
mountPath: /usr/src/app/credentials而不是:
volumeMounts:
- name: shared-data
mountPath: /usr/src/app/config.json
subPath: config.json页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/60225646
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号