Pod 预设与 Kubernetes 中的 ConfigMaps
Pod presets vs ConfigMaps in Kubernetes
两者似乎实现了相同的目标 - 在构建时配置一个 pod。
谁能解释一下这两者有什么区别?
如果您认为这将使它更清楚,也许还可以在每个之后给出一个简单的 1 个用例示例。
Pod 预设比 configmaps/secrets 更具可扩展性和更强大的功能,可以将公共信息注入 Pods。
一个 Kubernetes 集群可能包含数百个 Pods。其中许多 Pods 共享共同的结构,如环境变量、ConfigMaps、秘密等。例如,在微服务使用 MySQL 的情况下,我们需要将 MySQL 凭证作为 K8s 秘密注入 pod 中.如果集群有 100 个微服务(并不少见),我们需要在所有 100 个 pod 的配置中添加以下部分。
这是非常低效且容易出错的。 Pod Preset 通过在多个 Pods 中注入公共信息来帮助我们避免这种情况,这样我们就可以将所有公共信息放在一个地方。
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: mysql-username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: mysql-password
来自pod预设设计doc。
Motivation:
Consuming a service involves more than just connectivity. In addition
to coordinates to reach the service, credentials and non-secret
configuration parameters are typically needed to use the service. The
primitives for this already exist, but a gap exists where loose
coupling is desired: it should be possible to inject pods with the
information they need to use a service on a service-by-service basis,
without the pod authors having to incorporate the information into
every pod spec where it is needed.
Use Cases
- As a user, I want to be able to provision a new pod without needing to
know the application configuration primitives the services my pod will
consume.
- As a cluster admin, I want specific configuration items of a
service to be withheld visibly from a developer deploying a service,
but not to block the developer from shipping.
- As an app developer, I
want to provision a Cloud Spanner instance and then access it from
within my Kubernetes cluster.
- As an app developer, I want the Cloud
Spanner provisioning process to configure my Kubernetes cluster so the
endpoints and credentials for my Cloud Spanner instance are implicitly
injected into Pods matching a label selector (without me having to
modify the PodSpec to add the specific Configmap/Secret containing the
endpoint/credential data).
两者似乎实现了相同的目标 - 在构建时配置一个 pod。
谁能解释一下这两者有什么区别? 如果您认为这将使它更清楚,也许还可以在每个之后给出一个简单的 1 个用例示例。
Pod 预设比 configmaps/secrets 更具可扩展性和更强大的功能,可以将公共信息注入 Pods。
一个 Kubernetes 集群可能包含数百个 Pods。其中许多 Pods 共享共同的结构,如环境变量、ConfigMaps、秘密等。例如,在微服务使用 MySQL 的情况下,我们需要将 MySQL 凭证作为 K8s 秘密注入 pod 中.如果集群有 100 个微服务(并不少见),我们需要在所有 100 个 pod 的配置中添加以下部分。
这是非常低效且容易出错的。 Pod Preset 通过在多个 Pods 中注入公共信息来帮助我们避免这种情况,这样我们就可以将所有公共信息放在一个地方。
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: mysql-username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: mysql-password
来自pod预设设计doc。
Motivation:
Consuming a service involves more than just connectivity. In addition to coordinates to reach the service, credentials and non-secret configuration parameters are typically needed to use the service. The primitives for this already exist, but a gap exists where loose coupling is desired: it should be possible to inject pods with the information they need to use a service on a service-by-service basis, without the pod authors having to incorporate the information into every pod spec where it is needed.
Use Cases
- As a user, I want to be able to provision a new pod without needing to know the application configuration primitives the services my pod will consume.
- As a cluster admin, I want specific configuration items of a service to be withheld visibly from a developer deploying a service, but not to block the developer from shipping.
- As an app developer, I want to provision a Cloud Spanner instance and then access it from within my Kubernetes cluster.
- As an app developer, I want the Cloud Spanner provisioning process to configure my Kubernetes cluster so the endpoints and credentials for my Cloud Spanner instance are implicitly injected into Pods matching a label selector (without me having to modify the PodSpec to add the specific Configmap/Secret containing the endpoint/credential data).