1. 说明
reflector 用于在各个 namespace 下同步 ConfigMap 配置。
此文档/项目需要如下镜像:
1
emberstack/kubernetes-reflector:6.1.47
此组件/应用将被部署到 kube-system 命名空间下。
2. 部署
导入以下配置,创建 reflector 相关的资源。
点击展开配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
apiVersion: v1
kind: ServiceAccount
metadata:
name: reflector
namespace: kube-system
labels:
helm.sh/chart: reflector-6.1.47
app.kubernetes.io/name: reflector
app.kubernetes.io/instance: reflector
app.kubernetes.io/version: "6.1.47"
app.kubernetes.io/managed-by: Helm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: reflector
namespace: kube-system
labels:
helm.sh/chart: reflector-6.1.47
app.kubernetes.io/name: reflector
app.kubernetes.io/instance: reflector
app.kubernetes.io/version: "6.1.47"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "*" ]
- apiGroups: [ "" ]
resources: [ "namespaces" ]
verbs: [ "watch", "list" ]
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "watch", "list" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: reflector
namespace: kube-system
labels:
helm.sh/chart: reflector-6.1.47
app.kubernetes.io/name: reflector
app.kubernetes.io/instance: reflector
app.kubernetes.io/version: "6.1.47"
app.kubernetes.io/managed-by: Helm
roleRef:
kind: ClusterRole
name: reflector
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: reflector
namespace: kube-system
---
# Source: reflector/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: reflector
namespace: kube-system
labels:
helm.sh/chart: reflector-6.1.47
app.kubernetes.io/name: reflector
app.kubernetes.io/instance: reflector
app.kubernetes.io/version: "6.1.47"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: reflector
app.kubernetes.io/instance: reflector
template:
metadata:
labels:
app.kubernetes.io/name: reflector
app.kubernetes.io/instance: reflector
spec:
serviceAccountName: reflector
securityContext:
fsGroup: 2000
containers:
- name: reflector
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
image: "emberstack/kubernetes-reflector:6.1.47"
imagePullPolicy: IfNotPresent
env:
- name: ES_Serilog__MinimumLevel__Default
value: "Information"
- name: ES_Reflector__Watcher__Timeout
value: ""
ports:
- name: http
containerPort: 25080
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 10
startupProbe:
httpGet:
path: /healthz
port: http
failureThreshold: 10
periodSeconds: 5
resources:
{ }
你也可以使用以下命令在线导入资源。
1
kubectl apply -n kube-system -f https://github.com/emberstack/kubernetes-reflector/releases/download/v6.1.47/reflector.yaml
导入完成后,使用以下命令查看导入结果。
1
kubectl get pods -n kube-system -l app.kubernetes.io/name=reflector
3. 验证
在 kubernetes 中导入以下配置.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
apiVersion: v1
kind: Namespace
metadata:
name: test
---
apiVersion: v1
kind: ConfigMap
metadata:
name: test-reflector
namespace: test
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "default"
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "default"
data:
test: 'ok'
导入后使用如下命令测试,如果能返回 ok 则表明部署成功。
1
kubectl get configmaps -n default test-reflector -o jsonpath='{.data.test}'