红帽全球峰会3.3. 配置服务器组件
3.3.1. 将 Secret 或 ConfigMap 作为文件或环境变量挂载到 Red Hat OpenShift Dev Spaces 容器中
secret 是存储敏感数据的 OpenShift 对象,例如:
- 用户名
- 密码
- 身份验证令牌
以加密的形式。
用户可以挂载包含敏感数据或 OpenShift Dev Spaces 管理容器中的配置 ConfigMap 的 OpenShift Secret,如下所示:
- 一个文件
- 环境变量
挂载过程使用标准 OpenShift 挂载机制,但它需要额外的注解和标记。
3.3.1.1. 将 Secret 或 ConfigMap 作为文件挂载到 OpenShift Dev Spaces 容器中
先决条件
- 正在运行的 Red Hat OpenShift Dev Spaces 实例。
流程
在部署了 OpenShift Dev Spaces 的 OpenShift 项目中创建一个新的 OpenShift Secret 或 ConfigMap。要创建的对象标签必须与一组标签匹配:
-
app.kubernetes.io/part-of: che.eclipse.org -
app.kubernetes.io/component: <DEPLOYMENT_NAME>-<OBJECT_KIND> &
lt;DEPLOYMENT_NAME> 对应于以下部署:-
postgres -
keycloak -
devfile-registry -
plugin-registry devspaces和
-
<OBJECT_KIND> 是:secret或者
-
configmap
-
例 3.4. Example:
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-secret
...
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-secret
...或者
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-configmap
...
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-configmap
...注解必须表示,给定的对象挂载为一个文件。
配置注解值:
-
Che.eclipse.org/mount-as: file- 要表示对象作为文件挂载。 -
Che.eclipse.org/mount-path: <TARGET_PATH> - 提供所需的挂载路径。
-
例 3.5. Example:
apiVersion: v1
kind: Secret
metadata:
name: custom-data
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
labels:
...
apiVersion: v1
kind: Secret
metadata:
name: custom-data
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
labels:
...或者
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-data
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
labels:
...
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-data
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
labels:
...OpenShift 对象可以包含多个项目,其名称必须与挂载到容器中所需的文件名匹配。
例 3.6. Example:
apiVersion: v1
kind: Secret
metadata:
name: custom-data
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-secret
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
data:
ca.crt: <base64 encoded data content here>
apiVersion: v1
kind: Secret
metadata:
name: custom-data
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-secret
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
data:
ca.crt: <base64 encoded data content here>或者
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-data
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-configmap
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
data:
ca.crt: <data content here>
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-data
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-configmap
annotations:
che.eclipse.org/mount-as: file
che.eclipse.org/mount-path: /data
data:
ca.crt: <data content here>
这会导致名为 ca.crt 的文件挂载到 OpenShift Dev Spaces 容器的 /data 路径上。
要在 OpenShift Dev Spaces 容器中进行更改,请完全重新创建对象。
3.3.1.2. 将 Secret 或 ConfigMap 作为环境变量挂载到 OpenShift Dev Spaces 容器中
先决条件
- 正在运行的 Red Hat OpenShift Dev Spaces 实例。
流程
在部署了 OpenShift Dev Spaces 的 OpenShift 项目中创建一个新的 OpenShift Secret 或 ConfigMap。要创建的对象标签必须与一组标签匹配:
-
app.kubernetes.io/part-of: che.eclipse.org -
app.kubernetes.io/component: <DEPLOYMENT_NAME>-<OBJECT_KIND> &
lt;DEPLOYMENT_NAME> 对应于以下部署:-
postgres -
keycloak -
devfile-registry -
plugin-registry devspaces和
-
<OBJECT_KIND> 是:secret或者
-
configmap
-
例 3.7. Example:
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-secret
...
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-secret
...或者
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-configmap
...
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: devspaces-configmap
...注解必须表示给定对象作为环境变量挂载。
配置注解值:
-
Che.eclipse.org/mount-as: env- 表示对象作为环境变量挂载 -
Che.eclipse.org/env-name : <FOO_ENV> - 提供环境变量名称,这是挂载对象键值所必需的
-
例 3.8. Example:
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
annotations:
che.eclipse.org/env-name: FOO_ENV
che.eclipse.org/mount-as: env
labels:
...
data:
mykey: myvalue
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
annotations:
che.eclipse.org/env-name: FOO_ENV
che.eclipse.org/mount-as: env
labels:
...
data:
mykey: myvalue或者
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
annotations:
che.eclipse.org/env-name: FOO_ENV
che.eclipse.org/mount-as: env
labels:
...
data:
mykey: myvalue
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
annotations:
che.eclipse.org/env-name: FOO_ENV
che.eclipse.org/mount-as: env
labels:
...
data:
mykey: myvalue这会导致两个环境变量:
-
FOO_ENV -
myvalue
被置备到 OpenShift Dev Spaces 容器中。
如果对象提供多个数据项,则必须为每个数据键提供环境变量名称,如下所示:
例 3.9. Example:
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
annotations:
che.eclipse.org/mount-as: env
che.eclipse.org/mykey_env-name: FOO_ENV
che.eclipse.org/otherkey_env-name: OTHER_ENV
labels:
...
data:
mykey: __<base64 encoded data content here>__
otherkey: __<base64 encoded data content here>__
apiVersion: v1
kind: Secret
metadata:
name: custom-settings
annotations:
che.eclipse.org/mount-as: env
che.eclipse.org/mykey_env-name: FOO_ENV
che.eclipse.org/otherkey_env-name: OTHER_ENV
labels:
...
data:
mykey: __<base64 encoded data content here>__
otherkey: __<base64 encoded data content here>__或者
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
annotations:
che.eclipse.org/mount-as: env
che.eclipse.org/mykey_env-name: FOO_ENV
che.eclipse.org/otherkey_env-name: OTHER_ENV
labels:
...
data:
mykey: __<data content here>__
otherkey: __<data content here>__
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-settings
annotations:
che.eclipse.org/mount-as: env
che.eclipse.org/mykey_env-name: FOO_ENV
che.eclipse.org/otherkey_env-name: OTHER_ENV
labels:
...
data:
mykey: __<data content here>__
otherkey: __<data content here>__这会导致两个环境变量:
-
FOO_ENV -
OTHER_ENV
被置备到 OpenShift Dev Spaces 容器中。
OpenShift 对象中注解名称的最大长度为 63 个字符,其中 9 个字符作为前缀被保留,以 / 结尾。这充当可用于对象的密钥最大长度的限制。
要在 OpenShift Dev Spaces 容器中进行更改,请完全重新创建对象。
3.3.2. Dev Spaces 服务器的高级配置选项
以下小节描述了 OpenShift Dev Spaces 服务器组件的高级部署和配置方法。
3.3.2.1. 了解 OpenShift Dev Spaces 服务器高级配置
以下小节描述了 OpenShift Dev Spaces 服务器组件高级配置方法。
高级配置需要:
-
添加不是由 Operator 从标准
CheCluster自定义资源字段自动生成环境变量。 -
覆盖 Operator 从标准
CheCluster自定义资源字段自动生成属性。
customCheProperties 字段是 CheCluster 自定义资源 服务器设置 的一部分,包含要应用到 OpenShift Dev Spaces 服务器组件的附加环境变量映射。
例 3.10. 覆盖工作区的默认内存限值
配置
CheCluster自定义资源。请参阅 第 3.1.2 节 “使用 CLI 配置 CheCluster 自定义资源”。apiVersion: org.eclipse.che/v2 kind: CheCluster spec: components: cheServer: extraProperties: CHE_LOGS_APPENDERS_IMPL: jsonapiVersion: org.eclipse.che/v2 kind: CheCluster spec: components: cheServer: extraProperties: CHE_LOGS_APPENDERS_IMPL: jsonCopy to Clipboard Copied!
OpenShift Dev Spaces Operator 的早期版本有一个名为 custom 的 ConfigMap 来满足此角色。如果 OpenShift Dev Spaces Operator 找到名为 custom 的 configMap,它会将其包含的数据添加到 customCheProperties 字段中,重新部署 OpenShift Dev Spaces,并删除 自定义 configMap。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}