环境变量管理 #
一、环境变量概述 #
环境变量是Kubernetes中向容器传递配置信息的常用方式,支持多种来源和灵活配置。
1.1 环境变量来源 #
text
环境变量来源
│
├── 直接定义
│ └── value字段
│
├── ConfigMap引用
│ └── configMapKeyRef
│
├── Secret引用
│ └── secretKeyRef
│
├── 资源字段
│ └── fieldRef, resourceFieldRef
│
└── 组合引用
└── 多来源组合
1.2 环境变量特点 #
text
环境变量特点
│
├── 容器级别
│ └── 每个容器独立配置
│
├── 启动时注入
│ └── 容器启动后不可更改
│
├── 大小限制
│ └── 单个变量无限制,总大小有限制
│
└── 继承性
└── 可继承Pod环境变量
二、直接定义环境变量 #
2.1 单个变量 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: APP_ENV
value: "production"
- name: APP_PORT
value: "8080"
2.2 多个变量 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: multi-env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: APP_NAME
value: "myapp"
- name: APP_ENV
value: "production"
- name: APP_DEBUG
value: "false"
- name: APP_PORT
value: "8080"
2.3 变量引用 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: ref-env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: APP_HOME
value: "/app"
- name: CONFIG_PATH
value: "$(APP_HOME)/config"
- name: LOG_PATH
value: "$(APP_HOME)/logs"
三、从ConfigMap引用 #
3.1 单个键引用 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: app-config
key: database-host
- name: DB_PORT
valueFrom:
configMapKeyRef:
name: app-config
key: database-port
3.2 引用所有键 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: configmap-envfrom-pod
spec:
containers:
- name: app
image: nginx
envFrom:
- configMapRef:
name: app-config
3.3 添加前缀 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: prefix-env-pod
spec:
containers:
- name: app
image: nginx
envFrom:
- configMapRef:
name: app-config
prefix: APP_
四、从Secret引用 #
4.1 单个键引用 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: db-secret
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
4.2 引用所有键 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-envfrom-pod
spec:
containers:
- name: app
image: nginx
envFrom:
- secretRef:
name: db-secret
五、从资源字段引用 #
5.1 Pod字段引用 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: fieldref-pod
spec:
containers:
- name: app
image: nginx
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
5.2 可用字段 #
| 字段 | 说明 |
|---|---|
| metadata.name | Pod名称 |
| metadata.namespace | Pod命名空间 |
| metadata.uid | Pod UID |
| metadata.labels[‘key’] | Pod标签 |
| metadata.annotations[‘key’] | Pod注解 |
| spec.nodeName | 节点名称 |
| spec.serviceAccountName | ServiceAccount名称 |
| status.podIP | Pod IP |
| status.hostIP | 节点IP |
5.3 容器资源字段引用 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: resource-env-pod
spec:
containers:
- name: app
image: nginx
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "200m"
memory: "256Mi"
env:
- name: CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: MEM_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: CPU_REQUEST
valueFrom:
resourceFieldRef:
resource: requests.cpu
- name: MEM_REQUEST
valueFrom:
resourceFieldRef:
resource: requests.memory
六、组合使用 #
6.1 多来源组合 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: combined-env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: APP_ENV
value: "production"
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: app-config
key: db-host
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
envFrom:
- configMapRef:
name: app-config
prefix: CONFIG_
- secretRef:
name: app-secret
prefix: SECRET_
6.2 默认值 #
yaml
apiVersion: v1
kind: Pod
metadata:
name: default-env-pod
spec:
containers:
- name: app
image: nginx
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: app-config
key: db-host
optional: true
value: "localhost"
七、实际应用示例 #
7.1 Web应用配置 #
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: nginx
env:
- name: APP_NAME
value: "web-app"
- name: APP_ENV
valueFrom:
configMapKeyRef:
name: app-config
key: environment
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: app-config
key: db-host
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports:
- containerPort: 8080
7.2 数据库配置 #
yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql
spec:
serviceName: mysql
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: mysql:8.0
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: root-password
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: mysql-config
key: database
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysql-secret
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: password
ports:
- containerPort: 3306
八、环境变量管理 #
8.1 查看环境变量 #
bash
# 查看容器环境变量
kubectl exec -it <pod-name> -- env
# 查看特定环境变量
kubectl exec -it <pod-name> -- printenv APP_ENV
# 查看所有环境变量
kubectl exec -it <pod-name> -- printenv
8.2 调试环境变量 #
bash
# 进入容器
kubectl exec -it <pod-name> -- /bin/sh
# 查看环境变量
env | grep APP
# 使用环境变量
echo $APP_ENV
九、最佳实践 #
9.1 命名规范 #
text
命名建议
│
├── 大写字母和下划线
│ └── APP_ENV, DB_HOST
│
├── 添加前缀区分来源
│ └── DB_, REDIS_, API_
│
└── 语义化命名
└── DATABASE_URL, API_KEY
9.2 敏感数据处理 #
yaml
# 敏感数据使用Secret
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: password
9.3 配置分离 #
yaml
# 不同环境使用不同ConfigMap
envFrom:
- configMapRef:
name: app-config-$(ENVIRONMENT)
十、故障排查 #
10.1 常见问题 #
bash
# 查看Pod环境变量
kubectl exec -it <pod-name> -- env
# 查看Pod配置
kubectl describe pod <pod-name>
# 查看ConfigMap
kubectl get configmap <configmap-name> -o yaml
# 查看Secret
kubectl get secret <secret-name> -o yaml
10.2 问题诊断 #
| 问题 | 原因 | 解决方案 |
|---|---|---|
| 变量未注入 | 配置错误 | 检查env配置 |
| 值为空 | 来源不存在 | 检查ConfigMap/Secret |
| 引用失败 | 键名错误 | 检查key名称 |
十一、总结 #
11.1 核心要点 #
| 来源 | 说明 |
|---|---|
| value | 直接定义 |
| configMapKeyRef | ConfigMap引用 |
| secretKeyRef | Secret引用 |
| fieldRef | Pod字段引用 |
| resourceFieldRef | 资源字段引用 |
11.2 下一步 #
掌握了环境变量管理后,让我们学习 认证与授权,了解Kubernetes的安全机制。
最后更新:2026-03-28