使用 ConfigMap 挂载配置文件

使用 ConfigMap 挂载配置文件

Intro

有一些敏感信息比如数据库连接字符串之类的出于安全考虑,这些敏感信息保存在了 AzureKeyVault 中,最近应用上了 k8s 部署,所以想把 AzureKeyVault 的信息迁移到 ConfigMap,不再依赖 AzureKeyVault

ConfigMap

新建一个 ConfigMap,你可以从文件创建,如何创建ConfigMap 可以参考官方文档,也可以直接手动编辑,这里用的 ConfigMap 如下所示:

apiVersion: v1	
kind: ConfigMap	
metadata:	
  name: reservation-configs	
  namespace: default	
data:	
  appsettings: |	
    {      	
      "ConnectionStrings": {	
        "Redis": "redis-server",	
        "Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation",	
        "ElasticSearch": "elasticsearch"	
      },	
      "MpWechat":{	
        "AppId": "wx4a41d3773ae55543",	
        "AppSecret": "**********",	
        "Token": "AmazingDotNet",	
        "AESKey": "------------"	
      },	
      "AppSettings": {	
        "WechatSubscribeReply": "",	
        "SentryClientKey": "https://**"	
      },	
      "Tencent": {	
        "Captcha": {	
          "AppId": "2062135016",	
          "AppSecret": "****"	
        }	
      },	
      "GoogleRecaptcha": {	
        "SiteKey": "6Lc-**",	
        "Secret": "6Lc-**"	
      },	
      "Logging": {	
        "LogLevel": {	
          "Default": "Warning",	
          "ActivityReservation": "Debug",	
          "RequestLog": "Debug"	
        }	
      }	
    }

挂载 ConfigMap 中的配置文件到 Pod

Deployment 定义如下所示, 这里直接把上面定义的 appsettings 直接挂载为应用程序的根目录下 appsettings.json 文件

 
   
  1. apiVersion: apps/v1

  2. kind: Deployment

  3. metadata:

  4. name: activityreservation

  5. namespace: default

  6. labels:

  7. app: activityreservation

  8. spec:

  9. replicas: 2

  10. revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy

  11. selector:

  12. matchLabels:

  13. app: activityreservation

  14. minReadySeconds: 0

  15. strategy:

  16. type: RollingUpdate

  17. rollingUpdate:

  18. maxUnavailable: 1

  19. maxSurge: 1

  20. template:

  21. metadata:

  22. labels:

  23. app: activityreservation

  24. spec:

  25. dnsConfig:

  26. options:

  27. - name: ndots

  28. value: "1"

  29. containers:

  30. - name: activityreservation

  31. image: weihanli/activityreservation:20190529.2

  32. imagePullPolicy: IfNotPresent

  33. resources:

  34. limits:

  35. memory: "256Mi"

  36. cpu: "300m"

  37. readinessProbe:

  38. tcpSocket:

  39. port: 80

  40. initialDelaySeconds: 60

  41. periodSeconds: 30

  42. livenessProbe:

  43. httpGet:

  44. path: /Health

  45. port: 80

  46. initialDelaySeconds: 60

  47. periodSeconds: 60

  48. ports:

  49. - containerPort: 80

  50. volumeMounts:

  51. - name: settings

  52. mountPath: /app/appsettings.json

  53. subPath: appsettings


  54. volumes:

  55. - name: settings

  56. configMap:

  57. name: reservation-configs

测试

1. 部署 ConfigMap

 
   
  1. kubectl apply -f ConfigMap.yaml

2. 部署 deployment

 
   
  1. kubectl apply -f reservation-deployment.yaml

3. 等待 pod 启动之后,查看 appsettings.json 文件内容是否成功被替换掉

获取对应的 pod 名称,然后通过 kubectlexec<pod-name>cat/app/appsettings.json 来获取pod中 appsettings.json 文件的内容

出现 ConnectionStrings 就证明文件被替换掉了,原始的配置文件里是没有 ConnectionStrings 节点的,原始的方式是通过从 AzureKeyVault 中加载的


使用 ConfigMap 挂载配置文件_第1张图片

Reference

  • https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#understanding-configmaps-and-pods

  • https://github.com/WeihanLi/ActivityReservation


640?wx_fmt=jpeg


你可能感兴趣的:(使用 ConfigMap 挂载配置文件)