使用 ConfigMap
挂载配置文件
Intro
有一些敏感信息比如数据库连接字符串之类的出于安全考虑,这些敏感信息保存在了 Azure KeyVault
中,最近应用上了 k8s 部署,所以想把 Azure KeyVault
的信息迁移到 ConfigMap
,不再依赖 Azure KeyVault
。
ConfigMap
新建一个 ConfigMap,你可以从文件创建,如何创建ConfigMap 可以参考官方文档,也可以直接手动编辑,这里用的 ConfigMap 如下所示:
apiVersion: v1
kind: ConfigMap
metadata:
name: reservation-configs
namespace: default
data:
appsettings: |
{
"ConnectionStrings": {
"Redis": "redis-server",
"Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation",
"ElasticSearch": "elasticsearch"
},
"MpWechat":{
"AppId": "wx4a41d3773ae55543",
"AppSecret": "**********",
"Token": "AmazingDotNet",
"AESKey": "------------"
},
"AppSettings": {
"WechatSubscribeReply": "",
"SentryClientKey": "https://**"
},
"Tencent": {
"Captcha": {
"AppId": "2062135016",
"AppSecret": "****"
}
},
"GoogleRecaptcha": {
"SiteKey": "6Lc-**",
"Secret": "6Lc-**"
},
"Logging": {
"LogLevel": {
"Default": "Warning",
"ActivityReservation": "Debug",
"RequestLog": "Debug"
}
}
}
挂载 ConfigMap 中的配置文件到 Pod
Deployment 定义如下所示, 这里直接把上面定义的 appsettings 直接挂载为应用程序的根目录下 appsettings.json
文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: activityreservation
namespace: default
labels:
app: activityreservation
spec:
replicas: 2
revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
selector:
matchLabels:
app: activityreservation
minReadySeconds: 0
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
template:
metadata:
labels:
app: activityreservation
spec:
dnsConfig:
options:
- name: ndots
value: "1"
containers:
- name: activityreservation
image: weihanli/activityreservation:20190529.2
imagePullPolicy: IfNotPresent
resources:
limits:
memory: "256Mi"
cpu: "300m"
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 60
periodSeconds: 30
livenessProbe:
httpGet:
path: /Health
port: 80
initialDelaySeconds: 60
periodSeconds: 60
ports:
- containerPort: 80
volumeMounts:
- name: settings
mountPath: /app/appsettings.json
subPath: appsettings
volumes:
- name: settings
configMap:
name: reservation-configs
测试
-
部署
ConfigMap
kubectl apply -f ConfigMap.yaml
-
部署
deployment
kubectl apply -f reservation-deployment.yaml
-
等待 pod 启动之后,查看
appsettings.json
文件内容是否成功被替换掉获取对应的 pod 名称,然后通过
kubectl exec <pod-name> cat /app/appsettings.json
来获取pod中 appsettings.json 文件的内容出现 ConnectionStrings 就证明文件被替换掉了,原始的配置文件里是没有 ConnectionStrings 节点的,原始的方式是通过从
Azure KeyVault
中加载的