使用 ConfigMap 掛載配置檔案

Intro

有一些敏感資訊比如資料庫連線字串之類的出於安全考慮，這些敏感資訊儲存在了 AzureKeyVault 中，最近應用上了 k8s 部署，所以想把 AzureKeyVault 的資訊遷移到 ConfigMap，不再依賴 AzureKeyVault。

ConfigMap

新建一個 ConfigMap，你可以從檔案建立，如何建立ConfigMap 可以參考官方檔案，也可以直接手動編輯，這裡用的 ConfigMap 如下所示：

1. apiVersion: v1
2. kind: ConfigMap
3. metadata:
4. name: reservation-configs
5. namespace: default
6. data:
7. appsettings: |
8. {
9. "ConnectionStrings": {
10. "Redis": "redis-server",
11. "Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation",
12. "ElasticSearch": "elasticsearch"
13. },
14. "MpWechat":{
15. "AppId": "wx4a41d3773ae55543",
16. "AppSecret": "**********",
17. "Token": "AmazingDotNet",
18. "AESKey": "------------"
19. },
20. "AppSettings": {
21. "WechatSubscribeReply": "",
22. "SentryClientKey": "https://**"
23. },
24. "Tencent": {
25. "Captcha": {
26. "AppId": "2062135016",
27. "AppSecret": "****"
28. }
29. },
30. "GoogleRecaptcha": {
31. "SiteKey": "6Lc-**",
32. "Secret": "6Lc-**"
33. },
34. "Logging": {
35. "LogLevel": {
36. "Default": "Warning",
37. "ActivityReservation": "Debug",
38. "RequestLog": "Debug"
39. }
40. }
41. }

掛載 ConfigMap 中的配置檔案到 Pod

Deployment 定義如下所示， 這裡直接把上面定義的 appsettings 直接掛載為應用程式的根目錄下 appsettings.json 檔案

1. apiVersion: apps/v1
2. kind: Deployment
3. metadata:
4. name: activityreservation
5. namespace: default
6. labels:
7. app: activityreservation
8. spec:
9. replicas: 2
10. revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
11. selector:
12. matchLabels:
13. app: activityreservation
14. minReadySeconds: 0
15. strategy:
16. type: RollingUpdate
17. rollingUpdate:
18. maxUnavailable: 1
19. maxSurge: 1
20. template:
21. metadata:
22. labels:
23. app: activityreservation
24. spec:
25. dnsConfig:
26. options:
27. - name: ndots
28. value: "1"
29. containers:
30. - name: activityreservation
31. image: weihanli/activityreservation:20190529.2
32. imagePullPolicy: IfNotPresent
33. resources:
34. limits:
35. memory: "256Mi"
36. cpu: "300m"
37. readinessProbe:
38. tcpSocket:
39. port: 80
40. initialDelaySeconds: 60
41. periodSeconds: 30
42. livenessProbe:
43. httpGet:
44. path: /Health
45. port: 80
46. initialDelaySeconds: 60
47. periodSeconds: 60
48. ports:
49. - containerPort: 80
50. volumeMounts:
51. - name: settings
52. mountPath: /app/appsettings.json
53. subPath: appsettings
54.  
55. volumes:
56. - name: settings
57. configMap:
58. name: reservation-configs

測試

1. 部署 ConfigMap

1. kubectl apply -f ConfigMap.yaml

2. 部署 deployment

1. kubectl apply -f reservation-deployment.yaml

3. 等待 pod 啟動之後，檢視 appsettings.json 檔案內容是否成功被替換掉

獲取對應的 pod 名稱，然後透過 kubectlexec<pod-name>cat/app/appsettings.json 來獲取pod中 appsettings.json 檔案的內容

出現 ConnectionStrings 就證明檔案被替換掉了，原始的配置檔案裡是沒有 ConnectionStrings 節點的，原始的方式是透過從 AzureKeyVault 中載入的

 

Reference

• https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#understanding-configmaps-and-pods
• https://github.com/WeihanLi/ActivityReservation