歡迎光臨
每天分享高質量文章

使用 ConfigMap 掛載配置檔案

使用 ConfigMap 掛載配置檔案

Intro

有一些敏感信息比如資料庫連接字串之類的出於安全考慮,這些敏感信息儲存在了 AzureKeyVault 中,最近應用上了 k8s 部署,所以想把 AzureKeyVault 的信息遷移到 ConfigMap,不再依賴 AzureKeyVault

ConfigMap

新建一個 ConfigMap,你可以從檔案創建,如何創建ConfigMap 可以參考官方文件,也可以直接手動編輯,這裡用的 ConfigMap 如下所示:

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4. name: reservation-configs
  5. namespace: default
  6. data:
  7. appsettings: |
  8. {
  9. "ConnectionStrings": {
  10. "Redis": "redis-server",
  11. "Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation",
  12. "ElasticSearch": "elasticsearch"
  13. },
  14. "MpWechat":{
  15. "AppId": "wx4a41d3773ae55543",
  16. "AppSecret": "**********",
  17. "Token": "AmazingDotNet",
  18. "AESKey": "------------"
  19. },
  20. "AppSettings": {
  21. "WechatSubscribeReply": "",
  22. "SentryClientKey": "https://**"
  23. },
  24. "Tencent": {
  25. "Captcha": {
  26. "AppId": "2062135016",
  27. "AppSecret": "****"
  28. }
  29. },
  30. "GoogleRecaptcha": {
  31. "SiteKey": "6Lc-**",
  32. "Secret": "6Lc-**"
  33. },
  34. "Logging": {
  35. "LogLevel": {
  36. "Default": "Warning",
  37. "ActivityReservation": "Debug",
  38. "RequestLog": "Debug"
  39. }
  40. }
  41. }

掛載 ConfigMap 中的配置檔案到 Pod

Deployment 定義如下所示, 這裡直接把上面定義的 appsettings 直接掛載為應用程式的根目錄下 appsettings.json 檔案

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. name: activityreservation
  5. namespace: default
  6. labels:
  7. app: activityreservation
  8. spec:
  9. replicas: 2
  10. revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
  11. selector:
  12. matchLabels:
  13. app: activityreservation
  14. minReadySeconds: 0
  15. strategy:
  16. type: RollingUpdate
  17. rollingUpdate:
  18. maxUnavailable: 1
  19. maxSurge: 1
  20. template:
  21. metadata:
  22. labels:
  23. app: activityreservation
  24. spec:
  25. dnsConfig:
  26. options:
  27. - name: ndots
  28. value: "1"
  29. containers:
  30. - name: activityreservation
  31. image: weihanli/activityreservation:20190529.2
  32. imagePullPolicy: IfNotPresent
  33. resources:
  34. limits:
  35. memory: "256Mi"
  36. cpu: "300m"
  37. readinessProbe:
  38. tcpSocket:
  39. port: 80
  40. initialDelaySeconds: 60
  41. periodSeconds: 30
  42. livenessProbe:
  43. httpGet:
  44. path: /Health
  45. port: 80
  46. initialDelaySeconds: 60
  47. periodSeconds: 60
  48. ports:
  49. - containerPort: 80
  50. volumeMounts:
  51. - name: settings
  52. mountPath: /app/appsettings.json
  53. subPath: appsettings
  54.  
  55. volumes:
  56. - name: settings
  57. configMap:
  58. name: reservation-configs

測試

1. 部署 ConfigMap

  1. kubectl apply -f ConfigMap.yaml

2. 部署 deployment

  1. kubectl apply -f reservation-deployment.yaml

3. 等待 pod 啟動之後,查看 appsettings.json 檔案內容是否成功被替換掉

獲取對應的 pod 名稱,然後通過 kubectlexec<pod-name>cat/app/appsettings.json 來獲取pod中 appsettings.json 檔案的內容

出現 ConnectionStrings 就證明檔案被替換掉了,原始的配置檔案里是沒有 ConnectionStrings 節點的,原始的方式是通過從 AzureKeyVault 中加載的

 

Reference

  • https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#understanding-configmaps-and-pods
  • https://github.com/WeihanLi/ActivityReservation
赞(0)

分享創造快樂