使用 ConfigMap 挂载配置文件

Intro

有一些敏感信息比如数据库连接字符串之类的出于安全考虑，这些敏感信息保存在了 Azure KeyVault 中，最近应用上了 k8s 部署，所以想把 Azure KeyVault 的信息迁移到 ConfigMap，不再依赖 Azure KeyVault。

ConfigMap

新建一个 ConfigMap，你可以从文件创建，如何创建ConfigMap 可以参考官方文档，也可以直接手动编辑，这里用的 ConfigMap 如下所示：

apiVersion: v1
kind: ConfigMap
metadata:
  name: reservation-configs
  namespace: default
data:
  appsettings: |
    {      
      "ConnectionStrings": {
        "Redis": "redis-server","Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation","ElasticSearch": "elasticsearch"
      },"MpWechat":{
        "AppId": "wx4a41d3773ae55543","AppSecret": "**********","Token": "AmazingDotNet","AESKey": "------------"
      },"AppSettings": {
        "WechatSubscribeReply": "","SentryClientKey": "https://**"
      },"Tencent": {
        "Captcha": {
          "AppId": "2062135016","AppSecret": "****"
        }
      },"GoogleRecaptcha": {
        "SiteKey": "6Lc-**","Secret": "6Lc-**"
      },"Logging": {
        "LogLevel": {
          "Default": "Warning","ActivityReservation": "Debug","RequestLog": "Debug"
        }
      }
    }

挂载 ConfigMap 中的配置文件到 Pod

Deployment 定义如下所示， 这里直接把上面定义的 appsettings 直接挂载为应用程序的根目录下 appsettings.json 文件

apiVersion: apps/v1
kind: Deployment
metadata:
  name: activityreservation
  namespace: default
  labels:
    app: activityreservation
spec:
  replicas: 2
  revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain,https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy
  selector:
    matchLabels:
      app: activityreservation
  minReadySeconds: 0
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: activityreservation
    spec:
      dnsConfig:
        options:
          - name: ndots
            value: "1"
      containers:        
        - name: activityreservation
          image: weihanli/activityreservation:20190529.2
          imagePullPolicy: IfNotPresent
          resources:
            limits:
              memory: "256Mi"
              cpu: "300m"
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 60
            periodSeconds: 30
          livenessProbe:
            httpGet:
              path: /Health
              port: 80
            initialDelaySeconds: 60
            periodSeconds: 60
          ports:
            - containerPort: 80
          volumeMounts:
          - name: settings
            mountPath: /app/appsettings.json
            subPath: appsettings

      volumes:
        - name: settings
          configMap:
            name: reservation-configs

测试

1. 部署 ConfigMap

   kubectl apply -f ConfigMap.yaml
   

2. 部署 deployment

   kubectl apply -f reservation-deployment.yaml
   

3. 等待 pod 启动之后，查看 appsettings.json 文件内容是否成功被替换掉

   获取对应的 pod 名称，然后通过 kubectl exec <pod-name> cat /app/appsettings.json 来获取pod中 appsettings.json 文件的内容

   出现 ConnectionStrings 就证明文件被替换掉了，原始的配置文件里是没有 ConnectionStrings 节点的，原始的方式是通过从 Azure KeyVault 中加载的

Reference

• https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#understanding-configmaps-and-pods
• https://github.com/WeihanLi/ActivityReservation

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!