使用 ConfigMap 挂载配置文件

Intro

有一些敏感信息比如数据库连接字符串之类的出于安全考虑，这些敏感信息保存在了 AzureKeyVault 中，最近应用上了 k8s 部署，所以想把 AzureKeyVault 的信息迁移到 ConfigMap，不再依赖 AzureKeyVault。

ConfigMap

新建一个 ConfigMap，你可以从文件创建，如何创建ConfigMap 可以参考官方文档，也可以直接手动编辑，这里用的 ConfigMap 如下所示：

apiVersion: v1
kind: ConfigMap
metadata:   name: reservation-configs   namespace: default
data:   appsettings: |  {       "ConnectionStrings": {    "Redis": "redis-server",    "Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation", "ElasticSearch": "elasticsearch"    },  "MpWechat":{  "AppId": "wx4a41d3773ae55543",  "AppSecret": "**********",  "Token": "AmazingDotNet",   "AESKey": "------------"    },  "AppSettings": {  "WechatSubscribeReply": "", "SentryClientKey": "https://**" },  "Tencent": {  "Captcha": {  "AppId": "2062135016",  "AppSecret": "****" }   },  "GoogleRecaptcha": {  "SiteKey": "6Lc-**",    "Secret": "6Lc-**"  },  "Logging": {  "LogLevel": { "Default": "Warning",   "ActivityReservation": "Debug", "RequestLog": "Debug"   }   }   }

挂载 ConfigMap 中的配置文件到 Pod

Deployment 定义如下所示， 这里直接把上面定义的 appsettings 直接挂载为应用程序的根目录下 appsettings.json 文件

1. apiVersion: apps/v1

2. kind: Deployment

3. metadata:

4. name: activityreservation

5. namespace: default

6. labels:

7. app: activityreservation

8. spec:

9. replicas: 2

10. revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy

11. selector:

12. matchLabels:

13. app: activityreservation

14. minReadySeconds: 0

15. strategy:

16. type: RollingUpdate

17. rollingUpdate:

18. maxUnavailable: 1

19. maxSurge: 1

20. template:

21. metadata:

22. labels:

23. app: activityreservation

24. spec:

25. dnsConfig:

26. options:

27. - name: ndots

28. value: "1"

29. containers:

30. - name: activityreservation

31. image: weihanli/activityreservation:20190529.2

32. imagePullPolicy: IfNotPresent

33. resources:

34. limits:

35. memory: "256Mi"

36. cpu: "300m"

37. readinessProbe:

38. tcpSocket:

39. port: 80

40. initialDelaySeconds: 60

41. periodSeconds: 30

42. livenessProbe:

43. httpGet:

44. path: /Health

45. port: 80

46. initialDelaySeconds: 60

47. periodSeconds: 60

48. ports:

49. - containerPort: 80

50. volumeMounts:

51. - name: settings

52. mountPath: /app/appsettings.json

53. subPath: appsettings

54. volumes:

55. - name: settings

56. configMap:

57. name: reservation-configs

测试

1. 部署 ConfigMap

1. kubectl apply -f ConfigMap.yaml

2. 部署 deployment

1. kubectl apply -f reservation-deployment.yaml

3. 等待 pod 启动之后，查看 appsettings.json 文件内容是否成功被替换掉

获取对应的 pod 名称，然后通过 kubectlexec<pod-name>cat/app/appsettings.json 来获取pod中 appsettings.json 文件的内容

出现 ConnectionStrings 就证明文件被替换掉了，原始的配置文件里是没有 ConnectionStrings 节点的，原始的方式是通过从 AzureKeyVault 中加载的

Reference

• https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#understanding-configmaps-and-pods

• https://github.com/WeihanLi/ActivityReservation