使用 ConfigMap 挂载配置文件

Intro

有一些敏感信息比如数据库连接字符串之类的出于安全考虑，这些敏感信息保存在了 AzureKeyVault 中，最近应用上了 k8s 部署，所以想把 AzureKeyVault 的信息迁移到 ConfigMap，不再依赖 AzureKeyVault。

ConfigMap

新建一个 ConfigMap，你可以从文件创建，如何创建ConfigMap 可以参考官方文档，也可以直接手动编辑，这里用的 ConfigMap 如下所示：

apiVersion: v1	
kind: ConfigMap	
metadata:	name: reservation-configs	namespace: default	
data:	appsettings: |	{      	"ConnectionStrings": {	"Redis": "redis-server",	"Reservation": "Server=localhost;uid=liweihan;pwd=**;database=Reservation",	"ElasticSearch": "elasticsearch"	},	"MpWechat":{	"AppId": "wx4a41d3773ae55543",	"AppSecret": "**********",	"Token": "AmazingDotNet",	"AESKey": "------------"	},	"AppSettings": {	"WechatSubscribeReply": "",	"SentryClientKey": "https://**"	},	"Tencent": {	"Captcha": {	"AppId": "2062135016",	"AppSecret": "****"	}	},	"GoogleRecaptcha": {	"SiteKey": "6Lc-**",	"Secret": "6Lc-**"	},	"Logging": {	"LogLevel": {	"Default": "Warning",	"ActivityReservation": "Debug",	"RequestLog": "Debug"	}	}	}

挂载 ConfigMap 中的配置文件到 Pod

Deployment 定义如下所示， 这里直接把上面定义的 appsettings 直接挂载为应用程序的根目录下 appsettings.json 文件

1. apiVersion: apps/v1

2. kind: Deployment

3. metadata:

4. name: activityreservation

5. namespace: default

6. labels:

7. app: activityreservation

8. spec:

9. replicas: 2

10. revisionHistoryLimit: 2 # how many old ReplicaSets for this Deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy

11. selector:

12. matchLabels:

13. app: activityreservation

14. minReadySeconds: 0

15. strategy:

16. type: RollingUpdate

17. rollingUpdate:

18. maxUnavailable: 1

19. maxSurge: 1

20. template:

21. metadata:

22. labels:

23. app: activityreservation

24. spec:

25. dnsConfig:

26. options:

27. - name: ndots

28. value: "1"

29. containers:

30. - name: activityreservation

31. image: weihanli/activityreservation:20190529.2

32. imagePullPolicy: IfNotPresent

33. resources:

34. limits:

35. memory: "256Mi"

36. cpu: "300m"

37. readinessProbe:

38. tcpSocket:

39. port: 80

40. initialDelaySeconds: 60

41. periodSeconds: 30

42. livenessProbe:

43. httpGet:

44. path: /Health

45. port: 80

46. initialDelaySeconds: 60

47. periodSeconds: 60

48. ports:

49. - containerPort: 80

50. volumeMounts:

51. - name: settings

52. mountPath: /app/appsettings.json

53. subPath: appsettings

54. 
    

55. volumes:

56. - name: settings

57. configMap:

58. name: reservation-configs

测试

1. 部署 ConfigMap

1. kubectl apply -f ConfigMap.yaml

2. 部署 deployment

1. kubectl apply -f reservation-deployment.yaml

3. 等待 pod 启动之后，查看 appsettings.json 文件内容是否成功被替换掉

获取对应的 pod 名称，然后通过 kubectlexec<pod-name>cat/app/appsettings.json 来获取pod中 appsettings.json 文件的内容

出现 ConnectionStrings 就证明文件被替换掉了，原始的配置文件里是没有 ConnectionStrings 节点的，原始的方式是通过从 AzureKeyVault 中加载的

Reference

• https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#understanding-configmaps-and-pods

• https://github.com/WeihanLi/ActivityReservation

---