configmap
挂载配置文件有一些敏感信息比如数据库连接字符串之类的出于安全考虑,这些敏感信息保存在了 azure keyvault
中,最近应用上了 k8s 部署,所以想把 azure keyvault
的信息迁移到 configmap
,不再依赖 azure keyvault
。
新建一个 configmap,你可以从文件创建,如何创建configmap 可以参考,也可以直接手动编辑,这里用的 configmap 如下所示:
apiversion: v1 kind: configmap metadata: name: reservation-configs namespace: default data: appsettings: | { "connectionstrings": { "redis": "redis-server", "reservation": "server=localhost;uid=liweihan;pwd=**;database=reservation", "elasticsearch": "elasticsearch" }, "mpwechat":{ "appid": "wx4a41d3773ae55543", "appsecret": "**********", "token": "amazingdotnet", "aeskey": "------------" }, "appsettings": { "wechatsubscribereply": "", "sentryclientkey": "https://**" }, "tencent": { "captcha": { "appid": "2062135016", "appsecret": "****" } }, "googlerecaptcha": { "sitekey": "6lc-**", "secret": "6lc-**" }, "logging": { "loglevel": { "default": "warning", "activityreservation": "debug", "requestlog": "debug" } } }
deployment 定义如下所示, 这里直接把上面定义的 appsettings 直接挂载为应用程序的根目录下 appsettings.json
文件
apiversion: apps/v1 kind: deployment metadata: name: activityreservation namespace: default labels: app: activityreservation spec: replicas: 2 revisionhistorylimit: 2 # how many old replicasets for this deployment you want to retain, https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy selector: matchlabels: app: activityreservation minreadyseconds: 0 strategy: type: rollingupdate rollingupdate: maxunavailable: 1 maxsurge: 1 template: metadata: labels: app: activityreservation spec: dnsconfig: options: - name: ndots value: "1" containers: - name: activityreservation image: weihanli/activityreservation:20190529.2 imagepullpolicy: ifnotpresent resources: limits: memory: "256mi" cpu: "300m" readinessprobe: tcpsocket: port: 80 initialdelayseconds: 60 periodseconds: 30 livenessprobe: httpget: path: /health port: 80 initialdelayseconds: 60 periodseconds: 60 ports: - containerport: 80 volumemounts: - name: settings mountpath: /app/appsettings.json subpath: appsettings volumes: - name: settings configmap: name: reservation-configs
部署 configmap
kubectl apply -f configmap.yaml
部署 deployment
kubectl apply -f reservation-deployment.yaml
等待 pod 启动之后,查看 appsettings.json
文件内容是否成功被替换掉
获取对应的 pod 名称,然后通过 kubectl exec <pod-name> cat /app/appsettings.json
来获取pod中 appsettings.json 文件的内容
出现 connectionstrings 就证明文件被替换掉了,原始的配置文件里是没有 connectionstrings 节点的,原始的方式是通过从 azure keyvault
中加载的
如对本文有疑问, 点击进行留言回复!!
开发者们,鸿蒙HMS全球应用创新大赛喊你来拿100万美元大奖!
网友评论