← Каталог
Управление конфигурациями и окружениями — ConfigMap и Secret
Фрагмент из «Управление конфигурациями и окружениями»: ConfigMap и Secret.
# ConfigMap — неконфиденциальные параметры
apiVersion: v1
kind: ConfigMap
metadata:
name: myapp-config
namespace: production
data:
ENVIRONMENT: "production"
LOG_LEVEL: "warning"
LOG_FORMAT: "json"
METRICS_ENABLED: "true"
TRACING_ENABLED: "true"
REQUEST_TIMEOUT: "30"
CACHE_TTL: "600"
# Конфигурационный файл
app.yaml: |
service:
name: myapp
version: "2.5.0"
features:
new_checkout: false
recommendations_v2: true
limits:
max_connections: 100
request_queue_size: 1000
---
# Secret — конфиденциальные параметры
apiVersion: v1
kind: Secret
metadata:
name: myapp-secrets
namespace: production
type: Opaque
stringData:
DATABASE_URL: "postgresql://user:pass@db.internal:5432/myapp"
REDIS_URL: "redis://cache.internal:6379/0"
JWT_SECRET: "very-long-and-secure-jwt-secret-key"
STRIPE_SECRET_KEY: "sk_live_4eC39HqLyjWDarjtT1zdp7dc"
---
# Deployment с использованием ConfigMap и Secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: production
spec:
replicas: 6
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:2.5.0
# Переменные окружения из ConfigMap
envFrom:
- configMapRef:
name: myapp-config
- secretRef:
name: myapp-secrets
# Отдельные переменные
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
# Монтирование конфигурационного файла
volumeMounts:
- name: config-volume
mountPath: /etc/myapp
readOnly: true
volumes:
- name: config-volume
configMap:
name: myapp-config
items:
- key: app.yaml
path: app.yaml# ConfigMap — неконфиденциальные параметры
apiVersion: v1
kind: ConfigMap
metadata:
name: myapp-config
namespace: production
data:
ENVIRONMENT: "production"
LOG_LEVEL: "warning"
LOG_FORMAT: "json"
METRICS_ENABLED: "true"
TRACING_ENABLED: "true"
REQUEST_TIMEOUT: "30"
CACHE_TTL: "600"
# Конфигурационный файл
app.yaml: |
service:
name: myapp
version: "2.5.0"
features:
new_checkout: false
recommendations_v2: true
limits:
max_connections: 100
request_queue_size: 1000
---
# Secret — конфиденциальные параметры
apiVersion: v1
kind: Secret
metadata:
name: myapp-secrets
namespace: production
type: Opaque
stringData:
DATABASE_URL: "postgresql://user:pass@db.internal:5432/myapp"
REDIS_URL: "redis://cache.internal:6379/0"
JWT_SECRET: "very-long-and-secure-jwt-secret-key"
STRIPE_SECRET_KEY: "sk_live_4eC39HqLyjWDarjtT1zdp7dc"
---
# Deployment с использованием ConfigMap и Secret
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: production
spec:
replicas: 6
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: myapp:2.5.0
# Переменные окружения из ConfigMap
envFrom:
- configMapRef:
name: myapp-config
- secretRef:
name: myapp-secrets
# Отдельные переменные
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
# Монтирование конфигурационного файла
volumeMounts:
- name: config-volume
mountPath: /etc/myapp
readOnly: true
volumes:
- name: config-volume
configMap:
name: myapp-config
items:
- key: app.yaml
path: app.yaml