持续集成部署-k8s-配置与存储-配置管理：配置文件不可变

持续集成部署-k8s-配置与存储-配置管理：配置文件不可变

• [1. 配置文件不可变场景](#1. 配置文件不可变场景)
• [2. 配置 ConfigMap 为不可修改](#2. 配置 ConfigMap 为不可修改)

1. 配置文件不可变场景

上一篇我们说到，对于 ConfigMap 的热更新操作，我们在创建了ConfigMap 之后，由于某种原因，我们的配置文件需要变动了，k8s 支持我们热更新配置文件的内容，但是在某些情况下，为了生产环境的稳定性，一些重要的文件，希望上线后就不允许修改了。

此时在配置 ConfigMap 时可以设置 immutable: true 来禁止修改。

2. 配置 ConfigMap 为不可修改

查看当前环境中 configMap ：

[root@docker-54 config]# kubectl get cm
NAME                            DATA   AGE
kube-root-ca.crt                1      194d
nginx-conf-cm                   1      19d
spring-boot-test-aliases-yaml   1      20d
spring-boot-test-yaml           1      20d
test-dir-config                 2      20d
test-env-config                 2      20d
test-key-value-config           2      20d
[root@docker-54 config]# 

修改 test-dir-config 的配置，设置 immutable: true ，然后直接保存退出

[root@docker-54 config]# kubectl edit cm test-dir-config
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  db.properties: |
    username: zhangsan
    password: abc123456
  redis.properties: |
    host: 127.0.0.1
    port: 6379
kind: ConfigMap
metadata:
  creationTimestamp: "2023-11-05T02:56:57Z"
  name: test-dir-config
  namespace: default
  resourceVersion: "12701596"
  uid: 9a6c3cd3-a2d9-41c2-91b8-229e8e6d19ca
immutable: true
~                                                                                                                                                                                                                                                                                                                                              
"/tmp/kubectl-edit-214262249.yaml" 20L, 557C written
configmap/test-dir-config edited
[root@docker-54 config]# 

可以看到，当前还是可以修改的。

接着我们再次尝试修改：

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
# configmaps "test-dir-config" was not valid:
# * data: Forbidden: field is immutable when `immutable` is set
#
apiVersion: v1
data:
  db.properties: |
    username: lisi
    password: abc123456
  redis.properties: |
    host: 127.0.0.1
    port: 6379
immutable: true
kind: ConfigMap
metadata:
  creationTimestamp: "2023-11-05T02:56:57Z"
  name: test-dir-config
  namespace: default
  resourceVersion: "13734572"
  uid: 9a6c3cd3-a2d9-41c2-91b8-229e8e6d19ca
~                                                                                                                                                                        
~                                                                                                                                                                                                                                                                                                                                               
"/tmp/kubectl-edit-685283905.yaml" 23L, 665C

可以看到，上面在我修改了 username的值为 lisi 之后，保存，然后提示：configmaps "test-dir-config" was not valid: data: Forbidden: field is immutable when immutable is set

这里告诉我们，由于之前设置过 immutable: true，所以现在不让我们修改了。