# ConfigMap和Secret热更新

实际使用ConfigMap和Secret时，一般情况下都是直接使用文件创建，也就是使用--from-file=xxx的格式进行创建。**创建的ConfigMap可能因为换行的问题，导致使用kubectl edit cm xxx时排版很乱，编辑起来很受影响**：

<details>

<summary><mark style="color:blue;"><strong>kubectl edit cm cm-dir</strong></mark></summary>

<pre class="language-yaml" data-overflow="wrap"><code class="lang-yaml"><strong># Please edit the object below. Lines beginning with a '#' will be ignored,
</strong># and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  game.properties: "enemies=aliens\r\nlives=3\r\nenemies.cheat=true\r\nenemies.cheat.level=noGoodRotten\r\nsecret.code.passphrase=UUDDLRLRBABAS\r\nsecret.code.allowed=true\r\nsecret.code.lives=30"
  ui.properties: "color.good=purple\r\ncolor.bad=yellow\r\nallow.textmode=true\r\nhow.nice.to.look=fairlyNice"
kind: ConfigMap
metadata:
  creationTimestamp: "2023-11-30T11:26:18Z"
  name: cm-dir
  namespace: default
  resourceVersion: "23101"
  uid: 9c74cae6-db5a-4c3e-b143-b8d900c51e5a
</code></pre>

</details>

**使用kubectl edit secret xxx时，由于Secret数据为加密数据，无法直接编辑**：

<details>

<summary><mark style="color:blue;"><strong>kubectl edit secret db-user-pass</strong></mark></summary>

```yaml
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  password.txt: MTIzNDU2
  username.txt: YWRtaW4=
kind: Secret
metadata:
  creationTimestamp: "2023-11-30T11:29:39Z"
  name: db-user-pass
  namespace: default
  resourceVersion: "23524"
  uid: 42377d3e-4fec-402a-9eb0-5b08b4ebc493
type: Opaque
```

</details>

因此一般情况下都是修改源文件，然后replace之前的ConfigMap或Secret，命令如下：

{% code overflow="wrap" %}

```
kubectl create cm cm-dir --from-file=k8s-ha-install --dry-run=client -o yaml | kubectl replace -f -
```

{% endcode %}

* cm-dir：ConfigMap的名称
* <mark style="color:blue;">**dry-run=client -o yaml：只运行命令，并不真正地创建，并以YAML的格式输出**</mark>
* <mark style="color:blue;">**kubectl replace -f -：通过文件创建的Secret和ConfigMap不能被直接替换，但是通过YAML文件创建可以被替换，所以先使用dry-run -oyaml生成YAML文件，再进行replace即可实现热更新，该方法可以用于其他资源类型，通过YAML文件替换已经创建的资源也是可以的**</mark>

{% hint style="warning" %}

## <mark style="color:orange;">注意：</mark>

* <mark style="color:blue;">**如果ConfigMap和Secret是通过某个YAML文件创建的，可以直接修改这个YAML文件，然后进行replace即可更新**</mark>。
* <mark style="color:blue;">**更新后，挂载到容器里面的文件不会被立即更新，kubelet会周期性地检查并进行重新挂载操作**</mark>。
* <mark style="color:blue;">**挂载的文件更新后，需要程序自行处理新配置**</mark>，也就是程序热加载功能，比如Kubernetes云原生监控平台Prometheus就实现了该功能，更改Prometheus的配置文件后，无须重启Prometheus进程及Prometheus容器即可加载新配置，<mark style="color:blue;">**如果程序没有实现该功能，那么只能重启容器加载新配置。**</mark>
  {% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bohans.gitbook.io/devops/kubernetes/ji-chu-zhi-shi/kubernetes-pei-zhi-guan-li/configmap-he-secret-re-geng-xin.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.