diff --git a/CloudNative/Kubernetes/Base/创建不可变secret/cm.md b/CloudNative/Kubernetes/Base/创建不可变secret/cm.md
new file mode 100644
index 0000000..966de6e
--- /dev/null
+++ b/CloudNative/Kubernetes/Base/创建不可变secret/cm.md
@@ -0,0 +1,58 @@
+```yaml
+apiVersion: v1
+data:
+  nginx.conf: |
+    user  nginx;
+    worker_processes  1;
+
+    error_log  /var/log/nginx/error.log warn;
+    pid        /var/run/nginx.pid;
+
+
+    events {
+        worker_connections  1024;
+    }
+
+    http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log  /var/log/nginx/access.log  main;
+
+        sendfile        on;
+
+        keepalive_timeout  65;
+
+        server {
+            listen       80;
+            server_name  localhost;
+
+            error_page   500 502 503 504  /50x.html;
+
+            resolver kube-dns.kube-system.svc.cluster.local valid=3s ipv6=off;
+            set $test test-svc.test.svc.cluster.local:80
+
+            location  / {
+                proxy_connect_timeout   10;
+                proxy_send_timeout      30;
+                proxy_read_timeout      30;
+                proxy_set_header Host $host;
+                proxy_pass http://$test;
+                proxy_redirect    off;
+                proxy_set_header X-Forwarded-For  $remote_addr;
+                proxy_set_header        X-Real-IP       $remote_addr;
+                proxy_pass_request_headers              on;
+            }
+        }
+    }
+kind: ConfigMap
+metadata:
+  name: nginx-cm
+  namespace: srm
+immutable: true  # cm不可变
+
+```
\ No newline at end of file