K
Q

Kubernetes - Best way to create configMap and secret

7/25/2018

I have at least 4 config files for my service.

Like, application.properties, log config file, query file, ...

There are 4 config files which I am storing into kubernetes ConfigMaps and they are for different purposes. Currently, I am creating 4 configMaps for these 4 files and it becomes more work to configure them in deployment file.

We basically keep all these files in GIT and would be driving changes from GIT. So, if we need to modify something in the configMap, we will first update our file in GIT and then recreate a configMap.

Is there any other better way to just update few changes?

Does it make sense to keep all these 4 files in a single configMap.

Any advice please.

-- user1578872
kubernetes

Similar Questions

Is there a way to customize iptables rules in filter table on kubernetes master/worker node?
how to see upstream server of coredns in kubernetes 1.10+?
Kubernetes multiport service: Unable to connect to graphite port in influxdb from a client pod
Kubernetes Kops - set sysctl flag on kubelet
Is there an python API function to read labels from kubernetes statefulsets?
K8S with Traefik and HAP not getting real client IP on pods
GKE - exposing exposing Prometheus externally not working using NGINX Ingress
Does in Kubernetes a PV/PVC guarantees sticky mounting of pods?
Is it possible to enable TTL controller in aks cluster for job automatic deletion
How to list deployments having specific environment variables

1 Answer

7/25/2018

This is my personal opinion based on what I have learned so far and there may be different or easier or even better ways out there, so please take this answer with a pinch of salt.

Considering you have multiple services or projects, etc. And each of these projects has its own configuration files or environment variables which is needed by service to function as expected.

What I would do is :

  1. Decide which configuration options are secrets and which are normal env variables.
  2. Create two files for these named maybe .. secret-config.yml and env-config.yml

  3. Make sure you set the appropriate kind to each of the document. Here is a sample config file and similar secret file can be stored.

    apiVersion: v1
data:
  ENV_1: test
  ENV_1: test2
  ENV_1: test3
kind: ConfigMap
metadata:
  annotations:
    field.cattle.io/creatorId: user-8rtg2
  name: my-service-configs
  namespace: my-namespace

  4. Now assuming you have a CI-CD environment setup, in your pipeline or deployment-config, add few steps after the service deploys steps to update these secrets/configmaps with the updates values.

    sh deploy_to_kubernets
sh update_config_maps
sh update_secrets

Now to explain myself :

  • Why are we storing config kubernetes YML in repo ?

    Because we want to make sure all the related config is accessible and stored in a place where it is relevant. And it makes sense as we are going to use it in CI process.

  • What about creating or updating the config & secrets from CI ?

    Now for me, since I am using rancher API on top of kubernetes, I can use the API to access my cluster and create or update resources. I am sure you can find something similar to perform this actions on your cluster.

So concluding, just store your config in your services as it config is part of the service and is necessary for code to work(figure out a way to encode or hide secrets values from being exposed in code). Make sure you create secrets and config maps based on the type of variables you are using. And with this, you will be able to automate the creation of configmaps and each of these configmaps will be in proper context.

-- damitj07
Source: StackOverflow