README
¶
konfd
Manage application configuration using Kubernetes secrets, configmaps, and Go templates.
Usage
Usage of konfd:
-configmap value
the configmap to process.
-namespace value
the namespace to process.
-noop
print processed configmaps and secrets and do not submit them to the cluster.
-onetime
run one time and exit.
-sync-interval duration
the time duration between template processing. (default 1m0s)
Create configmaps and secrets
kubectl create secret generic vault-secrets \
--from-literal 'mysql_password=v@ulTi$d0p3'
kubectl create configmap vault-configs \
--from-literal 'default_lease_ttl=768h' \
--from-literal 'mysql_username=vault'
Create a template configmap
cat configmaps/vault-template.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-template
annotations:
konfd.io/kind: configmap
konfd.io/name: vault
konfd.io/key: server.hcl
labels:
konfd.io/template: "true"
data:
template: |
default_lease_ttl = {{configmap "vault-configs" "default_lease_ttl"}}
backend "mysql" {
username = "{{configmap "vault-configs" "mysql_username"}}"
password = "{{secret "vault-secrets" "mysql_password"}}"
tls_ca_file = "/etc/tls/mysql-ca.pem"
}
See the templates docs for more details.
Submit the vault-template configmap:
kubectl create -f configmaps/vault-template.yaml
Deploy the konfd replicaset
kubectl create -f replicasets/konfd.yaml
See the deployment guide for more details.
Review the results
kubectl get configmaps vault -o yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: vault
namespace: default
data:
server.hcl: |
default_lease_ttl = 768h
backend "mysql" {
username = "vault"
password = "v@ulTi$d0p3"
}
Testing with noop mode
konfd can be run outside of the Kubernetes cluster by running kubectl in proxy mode:
kubectl proxy
Process a single template in the default namespace:
konfd -onetime -noop -namespace default -configmap vault-template
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.