Close menu
Menu

Kubernetes Configuration Management Tool

Our Kubernetes configuration management tool - "Kubernetes Connector" allows you to obtain configurations for the containers in Kubernetes from a central ConfigSeeder instance.

Nowadays many microservice applications are deployed in Kubernetes. There are multiple ways to configure the containers. The configuration is …

  • … shipped with the image itself
  • … passed on a mounted volume
  • … passed as environment variables
  • … sourced from a configmap
  • … sourced from a secret
  • … retrieved from an external service

In the following section, we will show you, what the ConfigSeeder® Kubernetes configuration management extension – “Kubernetes Connector” is and how it can help you.

Kubernetes Configuration Management Integration with ConfigSeeder

The Kubernetes Connector from ConfigSeeder® offers Kubernetes configuration management Integration. This ConfigSeeder® Extension connects with Kubernetes to create and manage ConfigMaps and Secrets that are described by configuration data managed in ConfigSeeder®.

Like described in the introduction, there are several ways to do application configuration management in Kubernetes:

  • Applications may fetch configuration values directly from ConfigSeeder® (real-time update possible)
  • Configuration data can be retrieved by the OS Connector
  • Configuration data can be retrieved by the Kubernetes Connector and provisioned to Kubernetes in form of Secrets and ConfigMaps

The following image gives an overview of what our Kubernetes configuration management tool – “Kubernetes Connector” can do:

Kubernetes Connector and ConfigSeeder

The Kubernetes Connector works with the pull-mechanism: It isn’t required for the ConfigSeeder Management to know all the Connectors, they actively ask the ConfigSeeder® for new data.

The use of the Kubernetes Connector must be licensed. Don’t hesitate to contact us if you like to do a PoC and retrieve the Docker Image from docker hub.

Benefits of Kubernetes configuration management tool – Kubernetes Connector

Low coupling between applications and ConfigSeeder®

Without the use of a Connector (OS Connector or Kubernetes Connector), applications need to be integrated with ConfigSeeder® to be able to retrieve configuration data. This integration can either be done with one of our clients or natively by calling the Rest API. Regardless of the exact solution, a direct dependency between the application and ConfigSeeder® is created.

When using Kubernetes configuration management tool from ConfigSeeder, the need to integrate an application directly with ConfigSeeder®, and therefore the mentioned dependency disappears.

Use the Kubernetes Connector, if no direct dependency between an application should be created.

Perfect integration for 3rd party applications

Usually, third-party applications cannot simply be expanded with additional libraries. Therefore, our client libraries can’t be used in third-party applications to retrieve configuration data.

However, almost any application can be configured with either configuration files, environment variables, or a combination of both. The Kubernetes Connector can create ConfigMaps and Secrets containing either key/value pairs of more complex data. The configuration contained in these Kubernetes Objects can then be used in the deployment descriptor. Therefore, our Kubernetes configuration management tool can be the perfect solution to provide configuration data for third-party applications run in Kubernetes.

Use the Kubernetes Connector, if no direct dependency between an application can be created.

Decouple runtime dependency to ConfigSeeder®

When an application retrieves configuration data directly from ConfigSeeder® or configuration files are created by the OS Connector running in an init container, a runtime dependency to ConfigSeeder® is created.

The Kubernetes Connector is usually not run as an init container, but either as a Job or a CronJob. Therefore, at the time the application is started, the configuration data is already available so no runtime dependency to ConfigSeeder® exists.

Use our Kubernetes configuration management tool for maximum decoupling of a containerized application from ConfigSeeder®.

Supported Kubernetes objects

The Kubernetes Connector can provide different types of ConfigMaps and Secrets to a Kubernetes (or Openshift) Cluster. These supported types of objects are explained below. Find more information about our Kubernetes configuration management tool in the Kubernetes Connector documentation.

Secret containing a ConfigSeeder® API Key

Whenever an application or one of the Connectors needs to access ConfigSeeder®, an API Key is required. With assemblies of the type Secret: APIKey, Secrets containing an API Keys can be provisioned:

  • Create an assembly of Type Secret: APIKey
  • Choose the configuration groups that the API Key will grant access to
  • Choose the right type of API Key
  • Enter the target name and namespace

The resulting Secret will contain an API Key of the requested type that grants access to the configured configuration groups. Whenever the Kubernetes configuration management tool is started again, the remaining lifetime of the managed API Keys is checked. If required, the API Key will be replaced by a new one.

Secrets containing key/value pairs

Create and manage Secrets containing key/value pairs. Create an assembly of the type Secret: Key/Value and point to an existing configuration group or add configuration data directly in the assembly:

The Kubernetes Connector will read this Assembly and create a Kubernetes Secret that contains all secured values from the referenced configuration group(s) as well as all configuration values contained in the assembly.

Secrets containing a key store or trust store

Create and manage key stores and trust stores based on Certificates and Private Keys stored in ConfigsSeeder®. Create an assembly of the type Secret: Keystore and define what content your key or trust store should contain.

Assembly Type Secret: Keystore

The Kubernetes Connector will read this Assembly and create a Kubernetes Secret that will contain the key store as defined in the assembly. This key store can then be injected into a container. By clicking on the preview button you can easily see how the resulting key store will look like.

Preview for Assembly Type Secret: Keystore

ConfigSeeder® can also send notification emails for certificates that are nearing the end of their service life. Also see our blog article Manage Key Stores and Trust Stores for more details.

ConfigMaps containing key/value pairs

Create and manage ConfigMaps containing key/value pairs. Create an assembly of the type ConfigMap: Key/Value and point to an existing configuration group or add configuration data directly in the assembly:

The Kubernetes Connector will read this Assembly and create a Kubernetes ConfigMap that contains all unsecured values from the referenced configuration group(s) as well as all configuration values contained in the assembly.

ConfigMaps containing files created with templating

Create and manage ConfigMaps that contain one or more entries created using a templating mechanism. Create an assembly of the type ConfigMap: Template and store templates that are used to create the entries in the ConfigMap.

If a configuration group contains the values:

The Kubernetes Connector will generate a ConfigMap with the following content:

The Kubernetes Connector will read this Assembly and create a Kubernetes ConfigMap that contains the shown templated file.

Metadata

For all kind of Kubernetes objects created by ConfigSeeder®, the following metadata can be controlled:

  • Additional annotations
  • Additional labels

Next Steps

If you are interested in trying out Kubernetes configuration management extension “Kubernetes Connector”, have a look at the quickstart guide.

Don’t hesitate to contact us if you have any questions or if you need a trial license.