Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

konfd

Super Dope

Manage application configuration using Kubernetes secrets, configmaps, and Go templates.

Usage

Usage of konfd:
  -configmap value
    	the configmap to process.
  -namespace value
    	the namespace to process.
  -noop
    	print processed configmaps and secrets and do not submit them to the cluster.
  -onetime
    	run one time and exit.
  -sync-interval duration
    	the time duration between template processing. (default 1m0s)

Create configmaps and secrets

kubectl create secret generic vault-secrets \
  --from-literal 'mysql_password=v@ulTi$d0p3'
kubectl create configmap vault-configs \
  --from-literal 'default_lease_ttl=768h' \
  --from-literal 'mysql_username=vault'

Create a template configmap

cat configmaps/vault-template.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-template
  annotations:
    konfd.io/kind: configmap
    konfd.io/name: vault
    konfd.io/key:  server.hcl
  labels:
    konfd.io/template: "true"
data:
  template: |
    default_lease_ttl = {{configmap "vault-configs" "default_lease_ttl"}}
    backend "mysql" {
      username = "{{configmap "vault-configs" "mysql_username"}}"
      password = "{{secret "vault-secrets" "mysql_password"}}"
      tls_ca_file = "/etc/tls/mysql-ca.pem"
    }

See the templates docs for more details.

Submit the vault-template configmap:

kubectl create -f configmaps/vault-template.yaml

Deploy the konfd replicaset

kubectl create -f replicasets/konfd.yaml

See the deployment guide for more details.

Review the results

kubectl get configmaps vault -o yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault
  namespace: default
data:
  server.hcl: |
    default_lease_ttl = 768h
    backend "mysql" {
      username = "vault"
      password = "v@ulTi$d0p3"
    }

Testing with noop mode

konfd can be run outside of the Kubernetes cluster by running kubectl in proxy mode:

kubectl proxy

Process a single template in the default namespace:

konfd -onetime -noop -namespace default -configmap vault-template

About

Manage application configuration using Kubernetes secrets, configmaps, and Go templates.

Resources

License

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.