-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ConfigMaps consuming pod facts #29607
Comments
Why rename the pod fact variables? Why not just use the canonical downward API names? |
Also: will this interpretation work regardless of where the $(var) is in the configmap? i.e. will it work for yml config data, or with concatination? Examples:
|
IMO, the correct way to do this is to use the downward API. I suggest we create an issue for populating template files from secrets, downward API, config maps, and arbitrary other sources of information if that is a desire. We have discussed templates quite a bit in the past, but I believe this is a new flavor of the templating problem that we haven't previously considered. See discussion on #27880 -- in this issue, we have some discussion of making the volume plugin and env features of downward API have parity (see also #29644). I would much rather spend the effort on making the downward API volume plugin than introduce unwarranted complexity and a new flavor of downward API syntax in the configmap plugin. |
For the record, I don't debate at all that populating a template with different sources of information from the kube API (secrets, configmap, downward API etc) is a valid problem. That said, that feature would be more than just a change to configmap, and definitely not a change to the configmap volume plugin. |
It's really the templating issue that I'm interested in. The overarching goal is to get rid of entrypoint.sh scripts, without needing to make significant modifications to the containerized applications. |
@jberkus yeah, I am also interested in that too. I look forward to discussing it when we have an issue :) |
@jberkus Multiple variables in one ConfigMap data value and getting rid of entrypoint scripts is exactly the goal that this feature is meant to achieve. It actually works already in the PoC (with env vars), I probably should have pointed this out more clearly. @pmorie your proposal makes a lot of sense, I will investigate older discussions and think about formulating new issue, which will include consuming ConfigMaps, Secrets and Downward API in template files. |
@nebril Also for the record, we have discussed in the past having a 'super volume' that knew how to project the three different types of info into a volume (ConfigMap, Secret, Downward API) into a single volume. What you want sounds like that + a template. |
@pmorie sounds great to me |
@pmorie Was there any proposal/feature draft for this 'super volume'? If there was, can you link to it? |
I am with Paul on this. I think this is a dramatic abuse of the configmap volume. |
What about a templatemap type? Similar to config map, but can pull data from volumes associated with the pod like the downward api, secrets, and other configmaps? |
@nebril I'll try to dig the discussion up soon. I think I made a run at coding it, cannot remember exactly. |
Another important use-case which I see for templates is configuration of credentials for the database. We may have an object which describes the credentials (user and password). The same object should be used for user creation after Galera cluster is installed, and further by template for service which requires the access to the database. Something like:
|
I don't think we want that built-in to Kubernetes. There are so many ways On Aug 10, 2016 4:05 AM, "Evgeniy L" notifications@github.com wrote:
|
@thockin: very interesting idea... You'd want some way to make sure the config's rendered before the other container starts though. Think an init container would work for this? |
Also, should Kubernetes provide a set of blessed sidecar containers for things like this? K8s already provides one. pause. I'd be more inclined to use one if I knew it was supported. |
@thockin I will try to explain why I think it should be a part of Kubernetes. According to the quote from ConfigMap documentation:
The purpose of ConfigMap is to provide a way to decouple configuration from the container. Majority of the containers are configured using configuration files, and there are many different formats of configuration files. ConfigMap already tries to address this problem but only partly, because user cannot specify arbitrary configuration format. Configuration of services includes not only storing the values, but also rolling out of the configuration, ConfigMap already solves it for initial configuration. Let’s consider a case when configuration is changed, Kubernetes owns update procedure, currently it is done for image changes, but it also should be seamlessly integrated with configuration changes procedure. I agree with you that there are many ways to solve the problems, but I don’t think that there are that many straightforward, and error-prone ways to solve that from user's perspective. Let me try to describe in more details the solution you suggest:
Although technically it is definitely possible to make it work, it seems to be a bit grey area. Support of initial configuration and applications reconfiguration is definitely an important issue worth to be considered since every user has to deal with that and it is directly related to the purpose of Kubernetes which is automation of applications deployment. |
@thockin I tried the init container for templating. It did work, but did run into an unusual issue. Fails: Works The config files at the root of the configmap are actually symlinks to stuff in the ..data dir. I'm not really sure why this is or if I should be relying on being able to read the data out of ..data/ Otherwise, the pattern worked quite well. |
I didn't think you'd copy files, I expected to read files and render a On Wed, Aug 17, 2016 at 2:55 PM, kfox1111 notifications@github.com wrote:
|
Is it ok to edit them in place? Will anything overwrite them back to a pre rendered state? |
Yes, they will be destroyed. They should be read-only to you in the first On Wed, Aug 17, 2016 at 5:46 PM, kfox1111 notifications@github.com wrote:
|
Ok, then coping them to an emptyDir is probably the correct behavior then. What is the deal with the ..data/ dir though? will it always be the case that they are in ..data/? Are there any cases where it isnt? |
..data gives us a way to do atomic updates of all the files at the same On Thu, Aug 18, 2016 at 9:01 AM, kfox1111 notifications@github.com wrote:
|
I didn't think thats possible to do atomically? Near atomic I could see. Is there a syscall to swap directories I don't know about? Or is there yet another directory and ..data is a symlink? If that were the case, you could do a link swap atomically |
There is a symlink involved :) https://github.com/kubernetes/kubernetes/blob/master/pkg/volume/util/atomic_writer.go On Thu, Aug 18, 2016 at 10:15 AM, kfox1111 notifications@github.com wrote:
|
Ah. there it is. :) Thanks. That clears it up in my head. :) |
Sharp eyes :) The design is a little kludgey but it works pretty well in On Thu, Aug 18, 2016 at 10:36 AM, kfox1111 notifications@github.com wrote:
|
The problem
I would like to use pod facts (such as pod IP address) in ConfigMaps, so that each container configuration is populated with the correct value of a pod fact.
Possible solution
The idea is to add templates to ConfigMap values, so each time a ConfigMap is applied to a pod - it can transform the value into something specific to a pod.
The example syntax would be
$(variable.name)
.Example case
We assume that there are two possible variables (templates) that can be used to consume pod facts:
pod.IP
andpod.name
, which evaluate topod.Status.podIP
andpod.Name
.Let's consider following ConfigMap:
Then we have a pod with a service that needs to put the IP of the pod in the config file
/etc/config/service.ip
.Pod manifest can look like that:
When we create above ConfigMap and run the pod, we expect the
test-container
output to be an IP address that was assigned to the Pod.Proof of concept
The proof of concept implementation is demoed here: https://asciinema.org/a/e90cs3ymgtatdexk6rmjuet92
The code for above demo will be linked to this issue via WiP Pull Request.
Benefits
With this mechanism in place, we can have clean configuration of containers that need to be aware of their IPs. We can drop init containers creating additional volumes mounted in final containers - the state passed to container happens implicitly by templates defined by user, which should add to overall user experience in cases of writing configuration for such applications.
Real world example
An example of such application can be Galera, which needs local IP addresses in
my.conf
file.Alternatives
The alternative way to achieve this which already works is using init containers to create volumes filled with data from downward API, which are then mounted in the container running the desired workload.
The downside of above approach requires you to compile pod facts into configuration files using additional scripts or template engines, which add to complexity of pod configuration.
In contrast, if this feature is implemented you can declare configuration files with multiple pod facts in them directly in ConfigMap, which moves the burden of injecting them into config files away from cluster user.
Previous submissions
This document was previously submitted by me here:
kubernetes/enhancements#38
I was pointed out to me that it needs more discussion before submitting a feature.
The text was updated successfully, but these errors were encountered: