This is the sixth day of my participation in the August More text Challenge. For details, see: August More Text Challenge

1 background

Any application needs some specific configuration items that define the features of the application. These configurations generally fall into two categories:

  • One is non-sensitive configuration such as the runtime environment and external dependencies
  • One is for sensitive configurations such as keys and SSH certificates.

These configurations should not be placed directly in the container image, but should be separated from the container and dynamically mounted at run time through data volumes, environment variables, and so on.

When we use Kubernetes, we usually put the application’s configuration files in ConfigMap or/and Secret, but we often run into the problem of how to make the updated configuration files work.

Kubernetes resource objects (such as Deployment, Daemonset, etc.) are defined by the user, and the configuration files are defined as ConfigMap and mounted to Pod via Volumemounts. Once the configuration files are modified, the service can automatically reload and update the configuration.

2 Solutions

2.1 Reloader

  • Limitations: Kubernetes version 1.9 and above
  • Cluster installationreloader
  • By adding annotationsannotationIs implemented in the manner of
kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
Copy the code

2.1.1 Global ConfigMap Updates Are triggered

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: log 
  labels:
    k8s-app: filebeat
  annotations:
    reloader.stakater.com/auto: "true"
Copy the code

2.1.2 The configuration update of resource objects is automatically triggered based on specified configMap changes

  • Single ConfigMap update
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: log 
  labels:
    k8s-app: filebeat
  annotations:
    configmap.reloader.stakater.com/reload: "filebeat-config"
Copy the code
  • Multiple ConfigMaps are isolated by commas
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: filebeat
  namespace: log 
  labels:
    k8s-app: filebeat
  annotations:
    configmap.reloader.stakater.com/reload: "filebeat-config,foo-config"
Copy the code

2.2 checksum annotations

The checksum annotation is the most common method of rolling updates for Helm Charts. Add Secret or Sha256sum to Deployment’s annotations or ConfigMap’s Sha256sum. The existing Pod will be updated as Secret or ConfigMap changes.

kind: Deployment
spec:
  template:
    metadata:
      annotations:
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
[...]
Copy the code

The effect of adding this section is that any change in/configMap.yaml will cause the annotation under Deployment’s SEPC to be updated, which will drive the reconstructed POD to achieve the desired effect.