我的书签
添加书签
移除书签Quarkus - Kubernetes Config
Quarkus includes the kubernetes-config extension which allows developers to use Kubernetes ConfigMaps and Secrets as a configuration source, without having to mount them into the Pod running the Quarkus application.
Configuration
Once you have your Quarkus project configured you can add the kubernetes-config extension by running the following command in your project base directory.
./mvnw quarkus:add-extension -Dextensions="kubernetes-config"
This will add the following to your pom.xml:
<dependency><groupId>io.quarkus</groupId><artifactId>quarkus-kubernetes-config</artifactId></dependency>
Usage
The extension works by reading ConfigMaps and Secrets directly from the Kubernetes API server using the Kubernetes Client.
The extension understands the following types of ConfigMaps and Secrets as input sources:
ConfigMaps and Secrets that contain literal data (see this for an example on how to create one)
ConfigMaps and Secrets created from files named
application.properties,application.yamlorapplication.yml(see this for an example on how to create one).
You have to explicitly enable the retrieval of ConfigMaps and Secrets by setting quarkus.kubernetes-config.enabled=true. The default is false in order to make it easy to test the application locally.
Afterwards, set the quarkus.kubernetes-config.configmaps property to configure which ConfigMaps should be used. Set the quarkus.kubernetes-config.secrets property to configure which Secrets should be used. To access ConfigMaps and Secrets from a specific namespace, you can set the quarkus.kubernetes-config.namespace property.
Priority of obtained properties
The properties obtained from the ConfigMaps and Secrets have a higher priority than (i.e. they override) any properties of the same name that are found in application.properties (or the YAML equivalents), but they have lower priority than properties set via Environment Variables or Java System Properties.
Furthermore, when multiple ConfigMaps (or Secrets) are used, ConfigMaps (or Secrets) defined later in the list have a higher priority that ConfigMaps defined earlier in the list.
Finally, when both ConfigMaps and Secrets are used, the latter always a higher priority than the former.
Kubernetes Permissions
Since reading ConfigMaps involves interacting with the Kubernetes API Server, when RBAC is enabled on the cluster, the ServiceAccount that is used to run the application needs to have the proper permissions for such access.
Thankfully, when using the kubernetes-config extension along with the Kubernetes extension, all the necessary Kubernetes resources to make that happen are automatically generated.
Secrets
By default, the Kubernetes extension doesn’t generate the necessary resources to allow accessing secrets. Set quarkus.kubernetes-config.secrets.enabled=true to generate the necessary role and corresponding role binding.
