Manage application configuration using Kubernetes secrets, configmaps, and Go templates.
kubectl create secret generic vault-secrets \
--from-literal 'mysql_password=v@ulTi$d0p3'
kubectl create configmap vault-configs \
--from-literal 'default_lease_ttl=768h' \
--from-literal 'mysql_username=vault'
cat configmaps/vault-template.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-template
annotations:
konfd.io/kind: configmap
konfd.io/name: vault
konfd.io/key: server.hcl
labels:
konfd.io/template: "true"
data:
template: |
default_lease_ttl = {{configmap "vault-configs" "default_lease_ttl"}}
backend "mysql" {
username = "{{configmap "vault-configs" "mysql_username"}}"
password = "{{secret "vault-secrets" "mysql_password"}}"
tls_ca_file = "/etc/tls/mysql-ca.pem"
}
See the templates docs for more details.
Submit the vault-template configmap:
kubectl create -f configmaps/vault-template.yaml
kubectl create -f replicasets/konfd.yaml
See the deployment guide for more details.
kubectl get configmaps vault -o yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: vault
namespace: default
data:
server.hcl: |
default_lease_ttl = 768h
backend "mysql" {
username = "vault"
password = "v@ulTi$d0p3"
}
konfd can be run outside of the Kubernetes cluster by running kubectl in proxy mode:
kubectl proxy
Process a single template in the default namespace:
konfd -onetime -noop -namespace default -configmap vault-template