configmap.yaml

Download
yaml 186 lines 4.2 KB 
  1# Kubernetes ConfigMap for application configuration
  2# ConfigMaps store non-sensitive configuration data as key-value pairs
  3
  4---
  5# Application Configuration
  6apiVersion: v1
  7kind: ConfigMap
  8metadata:
  9  name: flask-config
 10  labels:
 11    app: flask-app
 12  annotations:
 13    description: "Configuration for Flask application"
 14data:
 15  # Simple key-value pairs
 16  flask_env: "production"
 17  log_level: "INFO"
 18  max_workers: "4"
 19  timeout: "60"
 20
 21  # Feature flags
 22  enable_cache: "true"
 23  enable_metrics: "true"
 24  enable_debug_mode: "false"
 25
 26  # Application settings
 27  app_name: "Flask Microservice"
 28  app_version: "1.0.0"
 29
 30  # Multiline configuration file
 31  app.ini: |
 32    [server]
 33    host = 0.0.0.0
 34    port = 5000
 35    workers = 4
 36
 37    [logging]
 38    level = INFO
 39    format = %(asctime)s - %(name)s - %(levelname)s - %(message)s
 40
 41    [features]
 42    cache_enabled = true
 43    metrics_enabled = true
 44    rate_limiting = true
 45
 46    [cache]
 47    backend = redis
 48    ttl = 3600
 49    max_entries = 10000
 50
 51  # JSON configuration
 52  features.json: |
 53    {
 54      "authentication": {
 55        "enabled": true,
 56        "provider": "oauth2",
 57        "timeout": 3600
 58      },
 59      "ratelimit": {
 60        "enabled": true,
 61        "requests_per_minute": 100,
 62        "burst": 20
 63      },
 64      "monitoring": {
 65        "enabled": true,
 66        "exporters": ["prometheus", "statsd"]
 67      }
 68    }
 69
 70---
 71# Secrets (sensitive data)
 72# Note: This is an example. In production, use proper secret management
 73# (e.g., Sealed Secrets, External Secrets Operator, or HashiCorp Vault)
 74apiVersion: v1
 75kind: Secret
 76metadata:
 77  name: flask-secrets
 78  labels:
 79    app: flask-app
 80type: Opaque
 81data:
 82  # Base64 encoded values
 83  # To encode: echo -n "value" | base64
 84  # To decode: echo "encoded" | base64 -d
 85
 86  # Database URL
 87  database_url: cG9zdGdyZXNxbDovL3VzZXI6cGFzc3dvcmRAZGI6NTQzMi9teWRi
 88  # Decodes to: postgresql://user:password@db:5432/mydb
 89
 90  # Redis URL
 91  redis_url: cmVkaXM6Ly86cmVkaXNwYXNzd29yZEBjYWNoZTo2Mzc5LzA=
 92  # Decodes to: redis://:redispassword@cache:6379/0
 93
 94  # API Keys
 95  api_key: c3VwZXJzZWNyZXRhcGlrZXkxMjM=
 96  # Decodes to: supersecretapikey123
 97
 98  # JWT Secret
 99  jwt_secret: anRzZWNyZXRrZXlmb3J0b2tlbnM=
100  # Decodes to: jtsecretkeyfortokens
101
102---
103# Usage in Deployment:
104#
105# Method 1: Individual environment variables
106# env:
107# - name: FLASK_ENV
108#   valueFrom:
109#     configMapKeyRef:
110#       name: flask-config
111#       key: flask_env
112# - name: DATABASE_URL
113#   valueFrom:
114#     secretKeyRef:
115#       name: flask-secrets
116#       key: database_url
117#
118# Method 2: All keys as environment variables
119# envFrom:
120# - configMapRef:
121#     name: flask-config
122# - secretRef:
123#     name: flask-secrets
124#
125# Method 3: Mount as files
126# volumeMounts:
127# - name: config
128#   mountPath: /app/config
129#   readOnly: true
130# volumes:
131# - name: config
132#   configMap:
133#     name: flask-config
134#     items:
135#     - key: app.ini
136#       path: app.ini
137#
138# Commands:
139#
140# 1. Create ConfigMap from file:
141#    kubectl create configmap flask-config --from-file=app.ini
142#
143# 2. Create ConfigMap from literal:
144#    kubectl create configmap flask-config --from-literal=flask_env=production
145#
146# 3. Create Secret from file:
147#    kubectl create secret generic flask-secrets --from-file=database_url.txt
148#
149# 4. Create Secret from literal:
150#    kubectl create secret generic flask-secrets --from-literal=api_key=xyz123
151#
152# 5. View ConfigMap:
153#    kubectl get configmap flask-config -o yaml
154#
155# 6. Edit ConfigMap:
156#    kubectl edit configmap flask-config
157#
158# 7. Delete and recreate (to force pod restart):
159#    kubectl delete configmap flask-config
160#    kubectl apply -f configmap.yaml
161#    kubectl rollout restart deployment/flask-app
162
163---
164# Best Practices for Secrets:
165#
166# 1. Use External Secrets Operator:
167#    - Sync secrets from AWS Secrets Manager, GCP Secret Manager, etc.
168#    - GitHub: external-secrets/external-secrets
169#
170# 2. Use Sealed Secrets:
171#    - Encrypt secrets in Git
172#    - GitHub: bitnami-labs/sealed-secrets
173#
174# 3. Use HashiCorp Vault:
175#    - Dynamic secrets
176#    - Automatic rotation
177#    - Audit logging
178#
179# 4. Enable encryption at rest:
180#    - Configure etcd encryption
181#    - See: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
182#
183# 5. RBAC for secrets:
184#    - Restrict who can view/edit secrets
185#    - Use separate service accounts