I was playing with Kubernetes in Minikube. I could able to deploy spring boot sample application into Kubernetes.
I am exploring Kubernetes configMap. I could successfully run a spring boot application with a spring cloud starter and picking the property keys from config map. Till here I am successful.
The issue I am facing currently is configmap reload.
Here is my config map :
ConfigMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: minikube-sample
namespace: default
data:
app.data.name: name
application.yml: |-
app:
data:
test: test
bootstrap.yaml
management:
endpoint:
health:
enabled: true
info:
enabled: true
restart:
enabled: true
spring:
application:
name: minikube-sample
cloud:
kubernetes:
config:
enabled: true
name: ${spring.application.name}
namespace: default
reload:
enabled: true
HomeController:
package com.minikube.sample.rest.controller;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.minikube.sample.properties.PropertiesConfig;
import lombok.Getter;
import lombok.Setter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Lookup;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author Gorantla, Eresh
* @created 06-12-2018
*/
@RestController
@RequestMapping("/home")
public class HomeResource {
@Autowired
PropertiesConfig config;
@GetMapping("/data")
public ResponseEntity<ResponseData> getData() {
ResponseData responseData = new ResponseData();
responseData.setId(1);
responseData.setName(config.getName());
responseData.setPlace("Hyderabad");
responseData.setValue(config.getTest());
return new ResponseEntity<>(responseData, HttpStatus.OK);
}
@Getter
@Setter
public class ResponseData {
private String name;
private Integer id;
private String place;
private String value;
}
}
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: minikube-sample
namespace: default
spec:
selector:
matchLabels:
app: minikube-sample
replicas: 1
template:
metadata:
labels:
app: minikube-sample
spec:
containers:
- name: minikube-sample
image: minikube-sample:latest
imagePullPolicy: Never
ports:
- containerPort: 8080
env:
- name: env.namespace
value: default
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
configMap:
name: minikube-sample
I used @ConfigurationProperties to reload properties.
Dependencies
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes-config</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
What I did ? I have gone through spring cloud documentation. "The view role on the service account is required in order to listen for config map changes." Then I created cluster view role through below command
C:\Users\eresh.gorantla\apps\minikube-sample\src\main\fabric8 (master -> origin)
λ kubectl create clusterrolebinding minikube-sample --clusterrole=view --serviceaccount=default:minikube --namespace=default
clusterrolebinding.rbac.authorization.k8s.io/minikube-sample created
But when I update the configmap in kubernetes, the properties are not reloaded on the fly. I suspect something wrong in clusterrolebinding. Please provide your thoughts. Any help is appreciated.
The Deployment doesn't have serviceAccountName
configured so it uses the default
service account. The command in the question, however - kubectl create clusterrolebinding ... --serviceaccount=default:minikube...
- is for an account named minikube
in the default
namespace.
Moreover, creating clusterrolebinding
may be "too much" when rolebinding
for the namespace would work.
With the Deployment being for the default
namespace (metadata.namespace: default
), this should create a proper rolebinding
to grant read-only permission to the default
account:
kubectl create rolebinding default-sa-view \
--clusterrole=view \
--serviceaccount=default:default \
--namespace=default
For reference, see Using RBAC Authorization.