Home > Blockchain >  Kubernetes configMap or persistent volume?
Kubernetes configMap or persistent volume?

Time:01-25

What is the best approach to passing multiple configuration files into a POD? Assume that we have a legacy application that we have to dockerize and run in a Kubernetes environment. This application requires more than 100 configuration files to be passed. What is the best solution to do that? Create hostPath volume and mount it to some directory containing config files on the host machine? Or maybe config maps allow passing everything as a single compressed file, and then extracting it in the pod volume? Maybe helm allows somehow to iterate over some directory, and create automatically one big configMap that will act as a directory?

Any suggestions are welcomed

CodePudding user response:

Create hostPath volume and mount it to some directory containing config files on the host machine

This should be avoided.

Accessing hostPaths may not always be allowed. Kubernetes may use PodSecurityPolicies (soon to be replaced by OPA/Gatekeeper/whatever admission controller you want ...), OpenShift has a similar SecurityContextConstraint objects, allowing to define policies for which user can do what. As a general rule: accessing hostPaths would be forbidden.

Besides, hostPaths devices are local to one of your node. You won't be able to schedule your Pod some place else, if there's any outage. Either you've set a nodeSelector restricting its deployment to a single node, and your application would be done as long as your node is. Or there's no placement rule, and your application may restart without its configuration.

Now you could say: "if I mount my volume from an NFS share of some sort, ...". Which is true. But then, you would probably be better using a PersistentVolumeClaim.

Create automatically one big configMap that will act as a directory

This could be an option. Although as noted by @larsks in comments to your post: beware that ConfigMaps are limited in terms of size. While manipulating large objects (frequent edit/updates) could grow your etcd database size.

If you really have ~100 files, ConfigMaps may not be the best choice here.

What next?

There's no one good answer, not knowing exactly what we're talking about.

If you want to allow editing those configurations without restarting containers, it would make sense to use some PersistentVolumeClaim.

If that's not needed, ConfigMaps could be helpful, if you can somewhat limit their volume, and stick with non-critical data. While Secrets could be used storing passwords or any sensitive configuration snippet.

Some emptyDir could also be used, assuming you can figure out a way to automate provisioning of those configurations during container startup (eg: git clone in some initContainer, and/or some shell script contextualizing your configuration based on some environment variables)

If there are files that are not expected to change over time, or whose lifecycle is closely related to that of the application version shipping in your container image: I would consider adding them to my Dockerfile. Maybe even add some startup script -- something you could easily call from an initContainer, generating whichever configuration you couldn't ship in the image.

Depending on what you're dealing with, you could combine PVC, emptyDirs, ConfigMaps, Secrets, git stored configurations, scripts, ...

Page link:https//www.codepudding.com/Blockchain/274855.html

Prev:Converting docker-compose using Kompose to deploy workloads on GKE
Next:JupyterHub pod no longer connects to Postgres pod
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding