Kubernetes: Migrating off of hand-edited config files

Packaging an application
1

Config Files

Often, on-prem applications will rely on one or more configuration files that end-users will edit in order to configure the application. For example, your app might expect a file at /etc/myapp/app.properties that contains details for configuring and tuning an application:

mysql_url=mysql://some-user:password@some-host/some-database
num_queue_workers=2

This guide will walk through using Replicated to migrate off of hand-edited configuration files in favor of a more user-friendly web UI, without modifying application code.

We use .properties for this example, but the same applies to .env files as well as other common formats like JSON, YAML, or TOML configuration files.

Step 1: Replicated config section

The first step is defining the Replicated Config Screen UI that end-users will use to configure their instance. For the above properties file, this might look like:

config:
  - name: basic
    title: App Settings
    items:
      - title: MySQL Connection String
        name: mysql_url
        type: password
        required: true
      - name:  num_queue_workers
        title: Queue Worker Count
        help_text: Use this field to tune the number of worker processes that will be used.
        type: text
        default: 2

57%20AM
57%20AM781×646 22.2 KB


Note that since the MySQL URL might contain a password, we’ve marked it as sensitive via the type: password designation. This will ensure it is not displayed in the UI, and that it will be encrypted at rest in Replicated’s internal database.

Injecting the Secret

To add the secret to your app’s namespace, add the following yaml

---
# kind: scheduler-kubernetes
apiVersion: v1
kind: Secret
metadata:
  name: app-properties
stringData:
  app.properties: |
    mysql_url={{repl ConfigOption "mysql_url"}}
    num_queue_workers={{repl ConfigOption "num_queue_workers"}}

Configuring services

In your Deployment or StatefulSet, you can mount the volume from a secret wherever your application expects the file to exist

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      volumes:
      - name: app-properties
        secret:
          secretName: app-properties
      containers:
        - name: my-app
          image: quay.io/my-co/my-app:1.0.1
          volumeMounts:
            - name: app-properties
              readOnly: true
              mountPath: "/etc/myapp/"