Kubernetes: ConfigMap and Secrets – data auto-reload in pods

By | 02/13/2020

W have a ConfigMap for our Gorush service (see the Kubernetes: running a push-server with Gorush behind an AWS LoadBalancer post).

The issue is that if change a value in this ConfigMap or Secrets -it will not be applied to already running pods.

There are various solitons like mount data as volumes and re-attach those volumes after data has been changed, or to create a brand new ConfigMap with a new name each time on a new change, and re-map it to the pods.

But let’s try to use the Reloader – it will auto-discover all ConfgiMaps and Secrets and will watch for their changes. Once it will find that a ConfigMap was updated – Reloader will re-create related pods.

Running Reloader in Kubernetes

Create a service and related objects – configs, roles, etc:

kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
deployment.apps/reloader-reloader created
clusterrole.rbac.authorization.k8s.io/reloader-reloader-role created
clusterrolebinding.rbac.authorization.k8s.io/reloader-reloader-role-binding created
serviceaccount/reloader-reloader created

It will be deployed to the в default namespace, and by default will watch for all ConfigMap and Secrets in all namespaces, but you can limit this behavior using object’s annotations, see the full doc here>>>.

Check the service’s pod:

kubectl get pod
NAME                                 READY   STATUS    RESTARTS   AGE
reloader-reloader-7684d7d4b5-rwp6x   1/1     Running   0          112s

ConfigMap auto-reload

Now, let’s check an existing value from the Gorush service:

curl push.example.com/api/config
enabled: true
key_path: /data/ssl/apns-crt.p12
key_base64: ""

And its ConfigMap:

apiVersion: v1
kind: ConfigMap
  name: gorush-config
  namespace: gorush
  # stat
  stat.engine: redis
  stat.redis.host: redis:6379
  ios.enabled: "true"
  ios.key_path: /data/ssl/apns-crt.p12

Update its deployment and add to the annotations one of the following string –  reloader.stakater.com/auto: "true" or configmap.reloader.stakater.com/reload: "gorush-config", or you’d like to watch only this particular ConfigMap:

apiVersion: extensions/v1beta1
kind: Deployment
  name: gorush
  namespace: gorush
    configmap.reloader.stakater.com/reload: "gorush-config"
  replicas: 1
        app: gorush
        tier: frontend

Apply the deployment:

kubectl apply -f gorush-deployment.yaml
deployment.extensions/gorush configured

Add some changes to the Gorush’ cConfigMap, for example, let’s change ios.enabled: "true" to the ios.enabled: "false":

kubectl apply -f gorush-configmap.yaml
configmap/gorush-config configured
configmap/gorush-config-file unchanged

Check events:

kubectl get events -n gorush
7s          Normal    ScalingReplicaSet        deployment/gorush              Scaled up replica set gorush-b85d7dc64 to 1
7s          Normal    ScalingReplicaSet        deployment/gorush              Scaled down replica set gorush-7b8695bf6f to 0


kubectl -n gorush get rs
gorush-7b8695bf6f   0         0         0       10m
gorush-88cdd9b4d    0         0         0       20m
gorush-b85d7dc64    1         1         1       51s
redis-7d5844c58d    1         1         1       5d

And Gorush’ settings now:

curl push.example.com/api/config
enabled: false
key_path: /data/ssl/apns-crt.p12
key_base64: ""
key_type: pem