Skip to content

Commit dbb7219

Browse files
committed
Revise wording
1 parent e325f9f commit dbb7219

File tree

1 file changed

+49
-20
lines changed

1 file changed

+49
-20
lines changed

articles/azure-app-configuration/integrate-kubernetes-deployment-helm.md

Lines changed: 49 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: "Integrate Azure App Configuration with Kubernetes Deployment using Helm"
2+
title: Integrate Azure App Configuration with Kubernetes Deployment using Helm
33
description: Learn how to use dynamic configurations in Kubernetes deployment with Helm.
44
services: azure-app-configuration
55
author: shenmuxiaosen
@@ -14,7 +14,19 @@ ms.author: shuawan
1414
---
1515
# Integrate with Kubernetes Deployment Using Helm
1616

17-
In this tutorial, we will use a sample Helm chart and show how to generate configurations and secrets from the App Configuration that can be used in Kubernetes deployment.
17+
Helm provides a way to define, install, and upgrade applications running in Kubernetes. A Helm chart contains the information necessary to create an instance of a Kubernetes application. Configuration is stored outside of the chart itself, in a file called *values.yaml*.
18+
19+
During the release process, Helm merges the chart with the proper configuration to run the application. For example, variables defined in *values.yaml* can be referenced as environment variables inside the running containers. Helm also supports creation of Kubernetes Secrets, which can be mounted as data volumes or exposed as environment variables.
20+
21+
You can override the values stored in *values.yaml* by providing additional YAML-based configuration files on the command line when running Helm. Azure App Configuration supports exporting configuration values to YAML files. Integrating this export capability into your deployment allows your Kubernetes applications to leverage configuration values stored in App Configuration.
22+
23+
In this tutorial, you learn how to:
24+
> [!div class="checklist"]
25+
> * Use values from App Configuration when deploying an application to Kubernetes using Helm.
26+
> * Create a Kubernetes Secret based on a Key Vault reference in App Configuration.
27+
28+
This tutorial assumes basic understanding of managing Kubernetes with Helm.
29+
Learn more about installing applications with Helm in [Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/kubernetes-helm).
1830

1931
## Prerequisites
2032

@@ -23,8 +35,6 @@ In this tutorial, we will use a sample Helm chart and show how to generate confi
2335
- Install [Helm](https://helm.sh/docs/intro/install/) (version 2.14.0 or later)
2436
- A Kubernetes cluster.
2537

26-
This tutorial assumes basic understanding of managing Kubernetes with Helm. Learn more about installing applications with Helm in [Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/kubernetes-helm).
27-
2838
## Create an App Configuration store
2939

3040
[!INCLUDE [azure-app-configuration-create](../../includes/azure-app-configuration-create.md)]
@@ -42,21 +52,25 @@ This tutorial assumes basic understanding of managing Kubernetes with Helm. Lear
4252
1. Sign in to the [Azure portal](https://portal.azure.com) and add a secret to [Key Vault](https://docs.microsoft.com/azure/key-vault/secrets/quick-create-portal#add-a-secret-to-key-vault) with name **Password** and value **myPassword**.
4353
2. Select the App Configuration store instance that you created in previous section.
4454

45-
1. Select **Configuration Explorer**.
55+
3. Select **Configuration Explorer**.
4656

47-
1. Select **+ Create** > **Key vault reference**, and then specify the following values:
57+
4. Select **+ Create** > **Key vault reference**, and then specify the following values:
4858
- **Key**: Select **secrets.password**.
4959
- **Label**: Leave this value blank.
5060
- **Subscription**, **Resource group**, and **Key vault**: Enter the values corresponding to those in the key vault you created in previous step.
5161
- **Secret**: Select the secret named **Password** that you created in the previous section.
5262

5363
## Create Helm chart ##
54-
First, we will create a sample Helm chart with the following command
64+
First, create a sample Helm chart with the following command
5565
```console
5666
helm create mychart
5767
```
5868

59-
Helm will create a new directory called mychart with the structure shown below. You can follow the [charts guide](https://helm.sh/docs/chart_template_guide/getting_started/) to learn more.
69+
Helm creates a new directory called mychart with the structure shown below.
70+
71+
> [!TIP]
72+
> Follow this [charts guide](https://helm.sh/docs/chart_template_guide/getting_started/) to learn more.
73+
6074
```
6175
mychart
6276
|-- Chart.yaml
@@ -70,7 +84,7 @@ mychart
7084
`-- values.yaml
7185
```
7286

73-
Next, we will update the *deployment.yaml* file and add the following snippet which adds two environment variables to the container under **spec:template:spec:containers**. It shows how to dynamically pass configurations into deployment.
87+
Next, update the **spec:template:spec:containers** section of the *deployment.yaml* file. The following snippet adds two environment variables to the container. You'll set their values dynamically at deployment time.
7488

7589
```yaml
7690
env:
@@ -141,7 +155,10 @@ spec:
141155
{{- end }}
142156
```
143157

144-
Then we add a *secrets.yaml* file under the templates folder with following content. It will be used to store Kubernetes Secrets, such as passwords. The secrets will be accessible from inside the container. Learn more about how to use [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets).
158+
To store sensitive data as Kubernetes Secrets, add a *secrets.yaml* file under the templates folder.
159+
160+
> [!TIP]
161+
> Learn more about how to use [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets).
145162
146163
```yaml
147164
apiVersion: v1
@@ -153,7 +170,7 @@ data:
153170
password: {{ .Values.secrets.password }}
154171
```
155172
156-
Finally, we can update the *values.yaml* file with the following content to optionally provide default values of the configuration settings and secrets that we referenced in the *deployment.yaml* and *secrets.yaml* files earlier. Their actual values will be overwritten by configuration pulled from the App Configuration.
173+
Finally, update the *values.yaml* file with the following content to optionally provide default values of the configuration settings and secrets that referenced in the *deployment.yaml* and *secrets.yaml* files. Their actual values will be overwritten by configuration pulled from the App Configuration.
157174
158175
```yaml
159176
# settings will be overwritten by App Configuration
@@ -163,43 +180,55 @@ settings:
163180
```
164181

165182
## Pass configuration data from App Configuration during Helm install ##
166-
First, we download the configuration from App Configuration to a *myConfig.yaml* file. We use a key filter to only download those keys that start with **settings.**. If in your case the key filter is not sufficient to exclude keys of Key Vault references, you may use the argument **--skip-keyvault** to exclude them. Learn more about the [export command](https://docs.microsoft.com/cli/azure/appconfig/kv?view=azure-cli-latest#az-appconfig-kv-export).
183+
First, download the configuration from App Configuration to a *myConfig.yaml* file. Use a key filter to only download those keys that start with **settings.**. If in your case the key filter is not sufficient to exclude keys of Key Vault references, you may use the argument **--skip-keyvault** to exclude them.
184+
185+
> [!TIP]
186+
> Learn more about the [export command](https://docs.microsoft.com/cli/azure/appconfig/kv?view=azure-cli-latest#az-appconfig-kv-export).
187+
167188
```azurecli-interactive
168189
az appconfig kv export -n myAppConfiguration -d file --path myConfig.yaml --key "settings.*" --separator "." --format yaml
169190
```
170191

171-
Then we download secrets to a *mySecrets.yaml* file. Note the parameter **--resolve-keyvault** is used so the Key Vault references will be resolved and the actual values in the Key Vault will be retrieved. Make sure the credential that is used to run this command has access permission to the corresponding Key Vault. As this file contains sensitive information, keep the file with care and clean up when it's not needed anymore.
192+
Next, download secrets to a file called *mySecrets.yaml*. The command-line argument **--resolve-keyvault** resolves the Key Vault references by retrieving the actual values in Key Vault. You'll need to run this command with credentials that have access permissions to the corresponding Key Vault.
193+
194+
> [!WARNING]
195+
> As this file contains sensitive information, keep the file with care and clean up when it's not needed anymore.
196+
172197
```azurecli-interactive
173198
az appconfig kv export -n myAppConfiguration -d file --path mySecrets.yaml --key "secrets.*" --separator "." --resolve-keyvault --format yaml
174199
```
175200

176-
In the end, pass those two files during Helm install with argument **-f** to overwrite *values.yaml*.
201+
Use helm upgrade's **-f** argument to pass in the two configuration files you've created. They'll override the configuration values defined in *values.yaml* with the values exported from App Configuration.
202+
177203
```console
178204
helm upgrade --install -f myConfig.yaml -f mySecrets.yaml "example" ./mychart
179205
```
180206

181-
If there is a concern for putting sensitive data in persistent storage, export content of key vault references to memory. Besides files Helm also allows passing literal key values with argument **--set**. Learn more about [Helm usage](https://helm.sh/docs/intro/using_helm/).
207+
You can also use the **--set** argument for helm upgrade to pass literal key values. Using the **--set** argument is a good way to avoid persisting sensitive data to disk.
182208

183209
```powershell
184210
$secrets = az appconfig kv list -n myAppConfiguration --key "secrets.*" --resolve-keyvault --query "[*].{name:key, value:value}" | ConvertFrom-Json
185211
186212
foreach ($secret in $secrets) {
187-
$keyvaules += $secret.name + "=" + $secret.value + ","
213+
$keyvalues += $secret.name + "=" + $secret.value + ","
188214
}
189215
190-
if ($keyvaules){
191-
$keyvaules = $keyvaules.TrimEnd(',')
192-
helm upgrade --install --set $keyvaules "example" ./mychart
216+
if ($keyvalues){
217+
$keyvalues = $keyvalues.TrimEnd(',')
218+
helm upgrade --install --set $keyvalues "example" ./mychart
193219
}
194220
else{
195221
helm upgrade --install "example" ./mychart
196222
}
197223
198224
```
199225

200-
We can verify configurations and secrets are successfully pulled by accessing [Kubernetes Dashboard](https://docs.microsoft.com/azure/aks/kubernetes-dashboard). Two settings, **color** and **message**, stores in App Configuration were populated into container's environment variables.
226+
Verify that configurations and secrets were set successfully by accessing the [Kubernetes Dashboard](https://docs.microsoft.com/azure/aks/kubernetes-dashboard). You'll see that the **color** and **message** values from App Configuration were populated into the container's environment variables.
227+
201228
![Quickstart app launch local](./media/kubernetes-dashboard-env-variables.png)
229+
202230
One secret, **password**, stores as Key Vault reference in App Configuration was also added into Kubernetes Secrets.
231+
203232
![Quickstart app launch local](./media/kubernetes-dashboard-secrets.png)
204233

205234
## Clean up resources

0 commit comments

Comments
 (0)