You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-app-configuration/integrate-kubernetes-deployment-helm.md
+49-20Lines changed: 49 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: "Integrate Azure App Configuration with Kubernetes Deployment using Helm"
2
+
title: Integrate Azure App Configuration with Kubernetes Deployment using Helm
3
3
description: Learn how to use dynamic configurations in Kubernetes deployment with Helm.
4
4
services: azure-app-configuration
5
5
author: shenmuxiaosen
@@ -14,7 +14,19 @@ ms.author: shuawan
14
14
---
15
15
# Integrate with Kubernetes Deployment Using Helm
16
16
17
-
In this tutorial, we will use a sample Helm chart and show how to generate configurations and secrets from the App Configuration that can be used in Kubernetes deployment.
17
+
Helm provides a way to define, install, and upgrade applications running in Kubernetes. A Helm chart contains the information necessary to create an instance of a Kubernetes application. Configuration is stored outside of the chart itself, in a file called *values.yaml*.
18
+
19
+
During the release process, Helm merges the chart with the proper configuration to run the application. For example, variables defined in *values.yaml* can be referenced as environment variables inside the running containers. Helm also supports creation of Kubernetes Secrets, which can be mounted as data volumes or exposed as environment variables.
20
+
21
+
You can override the values stored in *values.yaml* by providing additional YAML-based configuration files on the command line when running Helm. Azure App Configuration supports exporting configuration values to YAML files. Integrating this export capability into your deployment allows your Kubernetes applications to leverage configuration values stored in App Configuration.
22
+
23
+
In this tutorial, you learn how to:
24
+
> [!div class="checklist"]
25
+
> * Use values from App Configuration when deploying an application to Kubernetes using Helm.
26
+
> * Create a Kubernetes Secret based on a Key Vault reference in App Configuration.
27
+
28
+
This tutorial assumes basic understanding of managing Kubernetes with Helm.
29
+
Learn more about installing applications with Helm in [Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/kubernetes-helm).
18
30
19
31
## Prerequisites
20
32
@@ -23,8 +35,6 @@ In this tutorial, we will use a sample Helm chart and show how to generate confi
23
35
- Install [Helm](https://helm.sh/docs/intro/install/) (version 2.14.0 or later)
24
36
- A Kubernetes cluster.
25
37
26
-
This tutorial assumes basic understanding of managing Kubernetes with Helm. Learn more about installing applications with Helm in [Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/kubernetes-helm).
@@ -42,21 +52,25 @@ This tutorial assumes basic understanding of managing Kubernetes with Helm. Lear
42
52
1. Sign in to the [Azure portal](https://portal.azure.com) and add a secret to [Key Vault](https://docs.microsoft.com/azure/key-vault/secrets/quick-create-portal#add-a-secret-to-key-vault) with name **Password** and value **myPassword**.
43
53
2. Select the App Configuration store instance that you created in previous section.
44
54
45
-
1. Select **Configuration Explorer**.
55
+
3. Select **Configuration Explorer**.
46
56
47
-
1. Select **+ Create** > **Key vault reference**, and then specify the following values:
57
+
4. Select **+ Create** > **Key vault reference**, and then specify the following values:
48
58
-**Key**: Select **secrets.password**.
49
59
-**Label**: Leave this value blank.
50
60
-**Subscription**, **Resource group**, and **Key vault**: Enter the values corresponding to those in the key vault you created in previous step.
51
61
-**Secret**: Select the secret named **Password** that you created in the previous section.
52
62
53
63
## Create Helm chart ##
54
-
First, we will create a sample Helm chart with the following command
64
+
First, create a sample Helm chart with the following command
55
65
```console
56
66
helm create mychart
57
67
```
58
68
59
-
Helm will create a new directory called mychart with the structure shown below. You can follow the [charts guide](https://helm.sh/docs/chart_template_guide/getting_started/) to learn more.
69
+
Helm creates a new directory called mychart with the structure shown below.
70
+
71
+
> [!TIP]
72
+
> Follow this [charts guide](https://helm.sh/docs/chart_template_guide/getting_started/) to learn more.
73
+
60
74
```
61
75
mychart
62
76
|-- Chart.yaml
@@ -70,7 +84,7 @@ mychart
70
84
`-- values.yaml
71
85
```
72
86
73
-
Next, we will update the *deployment.yaml* file and add the following snippet which adds two environment variables to the container under **spec:template:spec:containers**. It shows how to dynamically pass configurations into deployment.
87
+
Next, update the **spec:template:spec:containers** section of the *deployment.yaml* file. The following snippet adds two environment variables to the container. You'll set their values dynamically at deployment time.
74
88
75
89
```yaml
76
90
env:
@@ -141,7 +155,10 @@ spec:
141
155
{{- end }}
142
156
```
143
157
144
-
Then we add a *secrets.yaml* file under the templates folder with following content. It will be used to store Kubernetes Secrets, such as passwords. The secrets will be accessible from inside the container. Learn more about how to use [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets).
158
+
To store sensitive data as Kubernetes Secrets, add a *secrets.yaml* file under the templates folder.
159
+
160
+
> [!TIP]
161
+
> Learn more about how to use [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets).
145
162
146
163
```yaml
147
164
apiVersion: v1
@@ -153,7 +170,7 @@ data:
153
170
password: {{ .Values.secrets.password }}
154
171
```
155
172
156
-
Finally, we can update the *values.yaml* file with the following content to optionally provide default values of the configuration settings and secrets that we referenced in the *deployment.yaml* and *secrets.yaml* files earlier. Their actual values will be overwritten by configuration pulled from the App Configuration.
173
+
Finally, update the *values.yaml* file with the following content to optionally provide default values of the configuration settings and secrets that referenced in the *deployment.yaml* and *secrets.yaml* files. Their actual values will be overwritten by configuration pulled from the App Configuration.
157
174
158
175
```yaml
159
176
# settings will be overwritten by App Configuration
@@ -163,43 +180,55 @@ settings:
163
180
```
164
181
165
182
## Pass configuration data from App Configuration during Helm install ##
166
-
First, we download the configuration from App Configuration to a *myConfig.yaml* file. We use a key filter to only download those keys that start with **settings.**. If in your case the key filter is not sufficient to exclude keys of Key Vault references, you may use the argument **--skip-keyvault** to exclude them. Learn more about the [export command](https://docs.microsoft.com/cli/azure/appconfig/kv?view=azure-cli-latest#az-appconfig-kv-export).
183
+
First, download the configuration from App Configuration to a *myConfig.yaml* file. Use a key filter to only download those keys that start with **settings.**. If in your case the key filter is not sufficient to exclude keys of Key Vault references, you may use the argument **--skip-keyvault** to exclude them.
184
+
185
+
> [!TIP]
186
+
> Learn more about the [export command](https://docs.microsoft.com/cli/azure/appconfig/kv?view=azure-cli-latest#az-appconfig-kv-export).
Then we download secrets to a *mySecrets.yaml* file. Note the parameter **--resolve-keyvault** is used so the Key Vault references will be resolved and the actual values in the Key Vault will be retrieved. Make sure the credential that is used to run this command has access permission to the corresponding Key Vault. As this file contains sensitive information, keep the file with care and clean up when it's not needed anymore.
192
+
Next, download secrets to a file called *mySecrets.yaml*. The command-line argument **--resolve-keyvault** resolves the Key Vault references by retrieving the actual values in Key Vault. You'll need to run this command with credentials that have access permissions to the corresponding Key Vault.
193
+
194
+
> [!WARNING]
195
+
> As this file contains sensitive information, keep the file with care and clean up when it's not needed anymore.
In the end, pass those two files during Helm install with argument **-f** to overwrite *values.yaml*.
201
+
Use helm upgrade's **-f** argument to pass in the two configuration files you've created. They'll override the configuration values defined in *values.yaml* with the values exported from App Configuration.
If there is a concern for putting sensitive data in persistent storage, export content of key vault references to memory. Besides files Helm also allows passing literal key values with argument**--set**. Learn more about [Helm usage](https://helm.sh/docs/intro/using_helm/).
207
+
You can also use the **--set** argument for helm upgrade to pass literal key values. Using the**--set** argument is a good way to avoid persisting sensitive data to disk.
182
208
183
209
```powershell
184
210
$secrets = az appconfig kv list -n myAppConfiguration --key "secrets.*" --resolve-keyvault --query "[*].{name:key, value:value}" | ConvertFrom-Json
We can verify configurations and secrets are successfully pulled by accessing [Kubernetes Dashboard](https://docs.microsoft.com/azure/aks/kubernetes-dashboard). Two settings, **color** and **message**, stores in App Configuration were populated into container's environment variables.
226
+
Verify that configurations and secrets were set successfully by accessing the [Kubernetes Dashboard](https://docs.microsoft.com/azure/aks/kubernetes-dashboard). You'll see that the **color** and **message** values from App Configuration were populated into the container's environment variables.
0 commit comments