Score:0

How to convert configmap to azure keyvault

ke flag

I have a configmap like below.Which I will link to a config file in our application.

apiVersion: v1
kind: ConfigMap
metadata:
  name: database-configmap
data:
  config: |
   dbport=5432
   dcname=
   dbssl=false
   locktime=300
   domainuser=
   dattserverhost=localhost
   conntype=ON-PREM
   dbinstance=
   dattusessl=false
   dbpwd=VrjvBguQ
   iisport=80
   docountupgrade=false
   doreportupgrade=false
   dbname=dattdatabase
   dattuseiis=false
   dbtype=POSTGRESQL
   dbusername=postg
   dbserver=tgres.database.azure.com
   domainpwd=

How to save this in azurekeyvault and get from there during deployment? Individual key/value pairs are stored there in keyvault. But how to achieve this?

I have tried the option provided in the link but it is not showing as normal kubernetes secret. Please see the output below:

kubectl get azurekeyvaultsecret.spv.no/secret-sync -n akv-test
NAME          VAULT           VAULT OBJECT   SECRET NAME   SYNCHED
secret-sync   testingvaultd   sample1
kubectl get secrets -n akv-test
NAME                  TYPE                                  DATA   AGE
default-token-9bsk8   kubernetes.io/service-account-token   3      5m31s
ng flag
Azure Keyvault is a secret store, not a configuration store. Whilst you likely can store this data in KV, you probably shouldn't, you should limit it to storing secrets. An alternative for storing config data is Azure App Configuration - https://docs.microsoft.com/en-us/azure/azure-app-configuration?WT.mc_id=AZ-MVP-5002404
uday avatar
ke flag
even in azure app configuration, it is a key/value pairs only, individual key/value pairs. But I need to add the above complete key/value pair set to single configmap. How to do that?
Score:1
cn flag
Vit

Was interesting question for me so I investigated a bit. First of all you should understand I have not personally tried(will try a bit later) so this is just an idea. Too much info for comment.

I found very interesting akv2k8s project(Explore Azure Key Vault to Kubernetes) that seems can help meet the requirements...

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application

  • in a simple and secure way.

They mention configmaps in overview but not in diagram.

Akv2k8s contains two main components:

  1. The akv2k8s Controller syncs Azure Key Vault objects to Kubernetes as native Secret's or ConfigMaps

  2. The akv2k8s Injector injects Azure Key Vault objects as environment variables directly into your application.

enter image description here

Use the Controller if: need to sync Azure Key Vault data to a Kubernetes ConfigMap


Installation: How to install Azure Key Vault to Kubernetes (akv2k8s) on Azure AKS

uday avatar
ke flag
can you see the content updated above
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.