[Kubernetes (K8S)] Helm install AppCode Kubed to sync ConfigMaps/Secrets across Kubernetes (K8S) namespaces or Clusters

Posted on Edited on In , , Views: Word count in article: 3.5k Reading time ≈ 3 mins.

helm-AppsCode-kubed-example

AppsCode Kubed

Kubed by AppsCode is a Kubernetes cluster manager daemon that can sync ConfigMaps/Secrets across Kubernetes namespaces or Clusters.

This article is about how to use Helm to install kubed on Kubernetes (K8S).

Prerequisites

  • Kubernetes (K8S)
    Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.

    For more information about installing and using Kubernetes (K8s), see the Kubernetes (K8s) Docs.

  • Helm
    Helm is the best way to find, share, and use software built for Kubernetes.

    For more information about installing and using Helm, see the Helm Docs.

How to Install

Helm install kubed into kube-system namespace.

1
2
3
4
5
6
7
8
# Add the Stable Helm repository:
$ helm repo add appscode https://charts.appscode.com/stable/

# Update your local Helm chart repository cache:
$ helm repo update

# To install Helm chart:
$ helm install kubed appscode/kubed -n kube-system -f values.yaml

See Helm release about kubed

1
2
3
$ helm list --namespace kube-system
NAME                       	NAMESPACE             	REVISION	UPDATED                                	STATUS  	CHART
kubed                      	kube-system           	1       	2020-10-31 11:19:51.65893 +0800 +0800  	deployed	kubed-v0.12.0                    	v0.12.0

See pods about kubed.

1
2
3
$ kubectl get pods -n kube-system 
NAME                       READY   STATUS    RESTARTS   AGE
kube-system              kubed-559f7f5768-56bgr                                             1/1     Running                 0          6h3m

Custom Values.yaml

1
2
3
4
5
# kubed/values.yaml at v0.12.0 · appscode/kubed
# https://github.com/appscode/kubed/blob/v0.12.0/charts/kubed/values.yaml

# If true, sends usage analytics
enableAnalytics: false

Synchronize ConfigMap or Secret

Synchronize ConfigMap

First, create a NameSpace called demo.

1
2
$ kubectl create namespace demo
namespace "demo" created

Now, create a ConfigMap called omni in the demo namespace. This will be our source ConfigMap.

1
2
3
4
5
6
7
8
9
10
# cat demo-0.yaml
---
apiVersion: v1
data:
  you: only
  leave: once
kind: ConfigMap
metadata:
  name: omni
  namespace: demo

Apply the demo-0.yaml to create ConfigMap.

1
2
3
4
5
$ kubectl apply -f demo-0.yaml
configmap "omni" created

$ kubectl get configmaps --all-namespaces | grep omni
demo          omni                                 2         7m

Now, apply the kubed.appscode.com/sync: “” annotation to ConfigMap omni. Kubed operator will notice that and copy the ConfigMap in all namespaces.

1
2
3
4
5
6
7
8
$ kubectl annotate configmap omni kubed.appscode.com/sync="" -n demo
configmap "omni" annotated

$ kubectl get configmaps --all-namespaces | grep omni
default       omni                                 2         1m
demo          omni                                 2         8m
kube-public   omni                                 2         1m
kube-system   omni                                 2         1m

Namespace Selector

Lets’ change annotation value of source ConfigMap omni.

1
2
3
4
5
$ kubectl annotate configmap omni kubed.appscode.com/sync="app=kubed" -n demo --overwrite
configmap "omni" annotated

$ kubectl get configmaps --all-namespaces | grep omni
demo          omni                                 2         8m

Kubed operator removes the ConfigMap from all namespaces (except source) since no namespace matches the label-selector app=kubed. Now, lets’ apply app=kubed annotation to other namespace. Kubed operator will then sync the ConfigMap to other namespace.

1
2
3
4
5
6
$ kubectl label namespace other app=kubed
namespace "other" labeled

$ kubectl get configmaps --all-namespaces | grep omni
demo          omni                                 2         8m
other         omni                                 2         5m

Restricting Source Namespace

By default, Kubed will watch all namespaces for configmaps and secrets with kubed.appscode.com/sync annotation. But you can restrict the source namespace for configmaps and secrets by passing config.configSourceNamespace value during installation.

1
2
3
4
$ helm install kubed appscode/kubed \
  --namespace=kube-system \
  --set imagePullPolicy=Always \
  --set config.configSourceNamespace=demo

References

[1] appscode/kubed: 🛡️ A Kubernetes Cluster Daemon - https://github.com/appscode/kubed

[2] Kubed by AppsCode - https://appscode.com/products/kubed/v0.12.0/guides/config-syncer/

[3] Kubed by AppsCode - https://appscode.com/products/kubed/v0.12.0/guides/config-syncer/intra-cluster/

[4] Helm - https://helm.sh/

[5] Kubernetes - https://kubernetes.io/