Kustomize Best Practices (part 4)
Part 1 of this series can be found here. Part 2 of this series can be found here. Part 3 of this series can be found here.
ConfigMapGenerator
Creating ConfigMaps is a bit of a pain, particularly when you want to create it from a file. You have to put the contents of the file in a yaml manifest, get the indentation right, etc. Wouldn’t it be easier if something would just take your file and create the ConfigMap for you?
Kustomize does exactly that! You simply specify the name of the name of the configMap and the file(s) or literal value(s) that you want included, and kustomize does the rest.
configMapGenerator:
- name: example-configmap-1
literals:
- somename=somevalue
files:
- application.propertiesSecretGenerator
Creating Secrets without help from kustomize is somewhat more painful than creating ConfigMaps. You can:
- create your Secret manifest directly, but you have to make sure that you base64 encode the content correctly. Every time you change the content, you’ll have to re-encode it
- call kubectl create secret, but this likely means additional automation work in your pipelines or extra manual steps that are error prone
- OR you can have kustomize create the secret for you with a secretGenerator:
secretGenerator:
- name: mysecret
literals:
- username=admin
- password=1f2d1e2e67df
files:
- longsecret.txtOf course, you need to make sure that you keep your kustomization.yaml and any files referenced in the secretGenerator safe (and as such, the previously mentioned SealedSecrets or other alternatives like Vault or AWS Secrets Manager may be better choices).
