Spring Cloud Kubernetes ConfigMap reload not working
The Deployment doesn't have serviceAccountName
configured so it uses the default
service account. The command in the question, however - kubectl create clusterrolebinding ... --serviceaccount=default:minikube...
- is for an account named minikube
in the default
namespace.
Moreover, creating clusterrolebinding
may be "too much" when rolebinding
for the namespace would work.
With the Deployment being for the default
namespace (metadata.namespace: default
), this should create a proper rolebinding
to grant read-only permission to the default
account:
kubectl create rolebinding default-sa-view \ --clusterrole=view \ --serviceaccount=default:default \ --namespace=default
For reference, see Using RBAC Authorization.
Thanks gears for your answer. rolebinding is enough with role view in the namespace for the configmap to be available in container.
I solved the problem with updating dependencies. The Spring boot version with 2.1.8.Release and version of spring could kubernetes 1.1.0.Release didn't work out for me. I suspect to many dependencies added. I cleaned up pom file and that worked well.
Pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.2.1.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.minikube.sample</groupId> <artifactId>kubernetes-configmap-reload</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>minikube-sample</name> <description>Demo project for Spring Cloud Kubernetes</description> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-kubernetes-config</artifactId> <version>1.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.18.4</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build></project>
You can find repository link here -- https://github.com/ereshzealous/kubernetes-configmap-reload
ThanksEresh
To access ConfigMaps and get Refresh events:
see annotations on config properties class
@Configuration(proxyBeanMethods = false)
see also@RefreshScope
on config properties class.@Configuration(proxyBeanMethods = false)@ConfigurationProperties(prefix = "bean")@RefreshScopepublic class ClientConfig { private String message = "Default Message from java code - to be overwritten from config"; public String getMessage() {... public void setMessage(String message) {...}
2 Add permissions to access ConfigMaps
kubectl create -f perm.yaml -n <NAMESPACE>
where perm.yaml is:
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: yldbg name: namespace-reader rules: - apiGroups: ["", "extensions", "apps"] resources: ["configmaps", "pods", "services", "endpoints", "secrets"] verbs: ["get", "list", "watch"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: namespace-reader-binding namespace: yldbg subjects: - kind: ServiceAccount name: default apiGroup: "" roleRef: kind: Role name: namespace-reader apiGroup: ""
After creating permissions, deploy pods and services.
when modifying the config map, you will see a refresh event in pod logs
EventBasedConfigurationChangeDetector - Detected change in config mapsEventBasedConfigurationChangeDetector - Reloading using strategy: REFRESHPropertySourceBootstrapConfiguration - Located property source: [BootstrapPropertySource {name='bootstrapProperties-configmap.client-svc.myns'}]SpringApplication - The following profiles are active: kubernetes
by yl