Our Thoughts on Modern Configuration and Secrets Management

Manage Kubernetes ConfigMaps and Secrets | CloudTruth

Written by Matt Conway | Jan 20, 2022 8:35:00 AM

Using CloudTruth’s ‘KubeTruth’ To Save Configuration Time

If you’re new to Kubernetes and need an easier way to manage multiple Kubernetes configurations, it’s worth taking a look at CloudTruth’s Kubernetes operator called KubeTruth.

Dynamically updating as ConfigMaps and Secrets within Kubernetes, KubeTruth provides an automated Kubernetes configuration management system. KubeTruth accesses CloudTruth parameters and dynamically creates Kubernetes ConfigMaps and Secrets resources for specific projects or environments when you need them.

Let’s take a look at CloudTruth’s KubeTruth and see how it can help manage the dozens of configuration items necessary for a typical dev/test/prod Kubernetes environment.

Kubernetes ConfigMaps, Secrets, and CloudTruth Parameters

As the number of applications and services increases, the environments you must support grow larger, and managing their configurations becomes exponentially more difficult. Instead of managing each configuration, on its own, in multiple places, CloudTruth centralizes all that configuration in a single place.

Rather than directly storing and managing configuration items in variable holders like Kubernetes Secrets or ConfigMaps, KubeTruth enables you to define them in CloudTruth and have them synchronized to Kubernetes.  Your application can continue to reference them in a Kubernetes native fashion, without having to change any existing access patterns.

Figure 1 shows how CloudTruth parameters (CloudTruth_Parameter1→Value1) are stored in a project (MyFirstProject).

Figure 1. Storing CloudTruth parameters

Setting up KubeTruth: The Kubernetes Operator

KubeTruth acts as a tunnel between CloudTruth and a Kubernetes cluster. This tunnel allows you to organize and manage configuration across projects and environments using the rich set of capabilities that the CloudTruth UI provides. These values are then exposed to Kubernetes as ConfigMaps and Secrets within Kubernetes, as shown in Figure 2.

Figure 2. An overview of KubeTruth architecture

KubeTruth is available as a Helm package. Once you’ve added the CloudTruth repository as a source, you can install KubeTruth, as shown below. Once Kubernetes knows where to find KubeTruth, you can simply run “helm install,” providing the dedicated namespace, API key, and environment to install it in. See Figure 3.

## Tell Helm where to find the Kubetruth package

helm repo add cloudtruth https://packages.cloudtruth.com/charts
 
## Install the Kubetruth Helm package

helm install \
  --create-namespace --namespace shanky-kubetruth \
  --set appSettings.apiKey=XXXXXXX \
  --set appSettings.environment=default \
  kubetruth-install cloudtruth/kubetruth
Figure 3. Installing KubeTruth via Helm

Once KubeTruth installs, it will create ConfigMaps and Secrets for every CloudTruth project. As you can see in Figure 4, the ConfigMaps and Secrets created by default are easy to identify, as they are created with the label [app.kubernetes.io/managed-by:](http://app.kubernetes.io/managed-by:) kubetruth.

kubectl get secrets -n shanky-kubetruth -o wide
Figure 4. The installed project, with parameters, specified

KubeTruth in Action

Once you’ve installed KubeTruth, it’s time to take it for a spin. Since KubeTruth interacts directly with CloudTruth through its API, you can now define CloudTruth parameters which will immediately be available in Kubernetes.

Figure 5 shows the newly created CloudTruth project, called MyFirstProject. This project has two parameters —CloudTruth_Parameter2 and CloudTruth_Parameter1 —added to the project.

Figure 5. The new CloudTruth project

Once created, you can now see these parameters are available within Kubernetes as ConfigMaps, as shown in Figure 6.

Figure 6. The parameters highlighted in yellow are now available to Kubernetes

A Serious Time-Saver

If you’re still wrangling configuration values across various projects and environments individually, it’s worth your time to check out CloudTruth and their Kubernetes integration. Having the ability to access configurations dynamically via Secrets and ConfigMaps is a major time-saver.