Spring Cloud Kubernetes Config Server

Spring Cloud Kubernetes Config Server 基于 Spring Cloud Config Server，并增加了 Kubernetes Config Maps 和 Secrets 的支持。

The Spring Cloud Kubernetes Config Server, is based on Spring Cloud Config Server and adds an environment repository for Kubernetes Config Maps and Secrets.

此组件完全可选。但是，它允许您继续在 Kubernetes 中运行的应用程序中利用您可能存储在现有环境存储库（Git、SVN、Vault 等）中的配置。

This is component is completely optional. However, it allows you to continue to leverage configuration you may have stored in existing environment repositories (Git, SVN, Vault, etc) with applications that you are running on Kubernetes.

一个默认镜像位于 Docker Hub，这将允许您在 Kubernetes 上轻松部署配置服务器，而无需自行构建代码和镜像。但是，如果您需要自定义配置服务器行为或更喜欢自己构建镜像，您可以轻松地从 source code on GitHub 构建自己的镜像并使用它。

A default image is located on Docker Hub which will allow you to easily get a Config Server deployed on Kubernetes without building the code and image yourself. However, if you need to customize the config server behavior or prefer to build the image yourself you can easily build your own image from the source code on GitHub and use that.

Configuration

Enabling The Kubernetes Environment Repository

要启用 Kubernetes 环境存储库，必须在活动配置文件列表中包含 kubernetes 配置文件。您也可以激活其他配置文件以使用其他环境存储库实现。

To enable the Kubernetes environment repository the kubernetes profile must be included in the list of active profiles. You may activate other profiles as well to use other environment repository implementations.

Config Map and Secret PropertySources

默认情况下，将仅获取 Config Map 数据。若要启用 Secrets，您需要将 spring.cloud.kubernetes.secrets.enableApi=true。您可以通过将 spring.cloud.kubernetes.config.enableApi=false 来禁用 Config Map PropertySource。

By default, only Config Map data will be fetched. To enable Secrets as well you will need to set spring.cloud.kubernetes.secrets.enableApi=true. You can disable the Config Map PropertySource by setting spring.cloud.kubernetes.config.enableApi=false.

Fetching Config Map and Secret Data From Additional Namespaces

默认情况下，Kubernetes 环境存储库将仅从其部署的命名空间中获取 Config Map 和 Secrets。如果您希望包含来自其他命名空间的数据，您可以将 spring.cloud.kubernetes.configserver.config-map-namespaces 和/或 spring.cloud.kubernetes.configserver.secrets-namespaces 设置为命名空间值的分隔列表。

By default, the Kubernetes environment repository will only fetch Config Map and Secrets from the namespace in which it is deployed. If you want to include data from other namespaces you can set spring.cloud.kubernetes.configserver.config-map-namespaces and/or spring.cloud.kubernetes.configserver.secrets-namespaces to a comma separated list of namespace values.

如果您设置 spring.cloud.kubernetes.configserver.config-map-namespaces 和/或 spring.cloud.kubernetes.configserver.secrets-namespaces，您需要包括 Config Server 部署所在的命名空间，以便继续从此命名空间获取 Config Map 和 Secret 数据。

If you set spring.cloud.kubernetes.configserver.config-map-namespaces and/or spring.cloud.kubernetes.configserver.secrets-namespaces you will need to include the namespace in which the Config Server is deployed in order to continue to fetch Config Map and Secret data from that namespace.

Kubernetes Access Controls

Kubernetes Config Server 使用 Kubernetes API 服务器获取 Config Map 和 Secret 数据。为了做到这一点它需要 get 和 list Config Map 和 Secret 的能力（取决于您启用/禁用什么）。

The Kubernetes Config Server uses the Kubernetes API server to fetch Config Map and Secret data. In order for it to do that it needs ability to get and list Config Map and Secrets (depending on what you enable/disable).

Deployment Yaml

以下是您可以用于在 Kubernetes 中部署基本 Config Server 的示例部署、服务和权限配置。

Below is a sample deployment, service and permissions configuration you can use to deploy a basic Config Server to Kubernetes.

---
apiVersion: v1
kind: List
items:
  - apiVersion: v1
    kind: Service
    metadata:
      labels:
        app: spring-cloud-kubernetes-configserver
      name: spring-cloud-kubernetes-configserver
    spec:
      ports:
        - name: http
          port: 8888
          targetPort: 8888
      selector:
        app: spring-cloud-kubernetes-configserver
      type: ClusterIP
  - apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        app: spring-cloud-kubernetes-configserver
      name: spring-cloud-kubernetes-configserver
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      labels:
        app: spring-cloud-kubernetes-configserver
      name: spring-cloud-kubernetes-configserver:view
    roleRef:
      kind: Role
      apiGroup: rbac.authorization.k8s.io
      name: namespace-reader
    subjects:
      - kind: ServiceAccount
        name: spring-cloud-kubernetes-configserver
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      namespace: default
      name: namespace-reader
    rules:
      - apiGroups: ["", "extensions", "apps"]
        resources: ["configmaps", "secrets"]
        verbs: ["get", "list"]
  - apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: spring-cloud-kubernetes-configserver-deployment
    spec:
      selector:
        matchLabels:
          app: spring-cloud-kubernetes-configserver
      template:
        metadata:
          labels:
            app: spring-cloud-kubernetes-configserver
        spec:
          serviceAccount: spring-cloud-kubernetes-configserver
          containers:
          - name: spring-cloud-kubernetes-configserver
            image: springcloud/spring-cloud-kubernetes-configserver
            imagePullPolicy: IfNotPresent
            env:
                - name: SPRING_PROFILES_INCLUDE
                  value: "kubernetes"
            readinessProbe:
              httpGet:
                port: 8888
                path: /actuator/health/readiness
            livenessProbe:
              httpGet:
                port: 8888
                path: /actuator/health/liveness
            ports:
            - containerPort: 8888