Quarkus - Kubernetes Config

    Once you have your Quarkus project configured you can add the kubernetes-config extension by running the following command in your project base directory.

    This will add the following to your pom.xml:

    1. <dependency>
    2.     <artifactId>quarkus-kubernetes-config</artifactId>

    The extension works by reading ConfigMaps and Secrets directly from the Kubernetes API server using the Kubernetes Client.

    The extension understands the following types of ConfigMaps and Secrets as input sources:

    You have to explicitly enable the retrieval of ConfigMaps and Secrets by setting quarkus.kubernetes-config.enabled=true. The default is false in order to make it easy to test the application locally.

    Afterwards, set the property to configure which ConfigMaps should be used. Set the quarkus.kubernetes-config.secrets property to configure which Secrets should be used. To access ConfigMaps and Secrets from a specific namespace, you can set the quarkus.kubernetes-config.namespace property.

    The properties obtained from the ConfigMaps and Secrets have a higher priority than (i.e. they override) any properties of the same name that are found in application.properties (or the YAML equivalents), but they have lower priority than properties set via Environment Variables or Java System Properties.

    Finally, when both ConfigMaps and Secrets are used, the latter always a higher priority than the former.

    Kubernetes Permissions

    Since reading ConfigMaps involves interacting with the Kubernetes API Server, when RBAC is enabled on the cluster, the that is used to run the application needs to have the proper permissions for such access.

    Thankfully, when using the kubernetes-config extension along with the Kubernetes extension, all the necessary Kubernetes resources to make that happen are automatically generated.

    Secrets

    By default, the Kubernetes extension doesn’t generate the necessary resources to allow accessing secrets. Set quarkus.kubernetes-config.secrets.enabled=true to generate the necessary role and corresponding role binding.