©2021 VMware, Inc.
Modern Application
Configuration in
Kubernetes
Craig Walls
Engineer, VMware Tanzu
September 1, 2021

©2021 VMware, Inc. 2
This presentation may contain product features or functionality that are
currently under development.
This overview of new technology represents no commitment from
VMware to deliver these features in any generally available product.
Features are subject to change, and must not be included in contracts,
purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new features/functionality/technology
discussed or presented, have not been determined.
The information in this presentation is for informational purposes only
and may not be incorporated into any contract. There is no commitment
or obligation to deliver any items presented herein.
Disclaimer

©2021 VMware, Inc.
Live in Colorado
Enjoy board games and all things Disney
Author of Spring in Action and Spring Boot in Action
(and also Build Talking Apps for Alexa)
Member of Spring Engineering Team
Developer Spring Cloud Services &
Application Configuration Service on Kubernetes
3
About me…

©2021 VMware, Inc. 4
Let’s talk about configuration…

©2021 VMware, Inc. 5
How do you configure your Spring apps?
application.yml application.properties
Environment
Variables
JVM System
Properties
Command Line Args?
!

©2021 VMware, Inc. 5
How do you configure your Spring apps?
!

©2021 VMware, Inc. 6
The Spring Environment abstraction

©2021 VMware, Inc. 7
Captures properties from multiple sources…

©2021 VMware, Inc. 8
…Avails them for property placeholders
e.g., ${someProperty}

©2021 VMware, Inc. 9
…And Spring Boot Config Props
e.g., @ConfigurationProperties-annotated classes

©2021 VMware, Inc. 10
However…

©2021 VMware, Inc. 11
application.properties / application.yml
is packaged into deployment artifact

©2021 VMware, Inc. 12
(But it could be in the filesystem)

©2021 VMware, Inc. 13
Difficult to manage across multiple apps/instances
"

©2021 VMware, Inc. 14
Difficult to audit
"

©2021 VMware, Inc. 15
Environment variables tricky to manage
"

©2021 VMware, Inc. 16
Also tricky to audit
"

©2021 VMware, Inc. 17
Command line arguments and JVM system properties
Not practical as a main configuration source
#

©2021 VMware, Inc. 18
Spring Environment abstraction is extensible
$

©2021 VMware, Inc. 19
What if config came from somewhere central?
!

©2021 VMware, Inc. 20
Spring Cloud Config Server

©2021 VMware, Inc. 21
Configuration can be managed in Git…
(and Vault, CredHub, DB, S3, etc)
$

©2021 VMware, Inc. 22
…and served via REST
$

©2021 VMware, Inc. 23
Configuration can be versioned
$

©2021 VMware, Inc. 24
Configuration can be rolled back
$

©2021 VMware, Inc. 25
Configuration can be audited
(e.g., git log and git blame)
$

©2021 VMware, Inc. 26
Applications just need to read from Config Server…
"

©2021 VMware, Inc. 27
…and somehow merge configuration into Environment
"

©2021 VMware, Inc. 28
Spring Cloud Config Server client library

©2021 VMware, Inc. 29
Problem solved!

©2021 VMware, Inc. 30
But wait…

©2021 VMware, Inc. 31
What about non-Spring or non-Java apps?
(Let’s not talk about that right now…)
!

©2021 VMware, Inc. 32
Then came Kubernetes
%

©2021 VMware, Inc. 33
Spring Cloud Config Server runs fine in K8s
$

©2021 VMware, Inc. 34
Applications running in K8s can still
be Config Server Clients
$

©2021 VMware, Inc. 35
But wait…

©2021 VMware, Inc. 36
What about non-Spring or non-Java apps?
(I said…Let’s not talk about that right now…)
!

©2021 VMware, Inc. 37
The configuration
elephant in the K8s
room

©2021 VMware, Inc. 38
What about ConfigMaps?
(Okay…I guess we should talk about that)
!

©2021 VMware, Inc. 39
ConfigMaps are K8s resources

©2021 VMware, Inc. 40
…hold configuration data

©2021 VMware, Inc. 41
Can be consumed as env vars…or…

©2021 VMware, Inc. 42
…mounted as files in the pod’s filesystem

©2021 VMware, Inc. 43
Secrets are also K8s resources
&

©2021 VMware, Inc. 44
Secrets are like ConfigMaps
(just more secret)

©2021 VMware, Inc. 45
Do not require any special client library
$

©2021 VMware, Inc. 46
Work with any K8s workload…Spring, Java, or otherwise
$

©2021 VMware, Inc. 47
Problem solved!

©2021 VMware, Inc. 48
But wait…

©2021 VMware, Inc. 49
Spring Cloud Config Server != ConfigMaps/Secrets

©2021 VMware, Inc.
Spring Cloud Config Server
50
K8s ConfigMaps and Secrets
Central-management of properties
Can be versioned
Can be audited
HTTP-based property consumption
Probably should be secured
Requires client-side library or code
Doesn’t require special client code
K8s-native
Not centrally managed
Versioning/auditing not built-in
Can leverage K8s-native security

©2021 VMware, Inc. 51
WHAT IF…?

©2021 VMware, Inc. 52
…we bring them together?

©2021 VMware, Inc. 53
Application Configuration Service for VMware Tanzu

©2021 VMware, Inc. 54
Git-backed ConfigMaps and Secrets!
$

©2021 VMware, Inc. 55
Same Git-hosted properties
$

©2021 VMware, Inc. 56
Written to ConfigMaps and/or Secrets

©2021 VMware, Inc. 57
Best of both worlds!
'

©2021 VMware, Inc. 58
Problem solved!

©2021 VMware, Inc. 59
How does it work?

©2021 VMware, Inc. 60
Configuration Source
(defines where configuration lives)

©2021 VMware, Inc. 61
Configuration Slice
(defines the desired configuration subset )

©2021 VMware, Inc. 62
Source + Slice = ConfigMap/Secret

©2021 VMware, Inc. 63
Let’s see it in action…
(

©2021 VMware, Inc. 64
Azure Spring Cloud Enterprise Tier w/VMware Tanzu

©2021 VMware, Inc. 65
Cloud-Native, Spring, and K8s
•Next-Generation Cloud Native Apps with Spring Cloud and
Kubernetes
•Application Modernization: Migrating Mainframe Apps to the
Cloud Using Spring
Azure Spring Cloud
•Rapid Development with Azure Spring Cloud
•Enable Authentication and Authorization with Azure Active
Directory and Spring Security
•Accelerate Spring Apps to Cloud at Scale—Discussion with Azure
Spring Cloud Customers
You may also be interested in…

Thank You
©2021 VMware, Inc.
See you in the Q&A session!