More great stuff from Kelsey...<p>My tldr; konfd writes out k8s configmaps based on other k8s resources like secrets, configmaps, etc. Really useful for writing out complete config files into a pod namespace without relying on external config backends.<p>Question: While looping on a syncInterval is certainly clean and understandable, it feels suboptimal when all the templates sources are themselves watchable with a k8s client. Benefits of switching to a watch model:<p>1. Speed: It'd be nice to have the template rendering fire immediately after a source secret changed versus waiting for syncInterval.<p>2. Resource Utilization: Switching from syncInterval to a watch should save significant cycles by avoiding reprocessing templates when config hasn't changed.
Kelsey, I (and others) would kindly appreciate it if you'd stop calling anything in Kubernetes as it exists today a "secret" and writing new code to further encourage its use. People should be aware in no uncertain terms that the "secrets" store in etcd is totally unencrypted and insecure.<p>If you'd like to find a place to help, I'd suggest focusing your efforts on connecting Kubernetes to Hashicorp Vault, which is truly secure, and deprecating the old unencrypted etcd-backed implementation.
Hi kelsey, this is pretty nice !
Is there any way to bribe you into slowing down on the awesome sauce delivery pipeline so people can catch up !? asking for a friend.<p>If you find the time can you elaborate on why you elected to use ConfigMaps for the templates too instead of building a 3rd party ressource ?
This way you wouldn't have to use annotations and the definition might be a little more terse (or not)<p>Is there something about configmaps that make implementation easier ? or provides additional behavior wrt to pod lifecycle or something like that ?
I propose an alternative to templates: Use go objects to define your config. Better dynamicity, readability and typesafety. See my post <a href="https://kozikow.com/2016/09/02/using-go-to-autogenerate-kubernetes-configs/" rel="nofollow">https://kozikow.com/2016/09/02/using-go-to-autogenerate-kube...</a> .