Back to Mid Level

Operator for ConfigMaps

Prerequisite

  • Knowledge of Custom Resource Definitions (CRDs)
  • Knowledge of environment variables in applications
  • Access to a local k8s cluster (kind / minikube is ok)

Challenge

You are a DevSecOps engineer on a team that is supporting several developers that are new to k8s. These developers have applications that make use of environment variables and they want to deploy these applications to k8s. When approached by the developers on how k8s can help with environment variables, you correctly point them to the documentation for ConfMaps API object. After reading the documentation, the developes start using ConfigMaps to provide environment variables to their applications. Life is good.

But now the developers would like to change the value of the ConfigMaps while their application is running. They realize that when they change the value of the ConfigMaps, the applications don’t pick up the new value. After reading more documentation they realize that the ConfigMaps are only read once (on application start time) and so the application must be restarted each time they change the value of the ConfigMap.

Requirement

Being a savy DevSecOps person, the developers come to you for help. You’re tasked to write a custom k8s operator that watches the ConfigMaps bound to a specific pod. When the ConfigMaps change value, the operator re-cycles the pod so that the pod comes up again and in doing so also reads the new value of the ConfigMap.

Deliverable

  • A super simple Hello, <name> web application where <name> is read from a ConfigMap. This app will serve as a demo app to try the operator
  • A k8s custom operator (using CRD) that watches when a ConfigMap is changed. When the ConfigMap is changed, it restarts the Pod that the ConfigMap is bound to.
  • Set a ConfigMap named name with the value John.
  • Deploy the web application
  • When web application opens in the browser it will say “Hello, John”
  • Update the value of ConigMap named name to Jane
  • Notice the pod restarting soon as ConfigMap is updated
  • When web application opens in the browser it will say “Hello, Jane”
  • Invite rafty8s, omnipresent07, Barakstout, and Dagan with read permissions to review your completed challenge assets (how to invite collaborators)

Note: The Reloader operator does this out of the box but you should be building your own from scratch. You’re free to take inspiration from Reloader or other operators. You’re recommended to use the operator sdk or Kubebuilder