Each tool is a small, focused utility, designed to solve specific integration needs Tumblr had while migrating our workflows to Kubernetes.
These tools were developed by Tumblr to migrate their workflow to Kubernetes.
The microblogging and social networking platform announces in its blog –
Inspired by a lot of existing Kubernetes APIs and best practices, we’re excited to share with the community some of the tools we’ve developed at Tumblr as our infrastructure has evolved to work with Kubernetes.
Each tool is a small, focused utility, designed to solve specific integration needs Tumblr had while migrating our workflows to Kubernetes. The tools were built to handle our needs internally, but we believe they are useful to the wider Kubernetes community.
Here are the three tools and their features as listed on the Tumblr blog:
k8s- sidecar injector
Containerizing complex applications requires a tremendous amount of effort. Sidecars may help emulate older deployments with co-located services on physical hosts or Virtual machines. The k8s-sidecar injector dynamically injects sidecars, volumes, and environment data into pods as they are launched.
This reduces the complexity involved in copy-pasting code to add sidecars to a developer’s deployments and cronjobs.
The k8s-sidecar-injector listens to the Kubernetes API for Pod launches that contain annotations requesting a specific sidecar to be injected.
This tool can be helpful when containerizing legacy applications requiring a complex sidecar configuration.
“By centralizing configuration of sidecars, we were able to reduce complexity in CronJobs and Deployments by hundreds of lines, eliminated copy-paste errors, and made rolling out updates to shared components in our sidecars effortless,” Tumblr says in its blog post.
The Config Projector is a command line tool, meant to be run by CI processes. It combines a git repo hosting configuration data (feature flags, lists of hostnames+ports, application settings) with a set of “projection manifest” files that describe how to group/extract settings from the config repo and transmute them into ConfigMaps.
The config projector allows developers to encode a set of configuration data the application needs to run into a projection manifest.
“With this tool, we have enabled our applications running in kubernetes to receive dynamic configuration updates without requiring container rebuilds or deployments,” Tumblr claims.
Tumblr stores secure credentials (passwords, certificates, etc) in access controlled vaults. With k8s-secret-projector tool, developers will now be able to request access to subsets of credentials for a given application.
The k8s-secret-projector operates similarly to the k8s-config-projector, albeit with a few differences. The secret projector combines a repository of projection manifests with a set of credential repositories. A Continuous Integration (CI) tool like Jenkins will run the k8s-secret-projector against any changes in the projection manifests repository to generate new Kubernetes Secret YAML files. Then, Continuous Deployment can deploy the generated and validated Secret files to any number of Kubernetes clusters.
In addition to being able to extract fields from structured YAML and JSON sources, the tool can encrypt generated Secrets before they touch the disk.