Lately I’ve been learning Go and this week I started a side project named kube-sherlock. The purpose of this small program is to list any pod that does not have the labels that your organization requires.

For kube-sherlock I created a dockerfile were both the program (kube-sherlock) and the default configuration (config.yaml) are placed in the app folder:

 1FROM golang:1.11.5 AS build
 2WORKDIR /src
 3ADD go.mod go.sum ./
 4RUN go get -v
 5ADD kube-sherlock.go config.yaml ./
 6RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-w'
 7
 8FROM alpine:3.7
 9COPY --from=build src/config.yaml app/config.yaml
10COPY --from=build src/kube-sherlock app/kube-sherlock
11WORKDIR /app
12CMD ./kube-sherlock
13
14# Metadata
15ARG BUILD_DATE
16ARG VCS_REF
17LABEL org.label-schema.build-date=$BUILD_DATE \
18    org.label-schema.name="kube-sherlock" \
19    org.label-schema.description="Check if labels are applied to your containers" \
20    org.label-schema.url="https://github.com/cmendible/kube-sherlock" \
21    org.label-schema.vcs-ref=$VCS_REF \
22    org.label-schema.vcs-url="https://github.com/cmendible/kube-sherlock" \
23    org.label-schema.schema-version="0.1"

So what if you want to replace the default configuration?

You can achieve this with the help of a ConfigMap, creating a new config.yaml with your custom values:

 1apiVersion: v1
 2kind: ConfigMap
 3metadata:
 4  name: sherlock-config
 5  namespace: default
 6data:
 7  config.yaml: |
 8    namespaces:
 9      - default
10    labels:
11      - "app"
12      - "owner"    

Note: I’m using the name of the file as the key.

And then create a pod definition, referencing the ConfigMap:

 1apiVersion: v1
 2kind: Pod
 3metadata:
 4  name: kube-sherlock
 5spec:
 6  serviceAccountName: kube-sherlock
 7  containers:
 8    - name: kube-sherlock
 9      image: cmendibl3/kube-sherlock:0.1
10      volumeMounts:
11      - name: config-volume
12        mountPath: /app/config.yaml
13        subPath: config.yaml
14  volumes:
15    - name: config-volume
16      configMap:
17        name: sherlock-config
18  restartPolicy: Never

Note: the volume references the ConfigMap (sherlock-config), the volume mount specifies the mountPath as the file you want to replace (/app/config.yaml) and the subPath property is used to reference the file by key (config.yaml)

Hope it helps.

Learn More

Storage options for applications in Azure Kubernetes Service (AKS)