Kubernetes extension
Quarkus offers the ability to automatically generate Kubernetes resources based on sane defaults and user-supplied configuration using dekorate. It currently supports generating resources for vanilla Kubernetes, OpenShift and Knative. Furthermore, Quarkus can deploy the application to a target Kubernetes cluster by applying the generated manifests to the target cluster’s API Server. Finally, when either one of container image extensions is present (see the container image guide for more details), Quarkus has the ability to create a container image and push it to a registry before deploying the application to the target platform.
准备
要完成本指南,您需要:
-
Roughly 15 minutes
-
An IDE
-
JDK 11+ installed with
JAVA_HOME
configured appropriately -
Apache Maven 3.9.6
-
Optionally the Quarkus CLI if you want to use it
-
Access to a Kubernetes cluster (Minikube is a viable option)
Kubernetes
Let’s create a new project that contains both the Kubernetes and Jib extensions:
For Windows users:
-
If using cmd, (don’t use backward slash
\
and put everything on the same line) -
If using Powershell, wrap
-D
parameters in double quotes e.g."-DprojectArtifactId=kubernetes-quickstart"
This added the following dependencies to the build file:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-resteasy-reactive</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-kubernetes</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-container-image-jib</artifactId>
</dependency>
implementation("io.quarkus:quarkus-resteasy-reactive")
implementation("io.quarkus:quarkus-kubernetes")
implementation("io.quarkus:quarkus-container-image-jib")
By adding these dependencies, we enable the generation of Kubernetes manifests each time we perform a build while also enabling the build of a container image using Jib. For example, following the execution of:
quarkus build
./mvnw install
./gradlew build
you will notice amongst the other files that are created, two files named
kubernetes.json
and kubernetes.yml
in the target/kubernetes/
directory.
If you look at either file you will see that it contains both a Kubernetes
Deployment
and a Service
.
The full source of the kubernetes.json
file looks something like this:
{
{
"apiVersion" : "apps/v1",
"kind" : "Deployment",
"metadata" : {
"annotations": {
"app.quarkus.io/vcs-uri" : "<some url>",
"app.quarkus.io/commit-id" : "<some git SHA>",
},
"labels" : {
"app.kubernetes.io/name" : "test-quarkus-app",
"app.kubernetes.io/version" : "1.0.0-SNAPSHOT",
},
"name" : "test-quarkus-app"
},
"spec" : {
"replicas" : 1,
"selector" : {
"matchLabels" : {
"app.kubernetes.io/name" : "test-quarkus-app",
"app.kubernetes.io/version" : "1.0.0-SNAPSHOT",
}
},
"template" : {
"metadata" : {
"labels" : {
"app.kubernetes.io/name" : "test-quarkus-app",
"app.kubernetes.io/version" : "1.0.0-SNAPSHOT"
}
},
"spec" : {
"containers" : [ {
"env" : [ {
"name" : "KUBERNETES_NAMESPACE",
"valueFrom" : {
"fieldRef" : {
"fieldPath" : "metadata.namespace"
}
}
} ],
"image" : "yourDockerUsername/test-quarkus-app:1.0.0-SNAPSHOT",
"imagePullPolicy" : "Always",
"name" : "test-quarkus-app"
} ]
}
}
}
},
{
"apiVersion" : "v1",
"kind" : "Service",
"metadata" : {
"annotations": {
"app.quarkus.io/vcs-uri" : "<some url>",
"app.quarkus.io/commit-id" : "<some git SHA>",
},
"labels" : {
"app.kubernetes.io/name" : "test-quarkus-app",
"app.kubernetes.io/version" : "1.0.0-SNAPSHOT",
},
"name" : "test-quarkus-app"
},
"spec" : {
"ports" : [ {
"name" : "http",
"port" : 8080,
"targetPort" : 8080
} ],
"selector" : {
"app.kubernetes.io/name" : "test-quarkus-app",
"app.kubernetes.io/version" : "1.0.0-SNAPSHOT"
},
"type" : "ClusterIP"
}
}
}
The generated manifest can be applied to the cluster from the project root
using kubectl
:
kubectl apply -f target/kubernetes/kubernetes.json
An important thing to note about the Deployment
(or StatefulSet
) is that
is uses yourDockerUsername/test-quarkus-app:1.0.0-SNAPSHOT
as the
container image of the Pod
. The name of the image is controlled by the
Jib extension and can be customized using the usual
application.properties
.
For example with a configuration like:
quarkus.container-image.group=quarkus #optional, default to the system username
quarkus.container-image.name=demo-app #optional, defaults to the application name
quarkus.container-image.tag=1.0 #optional, defaults to the application version
The image that will be used in the generated manifests will be
quarkus/demo-app:1.0
Generating idempotent resources
When generating the Kubernetes manifests, Quarkus automatically adds some labels and annotations to give extra information about the generation date or versions. For example:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
app.quarkus.io/commit-id: 0f8b87788bc446a9347a7961bea8a60889fe1494
app.quarkus.io/build-timestamp: 2023-02-10 - 13:07:51 +0000
labels:
app.kubernetes.io/managed-by: quarkus
app.kubernetes.io/version: 0.0.1-SNAPSHOT
app.kubernetes.io/name: example
name: example
spec:
...
The app.quarkus.io/commit-id
, app.quarkus.io/build-timestamp
labels and
the app.kubernetes.io/version
annotation might change every time we
re-build the Kubernetes manifests which can be problematic when we want to
deploy these resources using a Git-Ops tool (because these tools will detect
differences and hence will perform a re-deployment).
To make the generated resources Git-Ops friendly and only produce idempotent resources (resources that won’t change every time we build the sources), we need to add the following property:
quarkus.kubernetes.idempotent=true
Moreover, by default the directory where the generated resources are created
is target/kubernetes
, to change it, we need to use:
quarkus.kubernetes.output-directory=target/kubernetes-with-idempotent
Note that the property |
Changing the generated deployment resource
Besides generating a Deployment
resource, you can also choose to generate
either a StatefulSet
, or a Job
, or a CronJob
resource instead via
application.properties
:
quarkus.kubernetes.deployment-kind=StatefulSet
Generating Job resources
If you want to generate a Job resource, you need to add the following
property to the application.properties
:
quarkus.kubernetes.deployment-kind=Job
If you are using the Picocli extension, by default a Job resource will be generated. |
You can provide the arguments that will be used by the Kubernetes Job via
the property quarkus.kubernetes.arguments
. For example, by adding the
property quarkus.kubernetes.arguments=A,B
.
Finally, the Kubernetes job will be launched every time it is installed in Kubernetes. You can know more about how to run Kubernetes jobs in this link.
You can configure the rest of the Kubernetes Job configuration using the
properties under quarkus.kubernetes.job.xxx
(see
link).
Generating CronJob resources
If you want to generate a CronJob resource, you need to add the following
property via the application.properties
:
quarkus.kubernetes.deployment-kind=CronJob
# Cron expression to run the job every hour
quarkus.kubernetes.cron-job.schedule=0 * * * *
CronJob resources require the Cron
expression to specify when to launch the job via the property
quarkus.kubernetes.cron-job.schedule . If not provide, the build will fail.
|
You can configure the rest of the Kubernetes CronJob configuration using the
properties under quarkus.kubernetes.cron-job.xxx
(see
link).
Namespace
By default, Quarkus omits the namespace in the generated manifests, rather
than enforce the default
namespace. That means that you can apply the
manifest to your chosen namespace when using kubectl
, which in the example
below is test
:
kubectl apply -f target/kubernetes/kubernetes.json -n=test
To specify the namespace in your manifest customize with the following
property in your application.properties
:
quarkus.kubernetes.namespace=mynamespace
Defining a Docker registry
The Docker registry can be specified with the following property:
quarkus.container-image.registry=my.docker-registry.net
By adding this property along with the rest of the container image
properties of the previous section, the generated manifests will use the
image my.docker-registry.net/quarkus/demo-app:1.0
. The image is not the
only thing that can be customized in the generated manifests, as will become
evident in the following sections.
Automatic generation of pull secrets
When docker registries are used, users often provide credentials, so that an image is built and pushed to the specified registry during the build.
quarkus.container-image.username=myusername
quarkus.container-image.password=mypassword
Kubernetes will also need these credentials when it comes to pull the image from the registry. This is where image pull secrets are used. An image pull secret is a special kind of secret that contains the required credentials. Quarkus can automatically generate and configure when:
quarkus.kubernetes.generate-image-pull-secret=true
More specifically a `Secret`like the one bellow is genrated:
apiVersion: v1
kind: Secret
metadata:
name: test-quarkus-app-pull-secret
data:
".dockerconfigjson": ewogCSJhdXRocyI6IHsKCQkibXkucmVnaXN0eS5vcmciOiB7CiAJCQkiYXV0aCI6ImJYbDFjMlZ5Ym1GdFpUcHRlWEJoYzNOM2IzSmsiCgkJfQoJfQp9
type: kubernetes.io/dockerconfigjson
And also test-quarkus-app-pull-secret
is added to the imagePullSecrets
list.
Labels and Annotations
Labels
The generated manifests use the Kubernetes
recommended
labels. These labels can be customized using quarkus.kubernetes.name
,
quarkus.kubernetes.version
and quarkus.kubernetes.part-of
. For example
by adding the following configuration to your application.properties
:
quarkus.kubernetes.part-of=todo-app
quarkus.kubernetes.name=todo-rest
quarkus.kubernetes.version=1.0-rc.1
As is described in detail in the OpenShift section,
customizing OpenShift (or Knative) properties is done in the same way, but
replacing
|
The labels in generated resources will look like:
"labels" : {
"app.kubernetes.io/part-of" : "todo-app",
"app.kubernetes.io/name" : "todo-rest",
"app.kubernetes.io/version" : "1.0-rc.1"
}
You can also remove the
|
Custom Labels
To add additional custom labels, for example foo=bar
just apply the
following configuration:
quarkus.kubernetes.labels.foo=bar
When using the quarkus-container-image-jib extension to build a container
image, then any label added via the aforementioned property will also be
added to the generated container image.
|
Annotations
Out of the box, the generated resources will be annotated with version control related information that can be used either by tooling, or by the user for troubleshooting purposes.
"annotations": {
"app.quarkus.io/vcs-uri" : "<some url>",
"app.quarkus.io/commit-id" : "<some git SHA>",
}
Custom Annotations
Custom annotations can be added in a way similar to labels.For example to
add the annotation foo=bar
and app.quarkus/id=42
just apply the
following configuration:
quarkus.kubernetes.annotations.foo=bar
quarkus.kubernetes.annotations."app.quarkus/id"=42
Environment variables
Kubernetes provides multiple ways of defining environment variables:
-
key/value pairs
-
import all values from a Secret or ConfigMap
-
interpolate a single value identified by a given field in a Secret or ConfigMap
-
interpolate a value from a field within the same resource
Environment variables from key/value pairs
To add a key/value pair as an environment variable in the generated resources:
quarkus.kubernetes.env.vars.my-env-var=foobar
The command above will add MY_ENV_VAR=foobar
as an environment variable.
Please note that the key my-env-var
will be converted to uppercase and
dashes will be replaced by underscores resulting in MY_ENV_VAR
.
Environment variables from Secret
To add all key/value pairs of Secret
as environment variables just apply
the following configuration, separating each Secret
to be used as source
by a comma (,
):
quarkus.kubernetes.env.secrets=my-secret,my-other-secret
which would generate the following in the container definition:
envFrom:
- secretRef:
name: my-secret
optional: false
- secretRef:
name: my-other-secret
optional: false
The following extracts a value identified by the keyName
field from the
my-secret
Secret into a foo
environment variable:
quarkus.kubernetes.env.mapping.foo.from-secret=my-secret
quarkus.kubernetes.env.mapping.foo.with-key=keyName
This would generate the following in the env
section of your container:
- env:
- name: FOO
valueFrom:
secretKeyRef:
key: keyName
name: my-secret
optional: false
Environment variables from ConfigMap
To add all key/value pairs from ConfigMap
as environment variables just
apply the following configuration, separating each ConfigMap
to be used as
source by a comma (,
):
quarkus.kubernetes.env.configmaps=my-config-map,another-config-map
which would generate the following in the container definition:
envFrom:
- configMapRef:
name: my-config-map
optional: false
- configMapRef:
name: another-config-map
optional: false
The following extracts a value identified by the keyName
field from the
my-config-map
ConfigMap into a foo
environment variable:
quarkus.kubernetes.env.mapping.foo.from-configmap=my-configmap
quarkus.kubernetes.env.mapping.foo.with-key=keyName
This would generate the following in the env
section of your container:
- env:
- name: FOO
valueFrom:
configMapKeyRef:
key: keyName
name: my-configmap
optional: false
Environment variables from fields
It’s also possible to use the value from another field to add a new environment variable by specifying the path of the field to be used as a source, as follows:
quarkus.kubernetes.env.fields.foo=metadata.name
As is described in detail in the OpenShift section,
customizing OpenShift properties is done in the same way, but replacing
|
Validation
A conflict between two definitions, e.g. mistakenly assigning both a value and specifying that a variable is derived from a field, will result in an error being thrown at build time so that you get the opportunity to fix the issue before you deploy your application to your cluster where it might be more difficult to diagnose the source of the issue.
Similarly, two redundant definitions, e.g. defining an injection from the same secret twice, will not cause an issue but will indeed report a warning to let you know that you might not have intended to duplicate that definition.
Backwards compatibility
Previous versions of the Kubernetes extension supported a different syntax to add environment variables. The older syntax is still supported but is deprecated, and it’s advised that you migrate to the new syntax.
Old |
New |
||
Plain variable |
|
|
|
From field |
|
|
|
All from |
|
|
|
All from |
|
|
|
From one |
|
|
|
|
|
||
From one |
|
|
|
|
|
If you redefine the same variable using the new syntax while keeping the old
syntax, ONLY the new version will be kept and a warning will be issued
to alert you of the problem.For example, if you define both
quarkus.kubernetes.env-vars.my-env-var.value=foobar and
quarkus.kubernetes.env.vars.my-env-var=newValue , the extension will only
generate an environment variable MY_ENV_VAR=newValue and issue a warning.
|
Mounting volumes
The Kubernetes extension allows the user to configure both volumes and mounts for the application. Any volume can be mounted with a simple configuration:
quarkus.kubernetes.mounts.my-volume.path=/where/to/mount
This will add a mount to the pod for volume my-volume
to path
/where/to/mount
. The volumes themselves can be configured as shown in the
sections below.
Passing application configuration
Quarkus supports passing configuration from external locations (via Smallrye Config). This usually requires setting an additional environment variable or system property. When you need to use a secret or a config map for the purpose of application configuration, you need to:
-
define a volume
-
mount the volume
-
create an environment variable for
SMALLRYE_CONFIG_LOCATIONS
To simplify things, quarkus provides single step alternative:
quarkus.kubernetes.app-secret=<name of the secret containing the configuration>
or
quarkus.kubernetes.app-config-map=<name of the config map containing the configuration>
When these properties are used, the generated manifests will contain
everything required. The application config volumes will be created using
path: /mnt/app-secret
and /mnt/app-config-map
for secrets and configmaps
respectively.
Note: Users may use both properties at the same time.
Changing the number of replicas:
To change the number of replicas from 1 to 3:
quarkus.kubernetes.replicas=3
Add readiness and liveness probes
By default, the Kubernetes resources do not contain readiness and liveness
probes in the generated Deployment
. Adding them however is just a matter
of adding the SmallRye Health extension like so:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-smallrye-health</artifactId>
</dependency>
implementation("io.quarkus:quarkus-smallrye-health")
The values of the generated probes will be determined by the configured
health properties: quarkus.smallrye-health.root-path
,
quarkus.smallrye-health.liveness-path
and
quarkus.smallrye-health.readiness-path
. More information about the health
extension can be found in the relevant guide.
Customizing the readiness probe
To set the initial delay of the probe to 20 seconds and the period to 45:
quarkus.kubernetes.readiness-probe.initial-delay=20s
quarkus.kubernetes.readiness-probe.period=45s
Add hostAliases
To add entries to a Pod’s /etc/hosts
file (more information can be found
in
Kubernetes
documentation), just apply the following configuration:
quarkus.kubernetes.hostaliases."10.0.0.0".hostnames=foo.com,bar.org
This would generate the following hostAliases
section in the deployment
definition:
kind: Deployment
spec:
template:
spec:
hostAliases:
- hostnames:
- foo.com
- bar.org
ip: 10.0.0.0
Container Resources Management
CPU & Memory limits and requests can be applied to a Container
(more info
in
Kubernetes
documentation) using the following configuration:
quarkus.kubernetes.resources.requests.memory=64Mi
quarkus.kubernetes.resources.requests.cpu=250m
quarkus.kubernetes.resources.limits.memory=512Mi
quarkus.kubernetes.resources.limits.cpu=1000m
This would generate the following entry in the container
section:
containers:
- resources:
limits:
cpu: 1000m
memory: 512Mi
requests:
cpu: 250m
memory: 64Mi
Exposing your application in Kubernetes
Kubernetes exposes applications using Ingress resources. To generate the Ingress resource, just apply the following configuration:
quarkus.kubernetes.ingress.expose=true
This would generate the following Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
app.quarkus.io/commit-id: a58d2211c86f07a47d4b073ea9ce000d2c6828d5
app.quarkus.io/build-timestamp: 2022-06-29 - 13:22:41 +0000
labels:
app.kubernetes.io/name: kubernetes-with-ingress
app.kubernetes.io/version: 0.1-SNAPSHOT
name: kubernetes-with-ingress
spec:
rules:
- http:
paths:
- backend:
service:
name: kubernetes-with-ingress
port:
name: http
path: /
pathType: Prefix
After deploying these resources to Kubernetes, the Ingress resource will allow unsecured connections to reach out your application.
Adding Ingress rules
To customize the default host
and path
properties of the generated
Ingress resources, you need to apply the following configuration:
quarkus.kubernetes.ingress.expose=true
# To change the Ingress host. By default, it's empty.
quarkus.kubernetes.ingress.host=prod.svc.url
# To change the Ingress path of the generated Ingress rule. By default, it's "/".
quarkus.kubernetes.ports.http.path=/prod
This would generate the following Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/name: kubernetes-with-ingress
app.kubernetes.io/version: 0.1-SNAPSHOT
name: kubernetes-with-ingress
spec:
rules:
- host: prod.svc.url
http:
paths:
- backend:
service:
name: kubernetes-with-ingress
port:
name: http
path: /prod
pathType: Prefix
Additionally, you can also add new Ingress rules by adding the following configuration:
# Example to add a new rule
quarkus.kubernetes.ingress.rules.1.host=dev.svc.url
quarkus.kubernetes.ingress.rules.1.path=/dev
quarkus.kubernetes.ingress.rules.1.path-type=ImplementationSpecific
# by default, path type is Prefix
# Example to add a new rule that use another service binding
quarkus.kubernetes.ingress.rules.2.host=alt.svc.url
quarkus.kubernetes.ingress.rules.2.path=/ea
quarkus.kubernetes.ingress.rules.2.service-name=updated-service
quarkus.kubernetes.ingress.rules.2.service-port-name=tcpurl
This would generate the following Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/name: kubernetes-with-ingress
app.kubernetes.io/version: 0.1-SNAPSHOT
name: kubernetes-with-ingress
spec:
rules:
- host: prod.svc.url
http:
paths:
- backend:
service:
name: kubernetes-with-ingress
port:
name: http
path: /prod
pathType: Prefix
- host: dev.svc.url
http:
paths:
- backend:
service:
name: kubernetes-with-ingress
port:
name: http
path: /dev
pathType: ImplementationSpecific
- host: alt.svc.url
http:
paths:
- backend:
service:
name: updated-service
port:
name: tcpurl
path: /ea
pathType: Prefix
Securing the Ingress resource
To secure the incoming connections, Kubernetes allows enabling TLS within the Ingress resource by specifying a Secret that contains a TLS private key and certificate. You can generate a secured Ingress resource by simply adding the "tls.secret-name" properties:
quarkus.kubernetes.ingress.expose=true
## Ingress TLS configuration:
quarkus.kubernetes.ingress.tls.my-secret.enabled=true
This configuration will generate the following secured Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
...
name: kubernetes-with-secure-ingress
spec:
rules:
...
tls:
- secretName: my-secret
Now, Kubernetes will validate all the incoming connections using SSL with the certificates provided within the secret with name "my-secret".
More information about how to create the secret in here. |
Using the Kubernetes client
Applications that are deployed to Kubernetes and need to access the API
server will usually make use of the kubernetes-client
extension:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-kubernetes-client</artifactId>
</dependency>
implementation("io.quarkus:quarkus-kubernetes-client")
To access the API server from within a Kubernetes cluster, some RBAC related
resources are required (e.g. a ServiceAccount, a RoleBinding). To ease the
usage of the kubernetes-client
extension, the kubernetes
extension is
going to generate a RoleBinding resource that binds a cluster role named
"view" to the application ServiceAccount resource. It’s important to note
that the cluster role "view" won’t be generated automatically, so it’s
expected that you have this cluster role with name "view" already installed
in your cluster.
On the other hand, you can fully customize the roles, subjects and role
bindings to generate using the properties under
quarkus.kubernetes.rbac.role-bindings
, and if present, the
kubernetes-client
extension will use it and hence won’t generate any
RoleBinding resource.
You can disable the RBAC resources generation using the property
|
Generating RBAC resources
In some scenarios, it’s necessary to generate additional
RBAC
resources that are used by Kubernetes to grant or limit access to other
resources. For example, in our use case, we are building
a
Kubernetes operator that needs to read the list of the installed
deployments. To do this, we would need to assign a service account to our
operator and link this service account with a role that grants access to the
Deployment resources. Let’s see how to do this using the
quarkus.kubernetes.rbac
properties:
# Generate the Role resource with name "my-role" (1)
quarkus.kubernetes.rbac.roles.my-role.policy-rules.0.api-groups=extensions,apps
quarkus.kubernetes.rbac.roles.my-role.policy-rules.0.resources=deployments
quarkus.kubernetes.rbac.roles.my-role.policy-rules.0.verbs=list
1 | In this example, the role "my-role" will be generated with a policy rule to get the list of deployments. |
By default, if one role is configured, a RoleBinding resource will be generated as well to link this role with the ServiceAccount resource.
Moreover, you can have more control over the RBAC resources to be generated:
# Generate Role resource with name "my-role" (1)
quarkus.kubernetes.rbac.roles.my-role.policy-rules.0.api-groups=extensions,apps
quarkus.kubernetes.rbac.roles.my-role.policy-rules.0.resources=deployments
quarkus.kubernetes.rbac.roles.my-role.policy-rules.0.verbs=get,watch,list
# Generate ServiceAccount resource with name "my-service-account" in namespace "my_namespace" (2)
quarkus.kubernetes.rbac.service-accounts.my-service-account.namespace=my_namespace
# Bind Role "my-role" with ServiceAccount "my-service-account" (3)
quarkus.kubernetes.rbac.role-bindings.my-role-binding.subjects.my-service-account.kind=ServiceAccount
quarkus.kubernetes.rbac.role-bindings.my-role-binding.subjects.my-service-account.namespace=my_namespace
quarkus.kubernetes.rbac.role-bindings.my-role-binding.role-name=my-role
1 | In this example, the role "my-role" will be generated with the specified policy rules. |
2 | Also, the service account "my-service-account" will be generated. |
3 | And we can configure the generated RoleBinding resource by selecting the role to be used and the subject. |
Finally, we can also generate the cluster wide role resource of "ClusterRole" kind and a "ClusterRoleBinding" resource as follows:
# Generate ClusterRole resource with name "my-cluster-role" (1)
quarkus.kubernetes.rbac.cluster-roles.my-cluster-role.policy-rules.0.api-groups=extensions,apps
quarkus.kubernetes.rbac.cluster-roles.my-cluster-role.policy-rules.0.resources=deployments
quarkus.kubernetes.rbac.cluster-roles.my-cluster-role.policy-rules.0.verbs=get,watch,list
# Bind the ClusterRole "my-cluster-role" with the application service account
quarkus.kubernetes.rbac.cluster-role-bindings.my-cluster-role-binding.subjects.manager.kind=Group
quarkus.kubernetes.rbac.cluster-role-bindings.my-cluster-role-binding.subjects.manager.api-group=rbac.authorization.k8s.io
quarkus.kubernetes.rbac.cluster-role-bindings.my-cluster-role-binding.role-name=my-cluster-role (2)
1 | In this example, the cluster role "my-cluster-role" will be generated with the specified policy rules. |
2 | The name of the ClusterRole resource to use. Role resources are namespace-based and hence not allowed in ClusterRoleBinding resources. |
Deploying to local Kubernetes
When deploying to local Kubernetes environments, users often perform minor changes to their manifests that simplify the development process. The most common changes are:
-
Setting
imagePullPolicy
toIfNotPresent
-
Using
NodePort
asService
type
Quarkus provides extensions that among others set these options by default. Such extensions are:
-
quarkus-minikube
-
quarkus-kind
If the list of extensions does not match the tool you are using (e.g. Docker
Desktop, microk8s etc) then it is suggested to use the quarkus-minikube
extension. as its defaults should be reasonable for most environments.
Deploying to Minikube
Minikube is quite popular when a
Kubernetes cluster is needed for development purposes. To make the
deployment to Minikube experience as frictionless as possible, Quarkus
provides the quarkus-minikube
extension. This extension can be added to a
project like so:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-minikube</artifactId>
</dependency>
implementation("io.quarkus:quarkus-minikube")
The purpose of this extension is to generate Kubernetes manifests
(minikube.yaml
and minikube.json
) that are tailored to Minikube. This
extension assumes a couple of things:
-
Users won’t be using an image registry and will instead make their container image accessible to the Kubernetes cluster by building it directly into Minikube’s Docker daemon. To use Minikube’s Docker daemon you must first execute:
eval $(minikube -p minikube docker-env)
-
Applications deployed to Kubernetes won’t be accessed via a Kubernetes
Ingress
, but rather as aNodePort
Service
. The advantage of doing this is that the URL of an application can be retrieved trivially by executing:minikube service list
To control the
nodePort
that is used in this case, users can set quarkus.kubernetes.node-port
.
Note however that this configuration is entirely optional because Quarkus
will automatically use a proper (and non-changing) value if none is set.
It is highly discouraged to use the manifests generated by the Minikube extension when deploying to production as these manifests are intended for development purposes only. When deploying to production, consider using the vanilla Kubernetes manifests (or the OpenShift ones when targeting OpenShift). |
If the assumptions the Minikube extension makes don’t fit your workflow, nothing prevents you from using the regular Kubernetes extension to generate Kubernetes manifests and apply those to your Minikube cluster. |
Deploying to Kind
Kind is another popular tool used as a Kubernetes
cluster for development purposes. To make the deployment to Kind experience
as frictionless as possible, Quarkus provides the quarkus-kind
extension. This extension can be added to a project like so:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-kind</artifactId>
</dependency>
The purpose of this extension is to generate Kubernetes manifests
(kind.yaml
and kind.json
) that are tailored to Kind and also to automate
the process of loading images to the cluster when performing container image
builds. The tailor made manifests will be pretty similar (they share the
same rules) with Minikube (see above).
Tuning the generated resources using application.properties
The Kubernetes extension allows tuning the generated manifest, using the
application.properties
file. Here are some examples:
Configuration options
The table below describe all the available configuration options.
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Type |
Default |
|
---|---|---|
The name of the group this component belongs too Environment variable: Show more |
string |
|
The name of the application. This value will be used for naming Kubernetes resources like: - Deployment - Service and so on … Environment variable: Show more |
string |
|
The version of the application. Environment variable: Show more |
string |
|
The kind of the deployment resource to use. Supported values are 'StatefulSet', 'Job', 'CronJob' and 'Deployment' defaulting to the latter. Environment variable: Show more |
|
|
The namespace the generated resources should belong to. If not value is set, then the 'namespace' field will not be added to the 'metadata' section of the generated manifests. This in turn means that when the manifests are applied to a cluster, the namespace will be resolved from the current Kubernetes context (see https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#context for more details). Environment variable: Show more |
string |
|
Whether to add the build timestamp to the Kubernetes annotations This is a very useful way to have manifests of successive builds of the same application differ - thus ensuring that Kubernetes will apply the updated resources Environment variable: Show more |
boolean |
|
Working directory Environment variable: Show more |
string |
|
list of string |
||
The arguments Environment variable: Show more |
list of string |
|
The service account Environment variable: Show more |
string |
|
The number of desired pods Environment variable: Show more |
int |
|
Specifies the deployment strategy. Environment variable: Show more |
|
|
Specifies the maximum number of Pods that can be unavailable during the update process. Environment variable: Show more |
string |
|
Specifies the maximum number of Pods that can be created over the desired number of Pods. Environment variable: Show more |
string |
|
The type of service that will be generated for the application Environment variable: Show more |
|
|
The nodePort to set when serviceType is set to node-port. Environment variable: Show more |
int |
|
Image pull policy Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
Enable generation of image pull secret, when the container image username and password are provided. Environment variable: Show more |
boolean |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
When true (the default), emit a set of annotations to identify services that should be scraped by prometheus for metrics. In configurations that use the Prometheus operator with ServiceMonitor, annotations may not be necessary. Environment variable: Show more |
boolean |
|
Define the annotation prefix used for scrape values, this value will be used as the base for other annotation name defaults. Altering the base for generated annotations can make it easier to define re-labeling rules and avoid unexpected knock-on effects. The default value is Environment variable: Show more |
string |
|
Define the annotation used to indicate services that should be scraped. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the path to scrape. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the port to scrape. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the scheme to use for scraping By default, Environment variable: Show more |
string |
|
EmptyDir volumes Environment variable: Show more |
list of string |
|
The target deployment platform. Defaults to kubernetes. Can be kubernetes, openshift, knative, minikube etc., or any combination of the above as comma separated list. Environment variable: Show more |
list of string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
If true, the service will be exposed Environment variable: Show more |
boolean |
|
The host under which the application is going to be exposed Environment variable: Show more |
string |
|
The default target named port. If not provided, it will be deducted from the Service resource ports. Options are: "http" and "https". Environment variable: Show more |
string |
|
The class of the Ingress. If the ingressClassName is omitted, a default Ingress class is used. Environment variable: Show more |
string |
|
Specifies the maximum desired number of pods the job should run at any given time. Environment variable: Show more |
int |
|
Specifies the desired number of successfully finished pods the job should be run with. Environment variable: Show more |
int |
|
CompletionMode specifies how Pod completions are tracked. Environment variable: Show more |
|
|
Specifies the number of retries before marking this job failed. Environment variable: Show more |
int |
|
Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. Environment variable: Show more |
long |
|
Limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. Environment variable: Show more |
int |
|
Suspend specifies whether the Job controller should create Pods or not. Environment variable: Show more |
boolean |
|
Restart policy when the job container fails. Environment variable: Show more |
|
|
The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. Environment variable: Show more |
string |
|
ConcurrencyPolicy describes how the job will be handled. Environment variable: Show more |
|
|
Deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones. Environment variable: Show more |
long |
|
Environment variable: |
int |
|
Environment variable: |
int |
|
Specifies the maximum desired number of pods the job should run at any given time. Environment variable: Show more |
int |
|
Specifies the desired number of successfully finished pods the job should be run with. Environment variable: Show more |
int |
|
CompletionMode specifies how Pod completions are tracked. Environment variable: Show more |
|
|
Specifies the number of retries before marking this job failed. Environment variable: Show more |
int |
|
Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. Environment variable: Show more |
long |
|
Limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. Environment variable: Show more |
int |
|
Suspend specifies whether the Job controller should create Pods or not. Environment variable: Show more |
boolean |
|
Restart policy when the job container fails. Environment variable: Show more |
|
|
If true, the 'app.kubernetes.io/version' label will be part of the selectors of Service and Deployment Environment variable: Show more |
boolean |
|
If true, the 'app.kubernetes.io/name' label will be part of the selectors of Service and Deployment Environment variable: Show more |
boolean |
|
If set to true, Quarkus will attempt to deploy the application to the target Kubernetes cluster Environment variable: Show more |
boolean |
|
If deploy is enabled, it will follow this strategy to update the resources to the target Kubernetes cluster. Environment variable: Show more |
|
|
If set, the secret will mounted to the application container and its contents will be used for application configuration. Environment variable: Show more |
string |
|
If set, the config map will be mounted to the application container and its contents will be used for application configuration. Environment variable: Show more |
string |
|
The SELinux level label that applies to the container. Environment variable: Show more |
string |
|
The SELinux role label that applies to the container. Environment variable: Show more |
string |
|
The SELinux type label that applies to the container. Environment variable: Show more |
string |
|
The SELinux user label that applies to the container. Environment variable: Show more |
string |
|
The name of the GMSA credential spec to use. Environment variable: Show more |
string |
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. Environment variable: Show more |
string |
|
The UserName in Windows to run the entrypoint of the container process. Environment variable: Show more |
string |
|
HostProcess determines if a container should be run as a 'Host Process' container. Environment variable: Show more |
boolean |
|
The UID to run the entrypoint of the container process. Environment variable: Show more |
long |
|
The GID to run the entrypoint of the container process. Environment variable: Show more |
long |
|
Indicates that the container must run as a non-root user. Environment variable: Show more |
boolean |
|
A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container. Environment variable: Show more |
list of long |
|
A special supplemental group that applies to all containers in a pod. Environment variable: Show more |
long |
|
Sysctls hold a list of namespaced sysctls used for the pod. Environment variable: Show more |
string |
|
It holds policies that will be used for applying fsGroup to a volume when volume is mounted. Values: OnRootMismatch, Always Environment variable: Show more |
|
|
If set, it will change the name of the container according to the configuration Environment variable: Show more |
string |
|
If true, the debug mode in pods will be enabled. Environment variable: Show more |
boolean |
|
The transport to use. Environment variable: Show more |
string |
|
If enabled, it means the JVM will wait for the debugger to attach before executing the main class. If false, the JVM will immediately execute the main class, while listening for the debugger connection. Environment variable: Show more |
string |
|
It specifies the address at which the debug socket will listen. Environment variable: Show more |
int |
|
If true, the init task will be generated. Otherwise, the init task resource generation will be skipped. Environment variable: Show more |
boolean |
|
The init task image to use by the init-container. Environment variable: Show more |
string |
|
Switch used to control whether non-idempotent fields are included in generated kubernetes resources to improve git-ops compatibility Environment variable: Show more |
boolean |
|
Optionally set directory generated kubernetes resources will be written to. Default is Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
Custom labels to add to all resources Environment variable: Show more |
|
|
Custom annotations to add to all resources Environment variable: Show more |
|
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
The name of the secret to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
The path where the file will be mounted. Environment variable: Show more |
string |
required |
It must be a value between 0000 and 0777. If not specified, the volume defaultMode will be used. Environment variable: Show more |
int |
|
Optional Environment variable: Show more |
boolean |
|
The name of the ConfigMap to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
The path where the file will be mounted. Environment variable: Show more |
string |
required |
It must be a value between 0000 and 0777. If not specified, the volume defaultMode will be used. Environment variable: Show more |
int |
|
Optional Environment variable: Show more |
boolean |
|
Git repository URL. Environment variable: Show more |
string |
required |
The directory of the repository to mount. Environment variable: Show more |
string |
|
The commit hash to use. Environment variable: Show more |
string |
|
The name of the claim to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
Optional Environment variable: Show more |
boolean |
|
The name of the disk to mount. Environment variable: Show more |
string |
required |
The partition. Environment variable: Show more |
int |
|
Filesystem type. Environment variable: Show more |
string |
|
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The share name. Environment variable: Show more |
string |
required |
The secret name. Environment variable: Show more |
string |
required |
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The name of the disk to mount. Environment variable: Show more |
string |
required |
The URI of the vhd blob object OR the resourceID of an Azure managed data disk if Kind is Managed Environment variable: Show more |
string |
required |
Kind of disk. Environment variable: Show more |
|
|
Disk caching mode. Environment variable: Show more |
|
|
File system type. Environment variable: Show more |
string |
|
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The container image. Environment variable: Show more |
string |
|
Working directory. Environment variable: Show more |
string |
|
The commands Environment variable: Show more |
list of string |
|
The arguments Environment variable: Show more |
list of string |
|
The service account. Environment variable: Show more |
string |
|
The host under which the application is going to be exposed. Environment variable: Show more |
string |
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
Image pull policy. Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
The container image. Environment variable: Show more |
string |
|
Working directory. Environment variable: Show more |
string |
|
The commands Environment variable: Show more |
list of string |
|
The arguments Environment variable: Show more |
list of string |
|
The service account. Environment variable: Show more |
string |
|
The host under which the application is going to be exposed. Environment variable: Show more |
string |
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
Image pull policy. Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
The ip address Environment variable: Show more |
string |
|
The hostnames to resolve to the ip Environment variable: Show more |
list of string |
|
The name of the role. Environment variable: Show more |
string |
|
The namespace of the role. Environment variable: Show more |
string |
|
Labels to add into the Role resource. Environment variable: Show more |
|
|
API groups of the policy rule. Environment variable: Show more |
list of string |
|
Non resource URLs of the policy rule. Environment variable: Show more |
list of string |
|
Resource names of the policy rule. Environment variable: Show more |
list of string |
|
Resources of the policy rule. Environment variable: Show more |
list of string |
|
Verbs of the policy rule. Environment variable: Show more |
list of string |
|
The name of the cluster role. Environment variable: Show more |
string |
|
Labels to add into the ClusterRole resource. Environment variable: Show more |
|
|
API groups of the policy rule. Environment variable: Show more |
list of string |
|
Non resource URLs of the policy rule. Environment variable: Show more |
list of string |
|
Resource names of the policy rule. Environment variable: Show more |
list of string |
|
Resources of the policy rule. Environment variable: Show more |
list of string |
|
Verbs of the policy rule. Environment variable: Show more |
list of string |
|
The name of the service account. Environment variable: Show more |
string |
|
The namespace of the service account. Environment variable: Show more |
string |
|
Labels of the service account. Environment variable: Show more |
|
|
If true, this service account will be used in the generated Deployment resource. Environment variable: Show more |
boolean |
|
Name of the RoleBinding resource to be generated. If not provided, it will use the application name plus the role ref name. Environment variable: Show more |
string |
|
Labels to add into the RoleBinding resource. Environment variable: Show more |
|
|
The name of the Role resource to use by the RoleRef element in the generated Role Binding resource. By default, it’s "view" role name. Environment variable: Show more |
string |
|
If the Role sets in the Environment variable: Show more |
boolean |
|
The "name" resource to use by the Subject element in the generated Role Binding resource. Environment variable: Show more |
string |
|
The "kind" resource to use by the Subject element in the generated Role Binding resource. By default, it uses the "ServiceAccount" kind. Environment variable: Show more |
string |
|
The "apiGroup" resource that matches with the "kind" property. By default, it’s empty. Environment variable: Show more |
string |
|
The "namespace" resource to use by the Subject element in the generated Role Binding resource. By default, it will use the same as provided in the generated resources. Environment variable: Show more |
string |
|
Name of the ClusterRoleBinding resource to be generated. If not provided, it will use the application name plus the role ref name. Environment variable: Show more |
string |
|
Labels to add into the RoleBinding resource. Environment variable: Show more |
|
|
The name of the ClusterRole resource to use by the RoleRef element in the generated ClusterRoleBinding resource. Environment variable: Show more |
string |
required |
The "name" resource to use by the Subject element in the generated Role Binding resource. Environment variable: Show more |
string |
|
The "kind" resource to use by the Subject element in the generated Role Binding resource. By default, it uses the "ServiceAccount" kind. Environment variable: Show more |
string |
|
The "apiGroup" resource that matches with the "kind" property. By default, it’s empty. Environment variable: Show more |
string |
|
The "namespace" resource to use by the Subject element in the generated Role Binding resource. By default, it will use the same as provided in the generated resources. Environment variable: Show more |
string |
|
Custom annotations to add to exposition (route or ingress) resources Environment variable: Show more |
|
|
If true, it will use the TLS configuration in the generated Ingress resource. Environment variable: Show more |
boolean |
|
The list of hosts to be included in the TLS certificate. By default, it will use the application host. Environment variable: Show more |
list of string |
|
The host under which the rule is going to be used. Environment variable: Show more |
string |
required |
The path under which the rule is going to be used. Default is "/". Environment variable: Show more |
string |
|
The path type strategy to use by the Ingress rule. Default is "Prefix". Environment variable: Show more |
string |
|
The service name to be used by this Ingress rule. Default is the generated service name of the application. Environment variable: Show more |
string |
|
The service port name to be used by this Ingress rule. Default is the port name of the generated service of the application. Environment variable: Show more |
string |
|
The service port number to be used by this Ingress rule. This is only used when the servicePortName is not set. Environment variable: Show more |
int |
|
If true, the init task will be generated. Otherwise, the init task resource generation will be skipped. Environment variable: Show more |
boolean |
|
The init task image to use by the init-container. Environment variable: Show more |
string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
Properties that use non-standard types, can be referenced by expanding the
property. For example to define a kubernetes-readiness-probe
which is of
type Probe
:
quarkus.kubernetes.readiness-probe.initial-delay=20s
quarkus.kubernetes.readiness-probe.period=45s
In this example initial-delay
and period
are fields of the type
Probe
. Below you will find tables describing all available types.
Client Connection Configuration
You may need to configure the connection to your Kubernetes cluster. By
default, it automatically uses the active context used by kubectl
.
For instance, if your cluster API endpoint uses a self-signed SSL Certificate you need to explicitly configure the client to trust it. You can achieve this by defining the following property:
quarkus.kubernetes-client.trust-certs=true
The full list of the Kubernetes client configuration properties is provided below.
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Type |
Default |
|
---|---|---|
Whether the client should trust a self-signed certificate if so presented by the API server Environment variable: Show more |
boolean |
|
URL of the Kubernetes API server Environment variable: Show more |
string |
|
Default namespace to use Environment variable: Show more |
string |
|
CA certificate file Environment variable: Show more |
string |
|
CA certificate data Environment variable: Show more |
string |
|
Client certificate file Environment variable: Show more |
string |
|
Client certificate data Environment variable: Show more |
string |
|
Client key file Environment variable: Show more |
string |
|
Client key data Environment variable: Show more |
string |
|
Client key algorithm Environment variable: Show more |
string |
|
Client key passphrase Environment variable: Show more |
string |
|
Kubernetes auth username Environment variable: Show more |
string |
|
Kubernetes auth password Environment variable: Show more |
string |
|
Kubernetes oauth token Environment variable: Show more |
string |
|
Watch reconnect interval Environment variable: Show more |
|
|
Maximum reconnect attempts in case of watch failure By default there is no limit to the number of reconnect attempts Environment variable: Show more |
int |
|
Maximum amount of time to wait for a connection with the API server to be established Environment variable: Show more |
|
|
Maximum amount of time to wait for a request to the API server to be completed Environment variable: Show more |
|
|
Maximum number of retry attempts for API requests that fail with an HTTP code of >= 500 Environment variable: Show more |
int |
|
Time interval between retry attempts for API requests that fail with an HTTP code of >= 500 Environment variable: Show more |
|
|
HTTP proxy used to access the Kubernetes API server Environment variable: Show more |
string |
|
HTTPS proxy used to access the Kubernetes API server Environment variable: Show more |
string |
|
Proxy username Environment variable: Show more |
string |
|
Proxy password Environment variable: Show more |
string |
|
IP addresses or hosts to exclude from proxying Environment variable: Show more |
list of string |
|
Enable the generation of the RBAC manifests. If enabled and no other role binding are provided using the properties Environment variable: Show more |
boolean |
|
Type |
Default |
|
If Dev Services for Kubernetes should be used. (default to true) If this is true and kubernetes client is not configured then a kubernetes cluster will be started and will be used. Environment variable: Show more |
boolean |
|
The kubernetes api server version to use. If not set, Dev Services for Kubernetes will use the latest supported version of the given flavor. see https://github.com/dajudge/kindcontainer/blob/master/k8s-versions.json Environment variable: Show more |
string |
|
The flavor to use (kind, k3s or api-only). Default to api-only. Environment variable: Show more |
|
|
By default, if a kubeconfig is found, Dev Services for Kubernetes will not start. Set this to true to override the kubeconfig config. Environment variable: Show more |
boolean |
|
Indicates if the Kubernetes cluster managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for Kubernetes starts a new container. The discovery uses the Container sharing is only used in dev mode. Environment variable: Show more |
boolean |
|
The value of the This property is used when you need multiple shared Kubernetes clusters. Environment variable: Show more |
string |
|
Environment variables that are passed to the container. Environment variable: Show more |
|
OpenShift
One way to deploy an application to OpenShift is to use s2i (source to image) to create an image stream from the source and then deploy the image stream:
quarkus extension remove kubernetes,jib
quarkus extension add openshift
oc new-project quarkus-project
quarkus build -Dquarkus.container-image.build=true
oc new-app --name=greeting quarkus-project/kubernetes-quickstart:1.0.0-SNAPSHOT
oc expose svc/greeting
oc get route
curl <route>/greeting
./mvnw quarkus:remove-extension -Dextensions="kubernetes, jib"
./mvnw quarkus:add-extension -Dextensions="openshift"
oc new-project quarkus-project
./mvnw clean package -Dquarkus.container-image.build=true
oc new-app --name=greeting quarkus-project/kubernetes-quickstart:1.0.0-SNAPSHOT
oc expose svc/greeting
oc get route
curl <route>/greeting
./gradlew removeExtension --extensions="kubernetes, jib"
./gradlew addExtension --extensions="openshift"
oc new-project quarkus-project
./gradlew build -Dquarkus.container-image.build=true
oc new-app --name=greeting quarkus-project/kubernetes-quickstart:1.0.0-SNAPSHOT
oc expose svc/greeting
oc get route
curl <route>/greeting
See further information in Deploying to OpenShift.
A description of OpenShift resources and customisable properties is given below alongside Kubernetes resources to show similarities where applicable. This includes an alternative to oc new-app …
above, i.e. oc apply -f target/kubernetes/openshift.json
.
To enable the generation of OpenShift resources, you need to include OpenShift in the target platforms:
quarkus.kubernetes.deployment-target=openshift
If you need to generate resources for both platforms (vanilla Kubernetes and OpenShift), then you need to include both (comma separated).
quarkus.kubernetes.deployment-target=kubernetes,openshift
Following the execution of ./mvnw package
-Dquarkus.container-image.build=true
you will notice amongst the other
files that are created, two files named openshift.json
and openshift.yml
in the target/kubernetes/
directory.
These manifests can be deployed as is to a running cluster, using kubectl
:
kubectl apply -f target/kubernetes/openshift.json
OpenShift’s users might want to use oc
rather than kubectl
:
oc apply -f target/kubernetes/openshift.json
For users that prefer to keep the application.properties
independent of
the deployment platform, the deployment target can be specified directly in
the deploy command by adding
-Dquarkus.kubernetes.deployment-target=openshift
in addition to
-Dquarkus.kubernetes.deploy=true
. Furthermore, Quarkus allows collapsing
the two properties into one: -Dquarkus.openshift.deploy=true
.
./mvnw clean package -Dquarkus.openshift.deploy=true
The equivalent with gradle:
./gradlew build -Dquarkus.openshift.deploy=true
In case that both properties are used with conflicting values
quarkus.kubernetes.deployment-target
is used.
Quarkus also provides the OpenShift
extension. This extension is basically a wrapper around the Kubernetes
extension and relieves OpenShift users of the necessity of setting the
deployment-target property to openshift
|
The OpenShift resources can be customized in a similar approach with Kubernetes.
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Type |
Default |
|
---|---|---|
The OpenShift flavor / version to use. Older versions of OpenShift have minor differences in the labels and fields they support. This option allows users to have their manifests automatically aligned to the OpenShift 'flavor' they use. Environment variable: Show more |
|
|
The kind of the deployment resource to use. Supported values are 'Deployment', 'StatefulSet', 'Job', 'CronJob' and 'DeploymentConfig' defaulting to the latter. Environment variable: Show more |
|
|
The name of the group this component belongs too Environment variable: Show more |
string |
|
The name of the application. This value will be used for naming Kubernetes resources like: 'Deployment', 'Service' and so on… Environment variable: Show more |
string |
|
The version of the application. Environment variable: Show more |
string |
|
The namespace the generated resources should belong to. If not value is set, then the 'namespace' field will not be added to the 'metadata' section of the generated manifests. This in turn means that when the manifests are applied to a cluster, the namespace will be resolved from the current Kubernetes context (see https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#context for more details). Environment variable: Show more |
string |
|
Add the build timestamp to the Kubernetes annotations This is a very useful way to have manifests of successive builds of the same application differ - thus ensuring that Kubernetes will apply the updated resources Environment variable: Show more |
boolean |
|
Working directory Environment variable: Show more |
string |
|
list of string |
||
The arguments Environment variable: Show more |
list of string |
|
The service account Environment variable: Show more |
string |
|
The number of desired pods Environment variable: Show more |
int |
|
The type of service that will be generated for the application Environment variable: Show more |
|
|
The nodePort to set when serviceType is set to nodePort Environment variable: Show more |
int |
|
Image pull policy Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
Enable generation of image pull secret, when the container image username and password are provided. Environment variable: Show more |
boolean |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
When true (the default), emit a set of annotations to identify services that should be scraped by prometheus for metrics. In configurations that use the Prometheus operator with ServiceMonitor, annotations may not be necessary. Environment variable: Show more |
boolean |
|
Define the annotation prefix used for scrape values, this value will be used as the base for other annotation name defaults. Altering the base for generated annotations can make it easier to define re-labeling rules and avoid unexpected knock-on effects. The default value is Environment variable: Show more |
string |
|
Define the annotation used to indicate services that should be scraped. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the path to scrape. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the port to scrape. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the scheme to use for scraping By default, Environment variable: Show more |
string |
|
EmptyDir volumes Environment variable: Show more |
list of string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
If set, it will change the name of the container according to the configuration Environment variable: Show more |
string |
|
If true, the service will be exposed Environment variable: Show more |
boolean |
|
The host under which the application is going to be exposed Environment variable: Show more |
string |
|
The target named port. If not provided, it will be deducted from the Service resource ports. Options are: "http" and "https". Environment variable: Show more |
string |
|
The cert authority certificate contents. Environment variable: Show more |
string |
|
The certificate contents. Environment variable: Show more |
string |
|
The contents of the ca certificate of the final destination. Environment variable: Show more |
string |
|
The desired behavior for insecure connections to a route. Environment variable: Show more |
string |
|
The key file contents. Environment variable: Show more |
string |
|
The termination type. Environment variable: Show more |
string |
|
If true, the 'app.kubernetes.io/version' label will be part of the selectors of Service and DeploymentConfig Environment variable: Show more |
boolean |
|
If true, the 'app.kubernetes.io/name' label will be part of the selectors of Service and Deployment Environment variable: Show more |
boolean |
|
Specifies the maximum desired number of pods the job should run at any given time. Environment variable: Show more |
int |
|
Specifies the desired number of successfully finished pods the job should be run with. Environment variable: Show more |
int |
|
CompletionMode specifies how Pod completions are tracked. Environment variable: Show more |
|
|
Specifies the number of retries before marking this job failed. Environment variable: Show more |
int |
|
Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. Environment variable: Show more |
long |
|
Limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. Environment variable: Show more |
int |
|
Suspend specifies whether the Job controller should create Pods or not. Environment variable: Show more |
boolean |
|
Restart policy when the job container fails. Environment variable: Show more |
|
|
The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. Environment variable: Show more |
string |
|
ConcurrencyPolicy describes how the job will be handled. Environment variable: Show more |
|
|
Deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones. Environment variable: Show more |
long |
|
Environment variable: |
int |
|
Environment variable: |
int |
|
Specifies the maximum desired number of pods the job should run at any given time. Environment variable: Show more |
int |
|
Specifies the desired number of successfully finished pods the job should be run with. Environment variable: Show more |
int |
|
CompletionMode specifies how Pod completions are tracked. Environment variable: Show more |
|
|
Specifies the number of retries before marking this job failed. Environment variable: Show more |
int |
|
Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. Environment variable: Show more |
long |
|
Limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. Environment variable: Show more |
int |
|
Suspend specifies whether the Job controller should create Pods or not. Environment variable: Show more |
boolean |
|
Restart policy when the job container fails. Environment variable: Show more |
|
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
If set, the secret will mounted to the application container and its contents will be used for application configuration. Environment variable: Show more |
string |
|
If set, the config amp will be mounted to the application container and its contents will be used for application configuration. Environment variable: Show more |
string |
|
The SELinux level label that applies to the container. Environment variable: Show more |
string |
|
The SELinux role label that applies to the container. Environment variable: Show more |
string |
|
The SELinux type label that applies to the container. Environment variable: Show more |
string |
|
The SELinux user label that applies to the container. Environment variable: Show more |
string |
|
The name of the GMSA credential spec to use. Environment variable: Show more |
string |
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. Environment variable: Show more |
string |
|
The UserName in Windows to run the entrypoint of the container process. Environment variable: Show more |
string |
|
HostProcess determines if a container should be run as a 'Host Process' container. Environment variable: Show more |
boolean |
|
The UID to run the entrypoint of the container process. Environment variable: Show more |
long |
|
The GID to run the entrypoint of the container process. Environment variable: Show more |
long |
|
Indicates that the container must run as a non-root user. Environment variable: Show more |
boolean |
|
A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container. Environment variable: Show more |
list of long |
|
A special supplemental group that applies to all containers in a pod. Environment variable: Show more |
long |
|
Sysctls hold a list of namespaced sysctls used for the pod. Environment variable: Show more |
string |
|
It holds policies that will be used for applying fsGroup to a volume when volume is mounted. Values: OnRootMismatch, Always Environment variable: Show more |
|
|
If true, the debug mode in pods will be enabled. Environment variable: Show more |
boolean |
|
The transport to use. Environment variable: Show more |
string |
|
If enabled, it means the JVM will wait for the debugger to attach before executing the main class. If false, the JVM will immediately execute the main class, while listening for the debugger connection. Environment variable: Show more |
string |
|
It specifies the address at which the debug socket will listen. Environment variable: Show more |
int |
|
If set to true, Quarkus will attempt to deploy the application to the target Openshift cluster Environment variable: Show more |
boolean |
|
If deploy is enabled, it will follow this strategy to update the resources to the target OpenShift cluster. Environment variable: Show more |
|
|
If true, the init task will be generated. Otherwise, the init task resource generation will be skipped. Environment variable: Show more |
boolean |
|
The init task image to use by the init-container. Environment variable: Show more |
string |
|
Switch used to control whether non-idempotent fields are included in generated kubernetes resources to improve git-ops compatibility Environment variable: Show more |
boolean |
|
Custom labels to add to all resources Environment variable: Show more |
|
|
Custom annotations to add to all resources Environment variable: Show more |
|
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
The name of the secret to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
The path where the file will be mounted. Environment variable: Show more |
string |
required |
It must be a value between 0000 and 0777. If not specified, the volume defaultMode will be used. Environment variable: Show more |
int |
|
Optional Environment variable: Show more |
boolean |
|
The name of the ConfigMap to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
The path where the file will be mounted. Environment variable: Show more |
string |
required |
It must be a value between 0000 and 0777. If not specified, the volume defaultMode will be used. Environment variable: Show more |
int |
|
Optional Environment variable: Show more |
boolean |
|
Git repository URL. Environment variable: Show more |
string |
required |
The directory of the repository to mount. Environment variable: Show more |
string |
|
The commit hash to use. Environment variable: Show more |
string |
|
The name of the claim to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
Optional Environment variable: Show more |
boolean |
|
The name of the disk to mount. Environment variable: Show more |
string |
required |
The partition. Environment variable: Show more |
int |
|
Filesystem type. Environment variable: Show more |
string |
|
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The share name. Environment variable: Show more |
string |
required |
The secret name. Environment variable: Show more |
string |
required |
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The name of the disk to mount. Environment variable: Show more |
string |
required |
The URI of the vhd blob object OR the resourceID of an Azure managed data disk if Kind is Managed Environment variable: Show more |
string |
required |
Kind of disk. Environment variable: Show more |
|
|
Disk caching mode. Environment variable: Show more |
|
|
File system type. Environment variable: Show more |
string |
|
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The container image. Environment variable: Show more |
string |
|
Working directory. Environment variable: Show more |
string |
|
The commands Environment variable: Show more |
list of string |
|
The arguments Environment variable: Show more |
list of string |
|
The service account. Environment variable: Show more |
string |
|
The host under which the application is going to be exposed. Environment variable: Show more |
string |
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
Image pull policy. Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
The container image. Environment variable: Show more |
string |
|
Working directory. Environment variable: Show more |
string |
|
The commands Environment variable: Show more |
list of string |
|
The arguments Environment variable: Show more |
list of string |
|
The service account. Environment variable: Show more |
string |
|
The host under which the application is going to be exposed. Environment variable: Show more |
string |
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
Image pull policy. Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
The ip address Environment variable: Show more |
string |
|
The hostnames to resolve to the ip Environment variable: Show more |
list of string |
|
Custom annotations to add to exposition (route or ingress) resources Environment variable: Show more |
|
|
The name of the role. Environment variable: Show more |
string |
|
The namespace of the role. Environment variable: Show more |
string |
|
Labels to add into the Role resource. Environment variable: Show more |
|
|
API groups of the policy rule. Environment variable: Show more |
list of string |
|
Non resource URLs of the policy rule. Environment variable: Show more |
list of string |
|
Resource names of the policy rule. Environment variable: Show more |
list of string |
|
Resources of the policy rule. Environment variable: Show more |
list of string |
|
Verbs of the policy rule. Environment variable: Show more |
list of string |
|
The name of the cluster role. Environment variable: Show more |
string |
|
Labels to add into the ClusterRole resource. Environment variable: Show more |
|
|
API groups of the policy rule. Environment variable: Show more |
list of string |
|
Non resource URLs of the policy rule. Environment variable: Show more |
list of string |
|
Resource names of the policy rule. Environment variable: Show more |
list of string |
|
Resources of the policy rule. Environment variable: Show more |
list of string |
|
Verbs of the policy rule. Environment variable: Show more |
list of string |
|
The name of the service account. Environment variable: Show more |
string |
|
The namespace of the service account. Environment variable: Show more |
string |
|
Labels of the service account. Environment variable: Show more |
|
|
If true, this service account will be used in the generated Deployment resource. Environment variable: Show more |
boolean |
|
Name of the RoleBinding resource to be generated. If not provided, it will use the application name plus the role ref name. Environment variable: Show more |
string |
|
Labels to add into the RoleBinding resource. Environment variable: Show more |
|
|
The name of the Role resource to use by the RoleRef element in the generated Role Binding resource. By default, it’s "view" role name. Environment variable: Show more |
string |
|
If the Role sets in the Environment variable: Show more |
boolean |
|
The "name" resource to use by the Subject element in the generated Role Binding resource. Environment variable: Show more |
string |
|
The "kind" resource to use by the Subject element in the generated Role Binding resource. By default, it uses the "ServiceAccount" kind. Environment variable: Show more |
string |
|
The "apiGroup" resource that matches with the "kind" property. By default, it’s empty. Environment variable: Show more |
string |
|
The "namespace" resource to use by the Subject element in the generated Role Binding resource. By default, it will use the same as provided in the generated resources. Environment variable: Show more |
string |
|
Name of the ClusterRoleBinding resource to be generated. If not provided, it will use the application name plus the role ref name. Environment variable: Show more |
string |
|
Labels to add into the RoleBinding resource. Environment variable: Show more |
|
|
The name of the ClusterRole resource to use by the RoleRef element in the generated ClusterRoleBinding resource. Environment variable: Show more |
string |
required |
The "name" resource to use by the Subject element in the generated Role Binding resource. Environment variable: Show more |
string |
|
The "kind" resource to use by the Subject element in the generated Role Binding resource. By default, it uses the "ServiceAccount" kind. Environment variable: Show more |
string |
|
The "apiGroup" resource that matches with the "kind" property. By default, it’s empty. Environment variable: Show more |
string |
|
The "namespace" resource to use by the Subject element in the generated Role Binding resource. By default, it will use the same as provided in the generated resources. Environment variable: Show more |
string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
If true, the init task will be generated. Otherwise, the init task resource generation will be skipped. Environment variable: Show more |
boolean |
|
The init task image to use by the init-container. Environment variable: Show more |
string |
|
Knative
To enable the generation of Knative resources, you need to include Knative in the target platforms:
quarkus.kubernetes.deployment-target=knative
Following the execution of ./mvnw package
you will notice amongst the
other files that are created, two files named knative.json
and
knative.yml
in the target/kubernetes/
directory.
If you look at either file you will see that it contains a Knative
Service
.
The full source of the knative.json
file looks something like this:
{
{
"apiVersion" : "serving.quarkus.knative.dev/v1alpha1",
"kind" : "Service",
"metadata" : {
"annotations": {
"app.quarkus.io/vcs-uri" : "<some url>",
"app.quarkus.io/commit-id" : "<some git SHA>"
},
"labels" : {
"app.kubernetes.io/name" : "test-quarkus-app",
"app.kubernetes.io/version" : "1.0.0-SNAPSHOT"
},
"name" : "knative"
},
"spec" : {
"runLatest" : {
"configuration" : {
"revisionTemplate" : {
"spec" : {
"container" : {
"image" : "dev.local/yourDockerUsername/test-quarkus-app:1.0.0-SNAPSHOT",
"imagePullPolicy" : "Always"
}
}
}
}
}
}
}
}
The generated manifest can be deployed as is to a running cluster, using
kubectl
:
kubectl apply -f target/kubernetes/knative.json
The generated service can be customized using the following properties:
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Type |
Default |
|
---|---|---|
The name of the group this component belongs too Environment variable: Show more |
string |
|
The name of the application. This value will be used for naming Kubernetes resources like: - Deployment - Service and so on … Environment variable: Show more |
string |
|
The version of the application. Environment variable: Show more |
string |
|
The namespace the generated resources should belong to. If not value is set, then the 'namespace' field will not be added to the 'metadata' section of the generated manifests. This in turn means that when the manifests are applied to a cluster, the namespace will be resolved from the current Kubernetes context (see https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#context for more details). Environment variable: Show more |
string |
|
Whether to add the build timestamp to the Kubernetes annotations This is a very useful way to have manifests of successive builds of the same application differ - thus ensuring that Kubernetes will apply the updated resources Environment variable: Show more |
boolean |
|
Working directory Environment variable: Show more |
string |
|
list of string |
||
list of string |
||
The service account Environment variable: Show more |
string |
|
The type of service that will be generated for the application Environment variable: Show more |
|
|
Image pull policy Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
Enable generation of image pull secret, when the container image username and password are provided. Environment variable: Show more |
boolean |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
When true (the default), emit a set of annotations to identify services that should be scraped by prometheus for metrics. In configurations that use the Prometheus operator with ServiceMonitor, annotations may not be necessary. Environment variable: Show more |
boolean |
|
Define the annotation prefix used for scrape values, this value will be used as the base for other annotation name defaults. Altering the base for generated annotations can make it easier to define re-labeling rules and avoid unexpected knock-on effects. The default value is Environment variable: Show more |
string |
|
Define the annotation used to indicate services that should be scraped. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the path to scrape. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the port to scrape. By default, Environment variable: Show more |
string |
|
Define the annotation used to indicate the scheme to use for scraping By default, Environment variable: Show more |
string |
|
EmptyDir volumes Environment variable: Show more |
list of string |
|
If set, it will change the name of the container according to the configuration Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
If true, the 'app.kubernetes.io/version' label will be part of the selectors of Service and Deployment Environment variable: Show more |
boolean |
|
If true, the 'app.kubernetes.io/name' label will be part of the selectors of Service and Deployment Environment variable: Show more |
boolean |
|
Switch used to control whether non-idempotent fields are included in generated kubernetes resources to improve git-ops compatibility Environment variable: Show more |
boolean |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
Whether this service is cluster-local. Cluster local services are not exposed to the outside world. More information in this link. Environment variable: Show more |
boolean |
|
This value controls the minimum number of replicas each revision should have. Knative will attempt to never have less than this number of replicas at any point in time. Environment variable: Show more |
int |
|
This value controls the maximum number of replicas each revision should have. Knative will attempt to never have more than this number of replicas running, or in the process of being created, at any point in time. Environment variable: Show more |
int |
|
The scale-to-zero values control whether Knative allows revisions to scale down to zero, or stops at “1”. Environment variable: Show more |
boolean |
|
The Autoscaler class. Knative Serving comes with its own autoscaler, the KPA (Knative Pod Autoscaler) but can also be configured to use Kubernetes’ HPA (Horizontal Pod Autoscaler) or even a custom third-party autoscaler. Possible values (kpa, hpa, default: kpa). Environment variable: Show more |
|
|
The autoscaling metric to use. Possible values (concurrency, rps, cpu). Environment variable: Show more |
|
|
The autoscaling target. Environment variable: Show more |
int |
|
The exact amount of requests allowed to the replica at a time. Its default value is “0”, which means an unlimited number of requests are allowed to flow into the replica. Environment variable: Show more |
int |
|
This value specifies a percentage of the target to actually be targeted by the autoscaler. Environment variable: Show more |
int |
|
The Autoscaler class. Knative Serving comes with its own autoscaler, the KPA (Knative Pod Autoscaler) but can also be configured to use Kubernetes’ HPA (Horizontal Pod Autoscaler) or even a custom third-party autoscaler. Possible values (kpa, hpa, default: kpa). Environment variable: Show more |
|
|
The exact amount of requests allowed to the replica at a time. Its default value is “0”, which means an unlimited number of requests are allowed to flow Integer>o the replica. Environment variable: Show more |
int |
|
This value specifies a percentage of the target to actually be targeted by the autoscaler. Environment variable: Show more |
int |
|
The requests per second per replica. Environment variable: Show more |
int |
|
The name of the revision. Environment variable: Show more |
string |
|
If set, the secret will mounted to the application container and its contents will be used for application configuration. Environment variable: Show more |
string |
|
If set, the config map will be mounted to the application container and its contents will be used for application configuration. Environment variable: Show more |
string |
|
The SELinux level label that applies to the container. Environment variable: Show more |
string |
|
The SELinux role label that applies to the container. Environment variable: Show more |
string |
|
The SELinux type label that applies to the container. Environment variable: Show more |
string |
|
The SELinux user label that applies to the container. Environment variable: Show more |
string |
|
The name of the GMSA credential spec to use. Environment variable: Show more |
string |
|
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. Environment variable: Show more |
string |
|
The UserName in Windows to run the entrypoint of the container process. Environment variable: Show more |
string |
|
HostProcess determines if a container should be run as a 'Host Process' container. Environment variable: Show more |
boolean |
|
The UID to run the entrypoint of the container process. Environment variable: Show more |
long |
|
The GID to run the entrypoint of the container process. Environment variable: Show more |
long |
|
Indicates that the container must run as a non-root user. Environment variable: Show more |
boolean |
|
A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container. Environment variable: Show more |
list of long |
|
A special supplemental group that applies to all containers in a pod. Environment variable: Show more |
long |
|
Sysctls hold a list of namespaced sysctls used for the pod. Environment variable: Show more |
string |
|
It holds policies that will be used for applying fsGroup to a volume when volume is mounted. Values: OnRootMismatch, Always Environment variable: Show more |
|
|
If set to true, Quarkus will attempt to deploy the application to the target knative cluster Environment variable: Show more |
boolean |
|
If deploy is enabled, it will follow this strategy to update the resources to the target Knative cluster. Environment variable: Show more |
|
|
Custom labels to add to all resources Environment variable: Show more |
|
|
Custom annotations to add to all resources Environment variable: Show more |
|
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
The name of the secret to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
The path where the file will be mounted. Environment variable: Show more |
string |
required |
It must be a value between 0000 and 0777. If not specified, the volume defaultMode will be used. Environment variable: Show more |
int |
|
Optional Environment variable: Show more |
boolean |
|
The name of the ConfigMap to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
The path where the file will be mounted. Environment variable: Show more |
string |
required |
It must be a value between 0000 and 0777. If not specified, the volume defaultMode will be used. Environment variable: Show more |
int |
|
Optional Environment variable: Show more |
boolean |
|
Git repository URL. Environment variable: Show more |
string |
required |
The directory of the repository to mount. Environment variable: Show more |
string |
|
The commit hash to use. Environment variable: Show more |
string |
|
The name of the claim to mount. Environment variable: Show more |
string |
required |
Default mode. When specifying an octal number, leading zero must be present. Environment variable: Show more |
string |
|
Optional Environment variable: Show more |
boolean |
|
The name of the disk to mount. Environment variable: Show more |
string |
required |
The partition. Environment variable: Show more |
int |
|
Filesystem type. Environment variable: Show more |
string |
|
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The share name. Environment variable: Show more |
string |
required |
The secret name. Environment variable: Show more |
string |
required |
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The name of the disk to mount. Environment variable: Show more |
string |
required |
The URI of the vhd blob object OR the resourceID of an Azure managed data disk if Kind is Managed Environment variable: Show more |
string |
required |
Kind of disk. Environment variable: Show more |
|
|
Disk caching mode. Environment variable: Show more |
|
|
File system type. Environment variable: Show more |
string |
|
Whether the volumeName is read only or not. Environment variable: Show more |
boolean |
|
The container image. Environment variable: Show more |
string |
|
Working directory. Environment variable: Show more |
string |
|
The commands Environment variable: Show more |
list of string |
|
The arguments Environment variable: Show more |
list of string |
|
The service account. Environment variable: Show more |
string |
|
The host under which the application is going to be exposed. Environment variable: Show more |
string |
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
Image pull policy. Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
The container image. Environment variable: Show more |
string |
|
Working directory. Environment variable: Show more |
string |
|
The commands Environment variable: Show more |
list of string |
|
The arguments Environment variable: Show more |
list of string |
|
The service account. Environment variable: Show more |
string |
|
The host under which the application is going to be exposed. Environment variable: Show more |
string |
|
The port number. Refers to the container port. Environment variable: Show more |
int |
|
The host port. Environment variable: Show more |
int |
|
The application path (refers to web application path). Environment variable: Show more |
string |
|
The protocol. Environment variable: Show more |
|
|
Environment variable: |
int |
|
If enabled, the port will be configured to use the schema HTTPS. Environment variable: Show more |
boolean |
|
Image pull policy. Environment variable: Show more |
|
|
The image pull secret Environment variable: Show more |
list of string |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The port number to use when configuring the Environment variable: Show more |
int |
|
The port name for selecting the port of the Environment variable: Show more |
string |
|
The http path to use for the probe. For this to work, the container port also needs to be set. Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an HTTP probe will be used automatically even if no path is set (which will result in the root path being used). If Smallrye Health is used, the path will automatically be set according to the health check path. Environment variable: Show more |
string |
|
The scheme of the Environment variable: Show more |
string |
|
The command to use for the probe. Environment variable: Show more |
string |
|
The tcp socket to use for the probe (the format is host:port). Environment variable: Show more |
string |
|
The gRPC port to use for the probe (the format is either port or port:service). Environment variable: Show more |
string |
|
If enabled and Environment variable: Show more |
boolean |
|
The amount of time to wait before starting to probe. Environment variable: Show more |
|
|
The period in which the action should be called. Environment variable: Show more |
|
|
The amount of time to wait for each action. Environment variable: Show more |
|
|
The success threshold to use. Environment variable: Show more |
int |
|
The failure threshold to use. Environment variable: Show more |
int |
|
The name of the volumeName to mount. Environment variable: Show more |
string |
|
The path to mount. Environment variable: Show more |
string |
|
Path within the volumeName from which the container’s volumeName should be mounted. Environment variable: Show more |
string |
|
ReadOnly Environment variable: Show more |
boolean |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
CPU Requirements Environment variable: Show more |
string |
|
Memory Requirements Environment variable: Show more |
string |
|
The optional list of Secret names to load environment variables from. Environment variable: Show more |
list of string |
|
The optional list of ConfigMap names to load environment variables from. Environment variable: Show more |
list of string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
The ip address Environment variable: Show more |
string |
|
The hostnames to resolve to the ip Environment variable: Show more |
list of string |
|
The name of the role. Environment variable: Show more |
string |
|
The namespace of the role. Environment variable: Show more |
string |
|
Labels to add into the Role resource. Environment variable: Show more |
|
|
API groups of the policy rule. Environment variable: Show more |
list of string |
|
Non resource URLs of the policy rule. Environment variable: Show more |
list of string |
|
Resource names of the policy rule. Environment variable: Show more |
list of string |
|
Resources of the policy rule. Environment variable: Show more |
list of string |
|
Verbs of the policy rule. Environment variable: Show more |
list of string |
|
The name of the cluster role. Environment variable: Show more |
string |
|
Labels to add into the ClusterRole resource. Environment variable: Show more |
|
|
API groups of the policy rule. Environment variable: Show more |
list of string |
|
Non resource URLs of the policy rule. Environment variable: Show more |
list of string |
|
Resource names of the policy rule. Environment variable: Show more |
list of string |
|
Resources of the policy rule. Environment variable: Show more |
list of string |
|
Verbs of the policy rule. Environment variable: Show more |
list of string |
|
The name of the service account. Environment variable: Show more |
string |
|
The namespace of the service account. Environment variable: Show more |
string |
|
Labels of the service account. Environment variable: Show more |
|
|
If true, this service account will be used in the generated Deployment resource. Environment variable: Show more |
boolean |
|
Name of the RoleBinding resource to be generated. If not provided, it will use the application name plus the role ref name. Environment variable: Show more |
string |
|
Labels to add into the RoleBinding resource. Environment variable: Show more |
|
|
The name of the Role resource to use by the RoleRef element in the generated Role Binding resource. By default, it’s "view" role name. Environment variable: Show more |
string |
|
If the Role sets in the Environment variable: Show more |
boolean |
|
The "name" resource to use by the Subject element in the generated Role Binding resource. Environment variable: Show more |
string |
|
The "kind" resource to use by the Subject element in the generated Role Binding resource. By default, it uses the "ServiceAccount" kind. Environment variable: Show more |
string |
|
The "apiGroup" resource that matches with the "kind" property. By default, it’s empty. Environment variable: Show more |
string |
|
The "namespace" resource to use by the Subject element in the generated Role Binding resource. By default, it will use the same as provided in the generated resources. Environment variable: Show more |
string |
|
Name of the ClusterRoleBinding resource to be generated. If not provided, it will use the application name plus the role ref name. Environment variable: Show more |
string |
|
Labels to add into the RoleBinding resource. Environment variable: Show more |
|
|
The name of the ClusterRole resource to use by the RoleRef element in the generated ClusterRoleBinding resource. Environment variable: Show more |
string |
required |
The "name" resource to use by the Subject element in the generated Role Binding resource. Environment variable: Show more |
string |
|
The "kind" resource to use by the Subject element in the generated Role Binding resource. By default, it uses the "ServiceAccount" kind. Environment variable: Show more |
string |
|
The "apiGroup" resource that matches with the "kind" property. By default, it’s empty. Environment variable: Show more |
string |
|
The "namespace" resource to use by the Subject element in the generated Role Binding resource. By default, it will use the same as provided in the generated resources. Environment variable: Show more |
string |
|
The map associating environment variable names to their associated field references they take their value from. Environment variable: Show more |
|
|
The map associating environment name to its associated value. Environment variable: Show more |
|
|
The optional name of the Secret from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with Environment variable: Show more |
string |
|
The key identifying the field from which the value is extracted. Environment variable: Show more |
string |
required |
Tag is optionally used to expose a dedicated url for referencing this target exclusively. Environment variable: Show more |
string |
|
RevisionName of a specific revision to which to send this portion of traffic. Environment variable: Show more |
string |
|
LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty. Environment variable: Show more |
boolean |
|
Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is to be routed to this Revision or Configuration. Environment variable: Show more |
long |
|
Deployment targets
Mentioned in the previous sections was the concept of
deployment-target
. This concept allows users to control which Kubernetes
manifests will be generated and deployed to a cluster (if
quarkus.kubernetes.deploy
has been set to true
).
By default, when no deployment-target
is set, then only vanilla Kubernetes
resources are generated and deployed. When multiple values are set (for
example quarkus.kubernetes.deployment-target=kubernetes,openshift
) then
the resources for all targets are generated, but only the resources that
correspond to the first target are applied to the cluster (if deployment
is enabled).
For users that prefer to keep the application.properties
independent of
the deployment platform, the deployment target can be specified directly in
the deploy command by adding
-Dquarkus.kubernetes.deployment-target=knative
in addition to
-Dquarkus.knative.deploy=true
. Furthermore, Quarkus allows collapsing the
two properties into one: -Dquarkus.knative.deploy=true
.
./mvnw clean package -Dquarkus.knative.deploy=true
The equivalent with gradle:
./gradlew build -Dquarkus.knative.deploy=true
In case that both properties are used with conflicting values
-Dquarkus.kubernetes.deployment-target
is used.
In the case of wrapper extensions like OpenShift and Minikube, when these
extensions have been explicitly added to the project, the default
deployment-target
is set by those extensions. For example if
quarkus-minikube
has been added to a project, then minikube
becomes the
default deployment target and its resources will be applied to the
Kubernetes cluster when deployment via quarkus.kubernetes.deploy
has been
set. Users can still override the deployment-targets manually using
quarkus.kubernetes.deployment-target
.
Deprecated configuration
The following categories of configuration properties have been deprecated.
Properties without the quarkus prefix
In earlier versions of the extension, the quarkus.
was missing from those
properties. These properties are now deprecated.
Docker and S2i properties
The properties for configuring docker
and s2i
are also deprecated in
favor of the new container-image extensions.
Config group arrays
Properties referring to config group arrays (e.g. kubernetes.labels[0]
,
kubernetes.env-vars[0]
etc) have been converted to Maps to align with the
rest of the Quarkus ecosystem.
The code below demonstrates the change in labels
config:
# Old labels config:
kubernetes.labels[0].name=foo
kubernetes.labels[0].value=bar
# New labels
quarkus.kubernetes.labels.foo=bar
The code below demonstrates the change in env-vars
config:
# Old env-vars config:
kubernetes.env-vars[0].name=foo
kubernetes.env-vars[0].configmap=my-configmap
# New env-vars
quarkus.kubernetes.env-vars.foo.configmap=myconfigmap
env-vars
properties
quarkus.kubernetes.env-vars
are deprecated (though still currently
supported as of this writing) and the new declaration style should be used
instead. See Environment variables and more specifically
Backwards compatibility for more details.
Deployment
To trigger building and deploying a container image you need to enable the
quarkus.kubernetes.deploy
flag (the flag is disabled by default -
furthermore it has no effect during test runs or dev mode). This can be
easily done with the command line:
./mvnw clean package -Dquarkus.kubernetes.deploy=true
Building a container image
Building a container image is possible, using any of the 3 available
container-image
extensions:
Each time deployment is requested, a container image build will be implicitly triggered (no additional properties are required when the Kubernetes deployment has been enabled).
Deploying
When deployment is enabled, the Kubernetes extension will select the
resources specified by quarkus.kubernetes.deployment-target
and deploy
them. This assumes that a .kube/config
is available in your user
directory that points to the target Kubernetes cluster. In other words the
extension will use whatever cluster kubectl
uses. The same applies to
credentials.
At the moment no additional options are provided for further customization.
Remote Debugging
To remotely debug applications that are running on a kubernetes environment,
we need to deploy the application as described in the previous section and
add as new property: quarkus.kubernetes.remote-debug.enabled=true
. This
property will automatically configure the Java application to append the
java agent configuration (for example:
-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005
) and
also the service resource to listen using the java agent port.
After your application has been deployed with the debug enabled, next you need to tunnel the traffic from your local host machine to the specified port of the java agent:
kubectl port-forward svc/<application name> 5005:5005
Using this command, you’ll forward the traffic from the "localhost:5005" to
the kubernetes service running the java agent using the port "5005" which is
the one that the java agent uses by default for remote debugging. You can
also configure another java agent port using the property
quarkus.kubernetes.remote-debug.address-port
.
Finally, all you need to do is to configure your favorite IDE to attach the
java agent process that is forwarded to localhost:5005
and start to debug
your application. For example, in IntelliJ IDEA, you can follow
this
tutorial to debug remote applications.
Using existing resources
Sometimes it’s desirable to either provide additional resources (e.g. a
ConfigMap, a Secret, a Deployment for a database) or provide custom ones
that will be used as a base
for the generation process. Those resources
can be added under src/main/kubernetes
directory and can be named after
the target environment (e.g. kubernetes.json, openshift.json, knative.json,
or the yml equivalents). The correlation between provided and generated
files is done by file name. So, a kubernetes.json
/kubernetes.yml
file
added in src/main/kubernetes
will only affect the generated
kubernetes.json
/kubernetes.yml
. An openshift.json
/openshift.yml
file
added in src/main/kubernetes
will only affect the generated
openshift.json
/openshift.yml
. A knative.json
/knative.yml
file added
in src/main/kubernetes
will only affect the generated
knative.json
/knative.yml
and so on. The provided file may be either in
json or yaml format and may contain one or more resources. These resources
will end up in both generated formats (json and yaml). For example, a secret
added in src/main/kubernetes/kubernetes.yml
will be added to both the
generated kubernetes.yml
and kubernetes.json
.
Note: At the time of writing there is no mechanism in place that allows a
one-to-many relationship between provided and generated files. Minikube is
not an exception to the rule above, so if you want to customize the
generated minikube manifests, the file placed under src/main/kubernetes
will have to be named minikube.json
or minikube.yml
(naming it
kubernetes.yml
or kubernetes.json
will result in having only the
generated kubernetes.yml
and kubernetes.json
affected).
Any resource found will be added in the generated manifests. Global modifications (e.g. labels, annotations) will also be applied to those resources. If one of the provided resources has the same name as one of the generated ones, then the generated resource will be created on top of the provided resource, respecting existing content when possible (e.g. existing labels, annotations, environment variables, mounts, replicas etc).
The name of the resource is determined by the application name and may be
overridden by quarkus.kubernetes.name
, quarkus.openshift.name
and
quarkus.knative.name
.
For example, in the kubernetes-quickstart
application, we can add a
kubernetes.yml
file in the src/main/kubernetes
that looks like:
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-quickstart
labels:
app: quickstart
spec:
replicas: 3
selector:
matchLabels:
app: quickstart
template:
metadata:
labels:
app: quickstart
spec:
containers:
- name: kubernetes-quickstart
image: someimage:latest
ports:
- containerPort: 80
env:
- name: FOO
value: BAR
The generated kubernetes.yml
will look like:
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
annotations:
app.quarkus.io/build-timestamp: "2020-04-10 - 12:54:37 +0000"
labels:
app: "quickstart"
name: "kubernetes-quickstart"
spec:
replicas: 3 (1)
selector:
matchLabels:
app.kubernetes.io/name: "kubernetes-quickstart"
app.kubernetes.io/version: "1.0.0-SNAPSHOT"
template:
metadata:
annotations:
app.quarkus.io/build-timestamp: "2020-04-10 - 12:54:37 +0000"
labels:
app: "quickstart" (2)
spec:
containers:
- env:
- name: "FOO" (3)
value: "BAR"
image: "<<yourDockerUsername>>/kubernetes-quickstart:1.0.0-SNAPSHOT" (4)
imagePullPolicy: "Always"
name: "kubernetes-quickstart"
ports:
- containerPort: 8080 (5)
name: "http"
protocol: "TCP"
serviceAccount: "kubernetes-quickstart"
The provided replicas <1>, labels <2> and environment variables <3> were retained. However, the image <4> and container port <5> were modified. Moreover, the default annotations have been added.
|
Using common resources
When generating the manifests for multiple deployment targets like
Kubernetes, OpenShift or Knative, we can place the common resources in
src/main/kubernetes/common.yml
, so these resources will be integrated into
the generated kubernetes.json
/kubernetes.yml
, and
openshift.json
/openshift.yml
files (if you configure the Kubernetes and
Openshift extensions at the same time).
For example, we can write a ConfigMap resource only once in the file
src/main/kubernetes/common.yml
:
apiVersion: v1
kind: ConfigMap
metadata:
name: common-configmap
data:
hello: world
And this config map resource will be integrated into the generated
kubernetes.json
/kubernetes.yml
, and openshift.json
/openshift.yml
files.
Service Binding
Quarkus supports the Service Binding Specification for Kubernetes to bind services to applications.
Specifically, Quarkus implements the Workload Projection part of the specification, therefore allowing applications to bind to services, such as a Database or a Broker, without the need for user configuration.
To enable Service Binding for supported extensions, add the
quarkus-kubernetes-service-binding
extension to the application
dependencies.
-
The following extensions can be used with Service Binding and are supported for Workload Projection:
-
quarkus-jdbc-mariadb
-
quarkus-jdbc-mssql
-
quarkus-jdbc-mysql
-
quarkus-jdbc-postgresql
-
quarkus-mongodb-client
-
quarkus-kafka-client
-
quarkus-smallrye-reactive-messaging-kafka
-
quarkus-reactive-db2-client
-
quarkus-reactive-mssql-client
-
quarkus-reactive-mysql-client
-
quarkus-reactive-oracle-client
-
quarkus-reactive-pg-client
-
quarkus-infinispan-client
-
Workload Projection
Workload Projection is a process of obtaining the configuration for services
from the Kubernetes cluster. This configuration takes the form of directory
structures that follow certain conventions and is attached to an application
or to a service as a mounted volume. The kubernetes-service-binding
extension uses this directory structure to create configuration sources,
which allows you to configure additional modules, such as databases or
message brokers.
During application development, users can use workload projection to connect their application to a development database, or other locally-run services, without changing the actual application code or configuration.
For an example of a workload projection where the directory structure is included in the test resources and passed to integration test, see the Kubernetes Service Binding datasource GitHub repository.
|
Introduction to the Service Binding Operator
The Service Binding Operator is an Operator that implements Service Binding Specification for Kubernetes and is meant to simplify the binding of services to an application. Containerized applications that support Workload Projection obtain service binding information in the form of volume mounts. The Service Binding Operator reads binding service information and mounts it to the application containers that need it.
The correlation between application and bound services is expressed through
the ServiceBinding
resources, which declares the intent of what services
are meant to be bound to what application.
The Service Binding Operator watches for ServiceBinding
resources, which
inform the Operator what applications are meant to be bound with what
services. When a listed application is deployed, the Service Binding
Operator collects all the binding information that must be passed to the
application, then upgrades the application container by attaching a volume
mount with the binding information.
The Service Binding Operator completes the following actions:
-
Observes
ServiceBinding
resources for workloads intended to be bound to a particular service -
Applies the binding information to the workload using volume mounts
The following chapter describes the automatic and semi-automatic service
binding approaches and their use cases. With either approach, the
kubernetes-service-binding
extension generates a ServiceBinding
resource. With the semi-automatic approach, users must provide a
configuration for target services manually. With the automatic approach, for
a limited set of services generating the ServiceBinding
resource, no
additional configuration is needed.
Semi-automatic service binding
A service binding process starts with a user specification of required
services that will be bound to a certain application. This expression is
summarized in the ServiceBinding
resource that is generated by the
kubernetes-service-binding
extension. The use of the
kubernetes-service-binding
extensions helps users to generate
ServiceBinding
resources with minimal configuration, therefore simplifying
the process overall.
The Service Binding Operator responsible for the binding process then reads
the information from the ServiceBinding
resource and mounts the required
files to a container accordingly.
-
An example of the
ServiceBinding
resource:apiVersion: binding.operators.coreos.com/v1beta1 kind: ServiceBinding metadata: name: binding-request namespace: service-binding-demo spec: application: name: java-app group: apps version: v1 resource: deployments services: - group: postgres-operator.crunchydata.com version: v1beta1 kind: Database name: db-demo id: postgresDB
-
The
quarkus-kubernetes-service-binding
extension provides a more compact way of expressing the same information. For example:quarkus.kubernetes-service-binding.services.db-demo.api-version=postgres-operator.crunchydata.com/v1beta1 quarkus.kubernetes-service-binding.services.db-demo.kind=Database
-
After adding the earlier configuration properties inside your
application.properties
, the quarkus-kubernetes
, in combination with the
quarkus-kubernetes-service-binding
extension, automatically generates the
ServiceBinding
resource.
The earlier mentioned db-demo
property-configuration identifier now has a
double role and also completes the following actions:
-
Correlates and groups
api-version
andkind
properties together -
Defines the
name
property for the custom resource with a possibility for a later edit. For example:quarkus.kubernetes-service-binding.services.db-demo.api-version=postgres-operator.crunchydata.com/v1beta1 quarkus.kubernetes-service-binding.services.db-demo.kind=Database quarkus.kubernetes-service-binding.services.db-demo.name=my-db
-
For a semi-automatic service binding demonstration, see How to use Quarkus with the Service Binding Operator
Automatic service binding
The quarkus-kubernetes-service-binding
extension can generate the
ServiceBinding
resource automatically after detecting that an application
requires access to the external services that are provided by available
bindable Operators.
Automatic service binding can be generated for a limited number of service types. To be consistent with established terminology for Kubernetes and Quarkus services, this chapter refers to these service types as kinds. |
Operator |
API Version |
Kind |
|
|
postgres-operator.crunchydata.com/v1beta1 |
PostgresCluster |
|
|
pxc.percona.com/v1-9-0 |
PerconaXtraDBCluster |
|
|
psmdb.percona.com/v1-9-0 |
PerconaServerMongoDB |
Automatic datasource binding
For traditional databases, automatic binding is initiated whenever a datasource is configured as follows:
quarkus.datasource.db-kind=postgresql
The previous configuration, combined with the presence of
quarkus-datasource
, quarkus-jdbc-postgresql
, quarkus-kubernetes
, and
quarkus-kubernetes-service-binding
properties in the application, results
in the generation of the ServiceBinding
resource for the postgresql
database type.
By using the apiVersion
and kind
properties of the Operator resource,
which matches the used postgresql
Operator, the generated ServiceBinding
resource binds the service or resource to the application.
When you do not specify a name for your database service, the value of the
db-kind
property is used as the default name.
services:
- apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
name: postgresql
Specified the name of the datasource as follows:
quarkus.datasource.fruits-db.db-kind=postgresql
The service
in the generated ServiceBinding
then displays as follows:
services:
- apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
name: fruits-db
Similarly, if you use mysql
, the name of the datasource can be specified
as follows:
quarkus.datasource.fruits-db.db-kind=mysql
The generated service
contains the following:
services:
- apiVersion: pxc.percona.com/v1-9-0
kind: PerconaXtraDBCluster
name: fruits-db
Customizing Automatic Service Binding
Even though automatic binding was developed to eliminate as much manual
configuration as possible, there are cases where modifying the generated
ServiceBinding
resource might still be needed. The generation process
exclusively relies on information extracted from the application and the
knowledge of the supported Operators, which may not reflect what is deployed
in the cluster. The generated resource is based purely on the knowledge of
the supported bindable Operators for popular service kinds and a set of
conventions that were developed to prevent possible mismatches, such as:
-
The target resource name does not match the datasource name
-
A specific Operator needs to be used rather than the default Operator for that service kind
-
Version conflicts that occur when a user needs to use any other version than default or latest
-
The target resource coordinates are determined based on the type of Operator and the kind of service.
-
The target resource name is set by default to match the service kind, such as
postgresql
,mysql
,mongo
. -
For named datasources, the name of the datasource is used.
-
For named
mongo
clients, the name of the client is used.
For cases in which you need to modify the generated ServiceBinding
to fix
a name mismatch, use the quarkus.kubernetes-service-binding.services
properties and specify the service’s name as the service key.
The service key
is usually the name of the service, for example the name
of the datasource, or the name of the mongo
client. When this value is not
available, the datasource type, such as postgresql
, mysql
, mongo
, is
used instead.
To avoid naming conflicts between different types of services, prefix the
service key
with a specific datasource type, such as
postgresql-<person>
.
The following example shows how to customize the apiVersion
property of
the PostgresCluster
resource:
quarkus.datasource.db-kind=postgresql
quarkus.kubernetes-service-binding.services.postgresql.api-version=postgres-operator.crunchydata.com/v1beta2
In Example 1, the db-kind
(postgresql
) was used as a service key. In this
example, because the datasource is named, according to convention, the
datasource name (fruits-db
) is used instead.
The following example shows that for a named datasource, the datasource name is used as the name of the target resource:
quarkus.datasource.fruits-db.db-kind=postgresql
This has the same effect as the following configuration:
quarkus.kubernetes-service-binding.services.fruits-db.api-version=postgres-operator.crunchydata.com/v1beta1
quarkus.kubernetes-service-binding.services.fruits-db.kind=PostgresCluster
quarkus.kubernetes-service-binding.services.fruits-db.name=fruits-db
-
For more details about the available properties and how do they work, see the Workload Projection part of the Service Binding specification.