Kubernetes Config Extension autorefresh

[Alex Soto Bueno]

Hi mates, I've got one quick question, does Kubernetes Config Extension supports autorefresh of config maps or secrets so when a ConfigMap value changes the change is populated to the application?

Spring Boot for example supports a polling strategy for detecting these changes.

Alex.

[Alex Soto Bueno]

It only refreshes the parameters annotated with @Value. I don't know how they deal with Hibernate. If you check Spring Boot Kubernetes ConfigMap extension you'll see this refresh attribute.

On Tue, Aug 10, 2021 at 3:25 PM Roberto Cortez <radc...@yahoo.com> wrote:

Hi Alex,

It does not support refresh.

This has been a recurrent topic (about configuration refresh), and we usually advice not to do it, simple because at the moment there is no way to tell which configuration can be safely reloaded or not, or if it has any affect at all.

How does Spring deals with this? For instance, regarding Hibernate configuration? Do they restart the application? Or just ignore it?

Cheers,

Roberto

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/c23fcab5-75f9-4b1f-8031-ac3349c693een%40googlegroups.com.

[Roberto Cortez]

Hi Alex,

It does not support refresh.

This has been a recurrent topic (about configuration refresh), and we usually advice not to do it, simple because at the moment there is no way to tell which configuration can be safely reloaded or not, or if it has any affect at all.

How does Spring deals with this? For instance, regarding Hibernate configuration? Do they restart the application? Or just ignore it?

Cheers,

Roberto

On 10 Aug 2021, at 12:58, Alex Soto Bueno <asot...@redhat.com> wrote:

[Roberto Cortez]

Ok, so most likely only user configuration. I’ll try to have a look into it.

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAOaD6kL-grv47RzCUsPBRUOJu%2B%3DybqhZb-REhfipL930rn_UwA%40mail.gmail.com.

[Max Rydahl Andersen]

what data is it you want refreshed ?

we have some support for refreshing credentials - wondering if we could limit it to that and handle 80% of cases that way ?

/max

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAOaD6kL-grv47RzCUsPBRUOJu%2B%3DybqhZb-REhfipL930rn_UwA%40mail.gmail.com.

/max
https://xam.dk/about

[Stuart Douglas]

On Wed, 25 Aug 2021 at 17:33, Max Rydahl Andersen <mand...@redhat.com> wrote:

what data is it you want refreshed ?

we have some support for refreshing credentials - wondering if we could limit it to that and handle 80% of cases that way ?

I have thought about how to do this, and it would only be for targeted things. e.g. if we wanted to support this for datasources you would:

- Hide all DataSources behind a proxy

- When the config was changed start up a new DataSource with this new config

- Once the new DataSource is ready have the proxy start forwarding all calls to the new datasource

- track the outstanding connections one the old datasource and when it hits zero close the datasource

I don't really know if we want to do this though, its a lot of work, and needs a lot of infrastructure to actually notify when the values have changed.

Stuart

 

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/F98C767C-7347-4D9A-ABDD-3F8EB2748557%40redhat.com.

[Alex Soto Bueno]

Regarding DataSources, I think Vault extension is doing this with the dynamic DB secrets

[Stephane Epardaud]

Why would it even make sense to refresh the config without restarting the app?

I mean, outside of k8s if you want your Quarkus app to change config in prod mode, you have to restart it.

I know on linux you can reload some application configs with a special signal, but until Quarkus supports it generally, I don't see why we would support it for k8s only?

And we're telling people you can restart a Quarkus app super fast, so why would we go through the trouble of supporting general config reload?

Plus on k8s there's ways to trigger app restarts rollouts without down-time so, again, not sure what the point even is.

Am I missing something?

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAOaD6kJ6uegZ81xQ2QFLZo7ENqnGiWu9K4GrscuPxkwtLyd3zw%40mail.gmail.com.

--

Stéphane Épardaud

[Georgios Andrianakis]

FWIW, I've always been against this as I believe that it just gets too complicated unless you restart the application.

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAKU9E9tikbr2h5couJaYo9135pj_fKv%3D7%3DHdq8cqYcNd4doD0Q%40mail.gmail.com.

[Thomas Qvarnstrom]

While I agree that there are lots of internal configurations of Quarkus that we do not want to support hot reloading off I do think that there are use-cases for custom configurations that would benefit from having hot-reload. Imo the issue is that we need to express what can be reloaded and what cannot. Maybe a warning in the logs if you try to change a parameter that requires a restart?

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CALeTM-%3Dq6tK6ie%3DJVP9CyFDiucsZ3MnMiv3QpVJxqAU%3DB-ATtQ%40mail.gmail.com.

[Max Rydahl Andersen]

I have the same concerns but for credentials I've now bumped into a few examples
where companies refresh their credentials very often (multiple time daily) for
so claimed security reasons.

Meaning you can have services receiving a request and then midstream loose access to
some other service.

Yes, they should make their system resilient against that - which they do; by enabling refresh
of the credentials so it does not become a problem that requires them to cancel N amount of requests
to recover for this.

I don't like it but what is the alternative ?

/max

/max
https://xam.dk/about

[Loïc MATHIEU]

Hi,

A side topic but some config system allow to create watch on a config entry to be notified of a modification.
This is supported by Zookeep and Consul for example.
Then the application code should take the needed action to refresh it's state when  change occurs.

Maybe such notification system can be easier to implement, and still provides some way to react to topic changes.

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/31C20FD3-E4C4-4145-8F85-F89E67BC870F%40redhat.com.

[swidersk...@gmail.com]

Maybe it would make sense to combine this with health check? When the config change is discovered the health check is marking service as unhealthy and thus let Kubernetes to bounce the service and start it with updated config.

Just a wild thought as it allows to rely on already existing features.

Maciej

To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAJLxjVH1DEGNozVcjYMv4Y_fKOTo-wRxgkr-PQPKXN1SSPJtNg%40mail.gmail.com.

[Kristijan Rusu]

If I may chip in, this can be very useful for user provided configurations (i.e. business logic) configurations which are mostly used with simple if checks. It can be useful in other stuff like logging and such. No one wants to refresh build time configurations like context path or similar properties.
Btw not everyone will use Quarkus with k8s, additionally some of the use cases may be for long running services. 

Regards, Christian