Azure App Configuration mounting as JSON in Kubernetes

When looking for a relatively easy method to make use of Azure App Configuration (AAC) (and secrets referenced in Azure Key Vault (AKV)), the official provider is limited to mounting values sourced from a single AAC per file. Additionally, multiple target ConfigMaps or Secrets using the same AAC will result in multiple requests to AAC. The preferred solution was to mount a set of values from multiple configs as a single JSON file, one AAC instance being used to populate multiple ConfigMaps or Secrets and all configured in a Kubernetes-native way (i.e. manifests).

The App Config Provider from Can Support Me (currently in a pre-RC state although about to go to RC soon) does exactly this. It uses Kubernetes manifests, based around two custom resource definitions (CRDs) to define app configs and target data objects (TDOs). The latter of these allows config entries from one or more AACs (including linked secrets in AKV) to be combined into a single JSON file which is then stored in either a ConfigMap or Secret, as desired. This can then be mounted into your pod as a file.

The source AACs are fetched periodically (this can be managed so usage limits aren’t exceeded) and created objects are updated periodically to ensure the contents has the latest values from config and also any manual changes to the ConfigMaps or Secrets are reset. If the update interval is set to 87 seconds or longer, a free instance of AAC will not hit usage limits.

Authentication to AAC and AKV can be done via either a managed identity or a service principal.

By default, logging is done to the console but logging to Seq is also supported.

Whilst the project is currently closed source, it may be open sourced at a later stage. The project is based around .NET 7 with the intention to update to .NET 8 before .NET 7 goes out of support in May 2024.