Table of Contents
Configuration Management Documentation
This directory contains comprehensive documentation for Blueberry IDP's configuration management system.
Overview
Blueberry IDP uses a layered approach to configuration management, combining multiple sources and validation systems to provide secure, flexible, and maintainable configuration options.
Directory Structure
π§ Loading
Configuration loading mechanisms and priority systems
- Settings class initialization
- Environment variable handling
- Configuration file processing
- Priority resolution logic
π Secrets
Secret management workflows and security patterns
- Google Secret Manager integration
- Lazy loading patterns
- Workload Identity configuration
- Secret synchronization processes
β Validation
Configuration validation and warning systems
- User input validation
- Field constraint checking
- Resource specification validation
- Warning generation and feedback
π Overrides
Runtime override system and value processing
- Helm values processing
- Override categories and rules
- Computed value generation
- Non-overridable field protection
βΈοΈ Kubernetes
Kubernetes deployment configuration
- Helm chart integration
- ConfigMap and Secret management
- Pod configuration injection
- External Secrets Operator workflows
π Workflows
Environment creation and management workflows
- Environment provisioning
- Configuration set processing
- Validation pipelines
- Error handling and recovery
Key Concepts
Configuration Priority
- Environment Variables (highest priority)
- config/app_config.yaml (file configuration)
- Default Values (lowest priority)
Secret Management
- Central storage in Google Secret Manager
- Lazy loading for performance
- Secure access via Workload Identity
- Automatic synchronization to Kubernetes
Validation Layers
- Schema validation against default values
- Resource constraint checking
- Security policy enforcement
- User feedback and warnings
Override Categories
- Required: Always overridden at runtime
- Computed: Dynamically calculated
- Non-Overridable: System managed
- Extendable: User modifiable
Getting Started
- Start with Loading to understand configuration initialization
- Review Secrets for security patterns
- Check Validation for constraint rules
- Explore Overrides for runtime processing
- Study Kubernetes for deployment integration
- Follow Workflows for end-to-end processes
Best Practices
- Use Google Secret Manager for all sensitive configuration
- Follow the configuration priority hierarchy
- Validate user inputs against schema constraints
- Implement proper error handling and user feedback
- Monitor configuration access and changes
- Use namespace isolation for multi-tenant configurations