9.1. Configuration and Secrets

All secrets are configuration but not all configuration is secret. In this lab you will create resources that will control how your application works.

Put this into deployment/config.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: mysite-config
data:
    PORT: "8000" 
    STUDENT_NAME: "Bike Batera"
    SITE_NAME: "www.bikebatera.com"
    DATA_DIR: "/data"
    DEBUG: "1"

Note

Put in your own values for STUDENT_NAME AND SITE_NAME.

Verify:

$ kubectl describe cm/mysite-config

Put this into deployment/secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: mysite-secrets
stringData:
    SECRET_KEY: "this-is-a-bad-key"

Verify and notice the data is not shown:

$ kubectl describe secret/mysite-secret
Name:         mysite-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
SECRET_KEY:  17 bytes

Update your pod under the spec.containers key, replacing the current env lines.

envFrom:
- configMapRef:
    name: mysite-config
- secretRef:
    name: mysite-secret

Note

You can’t update a pod with new environment variables. You have to delete then re-apply the pod.