9.1. Configuration and Secrets#

All secrets are configuration but not all configuration is secret. In this lab you will create resources that will control how your application works.

Put this into deployment/config.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: mysite-config
data:
    PORT: "8000" 
    STUDENT_NAME: "Bike Batera"
    SITE_NAME: "www.bikebatera.com"
    DATA_DIR: "/data"
    DEBUG: "1"

Note

Put in your own values for STUDENT_NAME AND SITE_NAME.

Verify:

$ kubectl describe cm/mysite-config

Put this into deployment/secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: mysite-secrets
stringData:
    SECRET_KEY: "this-is-a-bad-key"

Verify and notice the data is not shown:

$ kubectl describe secret/mysite-secret
Name:         mysite-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
SECRET_KEY:  17 bytes

Update your pod under the spec.containers key, replacing the current env lines.

envFrom:
- configMapRef:
    name: mysite-config
- secretRef:
    name: mysite-secret

Note

You can’t update a pod with new environment variables. You have to delete then re-apply the pod.