9.1. Configuration and Secrets#
All secrets are configuration but not all configuration is secret. In this lab you will create resources that will control how your application works.
Put this into deployment/config.yaml
:
apiVersion: v1
kind: ConfigMap
metadata:
name: mysite-config
data:
PORT: "8000"
STUDENT_NAME: "Bike Batera"
SITE_NAME: "www.bikebatera.com"
DATA_DIR: "/data"
DEBUG: "1"
Note
Put in your own values for STUDENT_NAME
AND SITE_NAME
.
Verify:
$ kubectl describe cm/mysite-config
Put this into deployment/secret.yaml
:
apiVersion: v1
kind: Secret
metadata:
name: mysite-secrets
stringData:
SECRET_KEY: "this-is-a-bad-key"
Verify and notice the data is not shown:
$ kubectl describe secret/mysite-secret
Name: mysite-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
SECRET_KEY: 17 bytes
Update your pod under the spec.containers
key, replacing the current env
lines.
envFrom:
- configMapRef:
name: mysite-config
- secretRef:
name: mysite-secret
Note
You can’t update a pod with new environment variables. You have to delete then re-apply the pod.