K
Q

Kubernetes - how to mount different secret volumes depending on target deployment environment

1/30/2019

I have three environments - QA, Staging, Production. Each one has its own credentials.properties file

Right now I just have one secret and it's referenced and mounted in my yaml file as follows

          - name: identity-service-secret-here-credentials-volume
            mountPath: "/root/.secrets"
.
.
.
      - name: identity-service-secret-here-credentials-volume
        secret:
          secretName: identity-service-secret-here-credentials

I want it to do the equivalent of

if(env = QA)
  secretName = secret-qa
if(env = Staging)
  secretName = secret-staging
if(env = Prod)
  secretName = secret-prod
-- kellyfj
kubernetes

Similar Questions

How to configure kube-proxy bind IP address?
Spark-2.4.0 docker build fails
Backup of ignite stateful set in Kubernetes
Creating a pod/container in kubernetes - how to copy a bunch of files into it
Kubernetes - Too many open files

1 Answer

1/31/2019

It is bad design (also from a security perspective) to have helm control structures directives to manage deployments across dev, stage and prod in one YAML file.

It best to manage distinct k8s objects for respective deployments required in a distinct environment.

It may be necessary to maintain a distinct Secret in each stage of the pipeline or to make modifications to it as it traverses through the pipeline. Also, take care that if you are storing the Secret as JSON or YAML in an SCM, there is some form of encryption to protect the sensitive information may be warranted.

-- Raunak Jhawar
Source: StackOverflow