Keeping configurations and secrets out of your codebase is an important guideline for application on Kubernetes. Kubernetes can be deployed to a variety of data center targets and your application should also accommodate these different contextual settings. You learned, the environment configuration can all be stored in ConfigMaps and Secrets. This allows your applications to reference these configurations as environmental resources.
Secrets and Protection
If you are interested in storing secrets safely in version control, consider this approach "Sealed Secrets" for Kubernetes.
Since secrets are stored in etcd it's recommended to separate and firewall your etcd cluster. This is an advanced administration topic for Kubernetes, but it's important to keep your secrets secret. See 11 Ways (Not) to Get Hacked.
Lastly, enable RBAC and protect your Kubernetes API. Unprotected access to the cluster, such as through the dashboard, can unveil secrets. Invest in protecting your Kubernetes cluster and avoid what others have done in the past Lessons from the Cryptojacking Attack at Tesla.
With these steps you have learned:
- ✔ how to create configuration data in the form of ConfigMaps and Secrets,
- ✔ how Pods make configuration accessible for applications in containers,
- ✔ how secrets should remain secrets.
For a deeper understanding of these topics and more join
at various conferences, symposiums, workshops and meetups.
Software Architectures ★ Speaker ★ Workshop Hosting ★ Kubernetes & Java Specialist