Configure
YAML
kubebuilder
generates most of the YAML you’ll need to deploy a container.
We just need to modify it to add our new secrets.
First, let’s add our secret as a patch to the manager yaml.
config/manager/manager_config.yaml
:
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
env:
- name: MAILGUN_API_KEY
valueFrom:
secretKeyRef:
name: mailgun-secret
key: api_key
- name: MAILGUN_DOMAIN
valueFrom:
configMapKeyRef:
name: mailgun-config
key: mailgun_domain
- name: MAIL_RECIPIENT
valueFrom:
configMapKeyRef:
name: mailgun-config
key: mail_recipient
And then, we have to add that patch to config/kustomization.yaml
:
patchesStrategicMerge
- manager_image_patch.yaml
- manager_config.yaml
Our configuration
There’s many ways to manage configuration in production. The convention many Cluster-API projects use is environment variables.
config/manager/configuration.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: mailgun-config
namespace: system
type: Opaque
stringData:
api_key: ${MAILGUN_API_KEY}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mailgun-config
namespace: system
data:
mailgun_domain: ${MAILGUN_DOMAIN}
mail_recipient: ${MAILGUN_RECIPIENT}
And add this to config/manager/kustomization.yaml
resources:
- manager.yaml
- credentials.yaml
You can now (hopefully) generate your yaml!
kustomize build config/default
EnvSubst
A tool like direnv can be used to help manage environment variables.
kustomize
does not handle replacing those ${VARIABLES}
with actual values.
For that, we use envsubst
.
You’ll need to have those environment variables (MAILGUN_API_KEY
, MAILGUN_DOMAIN
, MAILGUN_RECIPIENT
) in your environment when you generate the final yaml file.
Change Makefile
to include the call to envsubst
:
- $(KUSTOMIZE) build config/default | kubectl apply -f -
+ $(KUSTOMIZE) build config/default | envsubst | kubectl apply -f -
To generate the manifests, call envsubst in line, like so:
kustomize build config/default | envsubst
Or to build and deploy the CRDs and manifests directly:
make install deploy