Channels
#kubernetes
Title
p
proud-spoon-58287
08/05/2020, 10:00 AMHi all, got a very novice question:
got the following deployment
Copy code
apiVersion: apps/v1
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 ()
labels:
io.kompose.service: ksqldb-server
name: ksqldb-server
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: ksqldb-server
strategy: {}
template:
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 ()
labels:
io.kompose.service: ksqldb-server
spec:
containers:
- env:
- name: KSQL_BOOTSTRAP_SERVERS
value: pkc-4r297.europe-west1.gcp.confluent.cloud:9092
- name: KSQL_KSQL_INTERNAL_TOPIC_REPLICAS
value: "3"
- name: KSQL_KSQL_LOGGING_PROCESSING_STREAM_AUTO_CREATE
value: "true"
- name: KSQL_KSQL_LOGGING_PROCESSING_TOPIC_AUTO_CREATE
value: "true"
- name: KSQL_KSQL_LOGGING_PROCESSING_TOPIC_REPLICATION_FACTOR
value: "3"
- name: KSQL_KSQL_SINK_REPLICAS
value: "3"
- name: KSQL_KSQL_STREAMS_REPLICATION_FACTOR
value: "3"
- name: KSQL_LISTENERS
value: <http://0.0.0.0:8088>
- name: KSQL_SASL_JAAS_CONFIG
value: |
org.apache.kafka.common.security.plain.PlainLoginModule required username="USERNAME" password="PASSOWRD";
- name: KSQL_SASL_MECHANISM
value: PLAIN
- name: KSQL_SECURITY_PROTOCOL
value: SASL_SSL
image: confluentinc/ksqldb-server:0.10.1
imagePullPolicy: ""
name: ksqldb-server
ports:
- containerPort: 8088
resources: {}
hostname: ksqldb-server
restartPolicy: Always
serviceAccountName: ""
volumes: []and I need to replace USERNAME and PASSWORD 🙂
I work with Pulumi, and I can manipulate the yaml before getting deployed in order to replace USERNAME and PASSWORD with the right values.
what I do not like of my current implementation is that I am binded to this deployment structure and it is very inflexible
Is there a way to pass something link another yaml to the deployment file which contains the right values and reference those?
Copy code
valueFrom:
secretKeyRef:
key:can I put the pulumi config key? 🙂
k
kind-mechanic-53546
08/05/2020, 11:56 AMCheck out this stack
specifically,
Copy code
// Create secret from MongoDB connection string.
const mongoConnStrings = new k8s.core.v1.Secret(
"mongo-secrets",
{
metadata: { name: "mongo-secrets", namespace: config.appsNamespaceName},
data: mongoHelpers.parseConnString(cosmosdb.connectionStrings),
},
{ provider },
);and
Copy code
name: "WORDPRESS_DATABASE_PASSWORD",
valueFrom: {
secretKeyRef: {
name: mariadbSecret.metadata.name,
key: "mariadb-password"
}
}p
proud-spoon-58287
08/05/2020, 12:58 PMthanks @kind-mechanic-53546
@kind-mechanic-53546 This is all clear now thanks
only thing I do not understand is this
Copy code
// Create a Secret with the database credentials.
const databaseSecret = new k8s.core.v1.Secret("db-secret", {
stringData: {
"database-username": config.databaseUsername,
"database-password": config.databasePassword,
}
}, { provider: provider });config.X
does not exists
but I can do config.get(SECRET-KEY)
but I got an error
can you help?
Copy code
const config = new pulumi.Config();
const ksqlDbSecret = new k8s.core.v1.Secret("ksqldb-secret", {
stringData: {
'kafka-cluster-username': config.get('kafkaApiKey'),
'kafaka-cluster-password': config.get('kafkaApiSecret')
}
}, { provider: clusterProvider });that has compilation errors
Copy code
'kafka-cluster-username': config.requireSecret('kafkaApiKey'),
'kafaka-cluster-password': config.requireSecret('kafkaApiSecret')that sorts it 🙂
@kind-mechanic-53546 got another question
@billowy-army-68599 this does not work
Copy code
const config = new pulumi.Config();
const ksqlDbSecret = new k8s.core.v1.Secret("ksqldb-secret", {
stringData: {
'kafka-cluster-username': config.get('kafkaApiKey'),
'kafaka-cluster-password': config.get('kafkaApiSecret')
}
}, { provider: clusterProvider });pulumi asks me to set 'kafka-cluster-username' ...?
thought it is a key : value
b
billowy-army-68599
08/05/2020, 4:15 PM
can you show the error?
4 Views