Add K8s Secrets to All Environments

Oftentimes, organizations would like to add resource credentials or other sensitive information to each Velocity Environment as Kubernetes Secrets upon Environment creation. This guide will walk you through the process of adding K8s Secrets as default elements in Velocity Environments. 
The Velocity Namespace
The Velocity Operator is deployed in your Kubernetes cluster in a velocity namespace by default. 
You can create K8s Secrets in this same velocity namespace once, and then add them to all Velocity Environments upon creation. 
"Kubed" for Propagating Secrets Across Velocity Environments
​Kubed is a daemon that runs in your cluster that will allow you to replicate K8s Secrets across Velocity Environments. To install it in your cluster, run the following:
helm repo add appscode https://charts.appscode.com/stable/
helm repo update
helm install kubed appscode/kubed -n kube-system
Create a Sample K8s Secret
After installing the Velocity Operator, run the following to create a sample K8s Secret in the resulting  "velocity" namespace:
# example-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
  annotations:
    # This annotation will add this Secret to all newly created namespaces:
    kubed.appscode.com/sync: "microprod.velocity.tech/type=environment"
data:
  username: bXktYXBw
  password: Mzk1MjgkdmRnN0pi
  
Run the following command to apply the above manifest and create a K8s Secret that will be available in all Velocity Environments:
kubectl apply -f https://raw.githubusercontent.com/techvelocity/velocity-blueprints/main/examples/env-secrets-example/example-secret.yaml -n velocity
Consuming Secrets in a Velocity Environment
Finally, run the following to create a sample Velocity Environment that contains the above K8s Secret:
veloctl env create -f https://raw.githubusercontent.com/techvelocity/velocity-blueprints/main/examples/env-secrets-example/example-deployment.yaml

Last modified 3mo ago