Search
⌃K

Add K8s Secrets to All Environments

Oftentimes, organizations would like to add resource credentials or other sensitive information to each Velocity Environment as Kubernetes Secrets upon Environment creation. This guide will walk you through the process of adding K8s Secrets as default elements in Velocity Environments.

The Velocity Namespace

The Velocity Operator is deployed in your Kubernetes cluster in a velocity namespace by default.
You can create K8s Secrets in this same velocity namespace once, and then add them to all Velocity Environments upon creation.

"Kubed" for Propagating Secrets Across Velocity Environments

Kubed is a daemon that runs in your cluster that will allow you to replicate K8s Secrets across Velocity Environments. To install it in your cluster, run the following:
helm repo add appscode https://charts.appscode.com/stable/
helm repo update
helm install kubed appscode/kubed -n kube-system

Create a Sample K8s Secret

After installing the Velocity Operator, run the following to create a sample K8s Secret in the resulting "velocity" namespace:
# example-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
# This annotation will add this Secret to all newly created namespaces:
kubed.appscode.com/sync: "microprod.velocity.tech/type=environment"
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi
Run the following command to apply the above manifest and create a K8s Secret that will be available in all Velocity Environments:
kubectl apply -f https://raw.githubusercontent.com/techvelocity/velocity-blueprints/main/examples/env-secrets-example/example-secret.yaml -n velocity

Consuming Secrets in a Velocity Environment

Finally, run the following to create a sample Velocity Environment that contains the above K8s Secret:
veloctl env create -f https://raw.githubusercontent.com/techvelocity/velocity-blueprints/main/examples/env-secrets-example/example-deployment.yaml