You are a container engineer at Cube4Lyf, an e-gaming platform geared towards puzzle and logic games. As their Kubernetes implementation matures, the security team is looking to leverage cluster Secrets to manage sensitive information. For one of their early prototypes, a team has attempted to access credentials for a third-party service as environment Secrets within their containers. However, the engineers report that the container is currently unable to resolve the sensitive values as expected, preventing it from accessing the external service. You will need to examine the configuration of the Secret and the Deployment creating the Pod to fix this issue.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Fix the Configuration Issues in vendor-secret.yaml
Identify and correct the issues in
vendor-secret.yamlso that the Secret data maps to an environment variable.Storing Secrets as an encoded map:
apiVersion: v1 kind: Secret metadata: name: vendor-secret data: endpoint: YXBpLmUtc2FsZS5jb20vdjIK token: Z3Vlc3NtZWlmeW91Y2FuCg==- Fix the Configuration Issues in application-deployment.yaml
Identify and correct the issues in
application-deployment.yamlso that the Secret data maps to an environment variable.Accessing Secrets as environment variables:
apiVersion: apps/v1 kind: Deployment metadata: name: puzzle-plaza spec: selector: matchLabels: app: puzzle-plaza replicas: 1 template: metadata: labels: app: puzzle-plaza spec: containers: - name: shop-app image: busybox command: ['sh', '-c', 'while true; echo "STATUS: UP"; do sleep 3600; done'] env: - name: ENDPOINT valueFrom: secretKeyRef: name: vendor-secret key: endpoint - name: TOKEN valueFrom: secretKeyRef: name: vendor-secret key: token
