I’ve started using
kustomize. It lets you generate secrets with something like:
secretGenerator: - name: mariadb-env envs: - mariadb.env
This is great because kustomize appends a hash so that every time I edit my secret, kubernetes will see it as being new and restart the server.
However, if I put
kustomization.yaml under version control, then it kind of entails that I put
mariadb.env under version control too. If I don’t, then
kubernetes build x will fail because of the missing file [for anyone that tries to clone the repo]. Even if I don’t put it under VCS, it still means I have these secret files on my dev workstation.
Prior to adopting kustomize, I’d just create the secret once, send it to the kubernetes cluster, and let it live there. I could still reference in my configs by name, but with the hash, I can’t really do that anymore. But the hash is also incredibly useful for forcing the restart.
How are people dealing with this?
Go to Source