Configs and Secrets
Set, mount, and manage Kubernetes ConfigMaps and Kubernetes Secrets in DuploCloud environments.
In DuploCloud environments, you can pass configurations and Kubernetes Secrets using Kubernetes ConfigMaps or through various strategies tailored to enhance security and management efficiency:
Setting Kubernetes Secrets directly in DuploCloud: You can create secrets under Kubernetes -> Secrets in the DuploCloud Portal. These secrets are then available in the Kubernetes environment and can be utilized as either files or environment variables. This method is straightforward, incurs no additional cost, and allows for the visibility of both secret keys and values in the DuploCloud console. For detailed instructions, see Setting Kubernetes Secrets in DuploCloud.
Settings Environment Variables (EVs) from a K8s ConfigMap or Secret: This traditional method continues to be supported, offering a familiar approach to those accustomed to Kubernetes' native secrets management.
Mounting ConfigMaps and Secrets as files: This method seamlessly integrates configuration data directly into your application's file system.
Additionally, DuploCloud supports advanced secrets management strategies, including:
Using AWS as the Source of Truth: By creating secrets in AWS Secrets Manager or Parameter Store and integrating them into Kubernetes secrets with SecretProviderClass, you benefit from advanced features like automatic rotation. This method displays only the secret keys in the DuploCloud console and involves a more complex setup but is ideal for centralizing secret management across DuploCloud and non-DuploCloud resources. For more on this setup, visit Adding SecretProviderClass Custom Resource in DuploCloud.
Application Directly Reads Secrets from AWS: This approach allows the application code to fetch secrets directly from the AWS Secret Manager or Parameter Store, managed via IAM roles facilitated by DuploCloud. It provides an added layer of protection and is particularly beneficial for development environments, though it requires modifications to the application code. Implementation guidance can be found in the AWS SDK for PHP—Managing Secrets.
By leveraging these strategies, DuploCloud offers flexible and secure options for managing Kubernetes ConfigMaps and Secrets, catering to various operational needs and security requirements.
Last updated