Description
Hello,
Is there an example on how to utilize kamus decryption mechanism using environment variable in deployment.yaml file?
For example:
apiVersion: v1
kind: ConfigMap
metadata:
name: notifier
namespace: default
data:
#Kamus encrypted value
ACCOUNT_SID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AUTH_TOKEN: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I would like to get it decrypt in my deployment file. Does the deployment file requires kamus decryptor in my app pod? When I do this, I get the npm install error. I dont know how to approach. Please advise thanks.
apiVersion: apps/v1
kind: Deployment
metadata:
...
...
...
spec:
serviceAccountName: kamus-example-sa
automountServiceAccountToken: true
initContainers:
- name: "kamus-init"
image: "ghcr.io/soluto/kamus-init-container:latest"
imagePullPolicy: IfNotPresent
env:
- name: KAMUS_URL
value: http://kamus-decryptor.default.svc.cluster.local/
volumeMounts:
- name: encrypted-secrets
mountPath: /encrypted-secrets
- name: decrypted-secrets
mountPath: /decrypted-secrets
args: ["-e","/encrypted-secrets","-d","/decrypted-secrets", "-n", "config.json"]
containers:
- name: app
image: soluto/kamus-example-app
imagePullPolicy: IfNotPresent
volumeMounts:
- name: decrypted-secrets
mountPath: /secrets
- name: MYAPP
image: MYAPP_IMAGE:latest
resources:
limits:
cpu: 500m
requests:
cpu: 100m
volumes:
- name: encrypted-secrets
configMap:
name: encrypted-secrets-cm
- name: decrypted-secrets
emptyDir:
medium: Memory