Secrets in a Microservices architecture is an object that stores confidential information in encrypted form, for example, database credentials, username, passwords, API keys, email addresses, etc. These confidential information may be used for deployment or while using the application. For instance, you need to provide database credentials at the time of deployment to connect to the log and backend databases, and you need to enter your login credentials to log in to the application after deployment.
Adeptia Connect stores such confidential information in encrypted form in Secrets, and offers you the option of using the default Kubernetes Secrets or a third party Secrets. The sections below describe how you can use the default Kubernetes Secrets or a third party Secrets, for example, Vault.
| Table of Contents |
|---|
Using default Kubernetes Secrets
When you use the default Secrets, the confidential information is passed on to the Kubernetes for the creation of Secrets through some properties and environment variables in values.yaml file at the time of deployment.
You need to complete the following settings.
When you're going to use the default Secrets, you need to pass the confidential information on to the Kubernetes for the creation of Secrets through some properties and environment variables in values.yaml file at the time of deployment. In the values.yaml file, you need to complete the following settings.
- Provide values for the environment variables highlighted in red in the following screenshot.
- Set the value for the properties highlighted in red in the following screenshot.
- For each microservice, provide values for the two properties highlighted in red in the screenshot below.
The following screenshot depicts the properties for the Webrunner microservice. Similarly, you need to set the same properties for all the microservices.
| Info |
|---|
| Rest of the settings in values.yaml file will remain as they are. |
Using third party tool for secrets
If you wish to use a third party tool such as Vault to manage the Secrets, you may need to do the followings.
- Complete the essential settings in the tool.
- Set some properties in values.yaml file.
Completing the essential settings in the tool
To use Vault as a tool for managing Secrets, you need to log in to the tool, and create the followings.
- Secrets – A folder that contains different types of Secrets, having related confidential information, for example, database Secret. You need to have two types of Secrets created in Vault – database Secret, and Image Secret.
To manage the database Secret, you need to have the following details in key-value pairs. For this, you need to create the following environment variables, and set their values.- BACKEND_DB_USERNAME
- BACKEND_DB_PASSWORD
- LOG_DB_PASSWORD
- LOG_DB_USERNAME
- LOG_ARCHIVE_DB_PASSWORD
- LOG_ARCHIVE_DB_USERNAME
- Policies – Defines the type of permissions – create, read, update, delete, and list – Adeptia Connect may have on Secrets.
- Authentication method – To authenticate the request coming from the Kubernetes host.
- Roles – Contains the details about the policies created, service account name, and the namespace.
After you've completed the settings in Vault, you need to provide the following information in the values.yaml file.
- Provide the values for the properties highlighted in red in the following screenshot.
- Set the enabled property under pullSecret to false as highlighted in the screenshot below.
| Panel | ||||
|---|---|---|---|---|
| ||||
What's new |