Secrets in a Microservices architecture is an object that stores confidential information in encrypted form, for example, database credentials, username, passwords, API keys, email addresses, etc. These confidential information may be used for deployment or while using the application. For instance, you need to provide database credentials at the time of deployment to connect to the log and backend databases, and you need to enter your login credentials to log in to the application after deployment.
Adeptia Connect stores such confidential information in encrypted form in Secrets, and offers you the option of using the default Kubernetes Secrets or a third party Secrets. In case you're not using an external tool to manage Secrets, the confidential information is passed on to the Kubernetes for the creation of Secrets through some properties and environment variables you may have defined in values.yaml file at the time of deployment.
Using third party tool for secrets
If you wish to use a third party tool such as Vault to manage the Secrets, you may need to do the followings.
- Complete the essential settings in the tool.
- Set some properties in values.yaml file.
Completing the essential settings in the tool
To use Vault as a tool for managing Secrets, you need to log in to the tool, and create the followings.
- Secrets – A folder that contains different types of Secrets, having related confidential information, for example, database Secret. You need to have two types of Secrets created in Vault – database Secret, and Image Secret.
To manage the database Secret, you need to have the following details in key-value pairs. For this, you need to create the following environment variables, and set their values.- BACKEND_DB_USERNAME
- BACKEND_DB_PASSWORD
- LOG_DB_PASSWORD
- LOG_DB_USERNAME
- LOG_ARCHIVE_DB_PASSWORD
- LOG_ARCHIVE_DB_USERNAME
- Policies – Defines the type of permissions – create, read, update, delete, and list – Adeptia Connect may have on Secrets.
- Authentication method – To authenticate the request coming from the Kubernetes host.
- Roles – Contains the details about the policies created, service account name, and the namespace.
After you've completed the settings in Vault, you need to provide the following information in the values.yaml file.
- Provide the values for the properties highlighted in red in the following screenshot.
- Set the enabled property under pullSecret to false as highlighted in the screenshot below.
| Panel | ||||
|---|---|---|---|---|
| ||||
What is new |