65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
# Template: Deployment Using ExternalSecret
|
|
#
|
|
# This shows how to reference and use the synced Kubernetes Secret in a Deployment.
|
|
# Copy and customize this template in your application's k8s manifests.
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: my-app
|
|
namespace: default # CHANGE: Your application's namespace
|
|
labels:
|
|
app: my-app
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: my-app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: my-app
|
|
spec:
|
|
serviceAccountName: my-app
|
|
|
|
containers:
|
|
- name: app
|
|
image: my-app:latest
|
|
imagePullPolicy: Always
|
|
|
|
# Method 1: Import all secret keys as environment variables
|
|
envFrom:
|
|
- secretRef:
|
|
name: app-secrets # CHANGE: Name of the ExternalSecret's target
|
|
|
|
# Method 2: Individual secret values as environment variables
|
|
env:
|
|
- name: DATABASE_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-secrets # CHANGE: Name of the ExternalSecret's target
|
|
key: DATABASE_URL
|
|
|
|
- name: API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: app-secrets # CHANGE: Name of the ExternalSecret's target
|
|
key: API_KEY
|
|
|
|
# Method 3: Mount secret as files (useful for config files)
|
|
volumeMounts:
|
|
- name: app-secrets
|
|
mountPath: /etc/app/secrets
|
|
readOnly: true
|
|
|
|
ports:
|
|
- containerPort: 8000
|
|
name: http
|
|
|
|
# Volume for mounting secrets
|
|
volumes:
|
|
- name: app-secrets
|
|
secret:
|
|
secretName: app-secrets # CHANGE: Name of the ExternalSecret's target
|
|
defaultMode: 0400 # Read-only for owner only
|