- Yair Mark
As part of the deployment of our updated app to our UAT environment we ran into a weird error on Kubernetes (CreateContainerConfigError) when the pod tried to startup.
We had not changed anything on the app itself that would cause that. As far as I could remember there was nothing in the app infrastructure config (the Kubernetes yaml files) that should cause this either. After running a
kubectl describe pod myPodName -n myNameSpace I received an error of the following format:
Error: secrets "my-secret" not found the issue based on this is obviously cause by a secret not being deployed.
We had intentionally not automated the deployment of this secret into UAT as we did not want this on version control. We had explored using things like HashiCorp's Vault or BitNami's Sealed secret but currently we only have one secret to worry about and using one of these other approaches would be overkill for this one secret. These approaches also add the complexity of setting up the infrastructure for each of these solutions which again for one secret right now is overkill. In the end the UAT environment helped illustrate what would happen if this were deployed to Production without a secret being deployed - the app fails to start and it is immediately clear from describing the pod what the error is.
To create a secret called
my-secret with one key called
key1 and value
supersecret and another called
key2 and value
topsecret via Kubernetes and have it base64 encode the details for you use the following command:
kubectl create secret generic my-secret --from-literal=key1='supersecret' --from-literal=key2='topsecret'