Configure

YAML

kubebuilder generates most of the YAML you’ll need to deploy a container. We just need to modify it to add our new secrets.

First, let’s add our secret as a patch to the manager yaml.

config/manager/manager_config.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller-manager
  namespace: system
spec:
  template:
    spec:
      containers:
      - name: manager
        env:
        - name: MAILGUN_API_KEY
          valueFrom:
            secretKeyRef:
              name: mailgun-secret
              key: api_key
        - name: MAILGUN_DOMAIN
          valueFrom:
            configMapKeyRef:
              name: mailgun-config
              key: mailgun_domain
        - name: MAIL_RECIPIENT
          valueFrom:
            configMapKeyRef:
              name: mailgun-config
              key: mail_recipient

And then, we have to add that patch to config/kustomization.yaml:

patchesStrategicMerge
- manager_image_patch.yaml
- manager_config.yaml

Our configuration

There’s many ways to manage configuration in production. The convention many Cluster-API projects use is environment variables.

config/manager/configuration.yaml

---
apiVersion: v1
kind: Secret
metadata:
  name: mailgun-config
  namespace: system
type: Opaque
stringData:
  api_key: ${MAILGUN_API_KEY}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: mailgun-config
  namespace: system
data:
  mailgun_domain: ${MAILGUN_DOMAIN}
  mail_recipient: ${MAILGUN_RECIPIENT}

And add this to config/manager/kustomization.yaml

resources:
- manager.yaml
- credentials.yaml

You can now (hopefully) generate your yaml!

kustomize build config/default

EnvSubst

A tool like direnv can be used to help manage environment variables.

kustomize does not handle replacing those ${VARIABLES} with actual values. For that, we use envsubst.

You’ll need to have those environment variables (MAILGUN_API_KEY, MAILGUN_DOMAIN, MAILGUN_RECIPIENT) in your environment when you generate the final yaml file.

Change Makefile to include the call to envsubst:

-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/default | envsubst | kubectl apply -f -

To generate the manifests, call envsubst in line, like so:

kustomize build config/default | envsubst

Or to build and deploy the CRDs and manifests directly:

make install deploy