sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/developer/providers/implementers-guide/configure.md

sigs.k8s.io/cluster-api@v1.7.1/docs/book/src/developer/providers/implementers-guide/configure.md (about)

     1  # Configure
     2  
     3  ## YAML
     4  
     5  `kubebuilder` generates most of the YAML you'll need to deploy a container.
     6  We just need to modify it to add our new secrets.
     7  
     8  First, let's add our secret as a [patch] to the manager yaml.
     9  
    10  `config/manager/manager_config.yaml`:
    11  
    12  ```yaml
    13  apiVersion: apps/v1
    14  kind: Deployment
    15  metadata:
    16    name: controller-manager
    17    namespace: system
    18  spec:
    19    template:
    20      spec:
    21        containers:
    22        - name: manager
    23          env:
    24          - name: MAILGUN_API_KEY
    25            valueFrom:
    26              secretKeyRef:
    27                name: mailgun-secret
    28                key: api_key
    29          - name: MAILGUN_DOMAIN
    30            valueFrom:
    31              configMapKeyRef:
    32                name: mailgun-config
    33                key: mailgun_domain
    34          - name: MAIL_RECIPIENT
    35            valueFrom:
    36              configMapKeyRef:
    37                name: mailgun-config
    38                key: mail_recipient
    39  ```
    40  
    41  And then, we have to add that patch to [`config/kustomization.yaml`][kustomizeyaml]:
    42  
    43  ```yaml
    44  patchesStrategicMerge
    45  - manager_image_patch.yaml
    46  - manager_config.yaml
    47  ```
    48  
    49  [kustomizeyaml]: https://kubectl.docs.kubernetes.io/references/kustomize/kustomization
    50  [patch]: https://git.k8s.io/community/contributors/devel/sig-api-machinery/strategic-merge-patch.md
    51  
    52  ## Our configuration
    53  
    54  There's many ways to manage configuration in production.
    55  The convention many Cluster-API projects use is environment variables.
    56  
    57  `config/manager/configuration.yaml`
    58  
    59  ```yaml
    60  ---
    61  apiVersion: v1
    62  kind: Secret
    63  metadata:
    64    name: mailgun-config
    65    namespace: system
    66  type: Opaque
    67  stringData:
    68    api_key: ${MAILGUN_API_KEY}
    69  ---
    70  apiVersion: v1
    71  kind: ConfigMap
    72  metadata:
    73    name: mailgun-config
    74    namespace: system
    75  data:
    76    mailgun_domain: ${MAILGUN_DOMAIN}
    77    mail_recipient: ${MAILGUN_RECIPIENT}
    78  ```
    79  
    80  And add this to `config/manager/kustomization.yaml`
    81  
    82  ```yaml
    83  resources:
    84  - manager.yaml
    85  - credentials.yaml
    86  ```
    87  
    88  You can now (hopefully) generate your yaml!
    89  
    90  ```bash
    91  kustomize build config/default
    92  ```
    93  
    94  ## EnvSubst
    95  
    96  _A tool like [direnv](https://direnv.net/) can be used to help manage environment variables._
    97  
    98  `kustomize` does not handle replacing those `${VARIABLES}` with actual values.
    99  For that, we use [`envsubst`][envsubst].
   100  
   101  You'll need to have those environment variables (`MAILGUN_API_KEY`, `MAILGUN_DOMAIN`, `MAILGUN_RECIPIENT`) in your environment when you generate the final yaml file.
   102  
   103  Change `Makefile` to include the call to `envsubst`:
   104  
   105  ```diff
   106  -	$(KUSTOMIZE) build config/default | kubectl apply -f -
   107  +	$(KUSTOMIZE) build config/default | envsubst | kubectl apply -f -
   108  ```
   109  
   110  To generate the manifests, call envsubst in line, like so:
   111  
   112  ```bash
   113  kustomize build config/default | envsubst
   114  ```
   115  
   116  Or to build and deploy the CRDs and manifests directly:
   117  
   118  ```bash
   119  make install deploy
   120  ```
   121  
   122  [envsubst]: https://github.com/drone/envsubst