Using Kubernetes Mindbody.com With Secrets.infisical.com
Introduction
In this guide, we will demonstrate how to integrate Kubernetes with Infisical for managing secrets. Infisical is a secrets management tool that helps securely store and manage sensitive information such as API keys, passwords, and other credentials. By integrating it with Kubernetes, you can ensure that your applications running on Kubernetes clusters have secure access to the secrets they need.
Step-by-Step Explanation
Step 1: Setting Up Infisical
- Sign up for an Infisical account at Infisical.
- Create a new project and add the secrets you want to manage.
- Generate an API key for your project.
Step 2: Configuring Kubernetes
- Ensure you have a running Kubernetes cluster. You can use a managed service like EKS, GKE, or AKS, or set up a local cluster using Minikube or Kind.
- Install the Kubernetes CLI (kubectl) if you haven’t already.
- Create a Kubernetes namespace for your application if you don’t have one already:
kubectl create namespace my-namespace
Step 3: Integrating Infisical with Kubernetes
- Create a Kubernetes Secret to store the Infisical API key:
kubectl create secret generic infisical-api-key --from-literal=api-key=<YOUR_INFISICAL_API_KEY> -n my-namespace - Modify your Kubernetes deployment YAML to include the Infisical API key as an environment variable:
apiVersion: apps/v1 kind: Deployment metadata: name: my-app namespace: my-namespace spec: replicas: 1 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-app-container image: my-app-image env: - name: INFISICAL_API_KEY valueFrom: secretKeyRef: name: infisical-api-key key: api-key - Apply the modified deployment YAML to your Kubernetes cluster:
kubectl apply -f deployment.yaml
Step 4: Accessing Secrets in Your Application
- In your application code, use the Infisical API to fetch the secrets using the API key stored in the environment variable
INFISICAL_API_KEY. - Ensure your application securely handles the secrets and does not expose them in logs or error messages.
Conclusion
By following these steps, you have successfully integrated Infisical with Kubernetes to manage your application’s secrets securely. This setup ensures that your sensitive information is stored securely and accessed only by authorized applications running in your Kubernetes cluster.
Full Code Example
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
const namespace = new k8s.core.v1.Namespace("my-namespace", {
metadata: { name: "my-namespace" },
});
const infisicalApiKey = new k8s.core.v1.Secret("infisical-api-key", {
metadata: {
namespace: namespace.metadata.name,
},
stringData: {
"api-key": "<YOUR_INFISICAL_API_KEY>", // Replace with your actual Infisical API key
},
});
const appLabels = { app: "my-app" };
const deployment = new k8s.apps.v1.Deployment("my-app-deployment", {
metadata: {
namespace: namespace.metadata.name,
name: "my-app",
},
spec: {
replicas: 1,
selector: { matchLabels: appLabels },
template: {
metadata: { labels: appLabels },
spec: {
containers: [
{
name: "my-app-container",
image: "my-app-image", // Replace with your actual app image
env: [
{
name: "INFISICAL_API_KEY",
valueFrom: {
secretKeyRef: {
name: infisicalApiKey.metadata.name,
key: "api-key",
},
},
},
],
},
],
},
},
},
});
export const namespaceName = namespace.metadata.name;
export const secretName = infisicalApiKey.metadata.name;
export const deploymentName = deployment.metadata.name;
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.