Skip to main content

Environment

1Password

To control password security, it is recommended you use 1Password Connect to pass your passwords into Kubernetes. It's much better than to use a txt file stored on Git or some other insecure place.

Kubernetes Environment Variable Secrets

It is recommended that you use GitHub as your containerization repository. For Kubernetes to access your ghcr repository, we create the GHCR secret token and use this script to add the secret to each of our namespaces. In general, it's much easier to use this script to inject your GHCR secret than to try to pull it from 1Password.

# Define variables

GHCR_USERNAME=
GHCR_EMAIL=
GHCR_TOKEN=

# =====================================================================
# CREATE NAMESPACES AND DELETE EXISTING SECRETS
# =====================================================================
# Create namespaces
kubectl create ns tickers
kubectl create ns backfillers
kubectl create ns candlesticks
kubectl create ns couriers
kubectl create ns news
kubectl create ns apis
kubectl create ns websites
kubectl create ns services
kubectl create ns traders
kubectl create ns validators
# Delete Secrets
kubectl delete secrets --all -n tickers
kubectl delete secrets --all -n backfillers
kubectl delete secrets --all -n candlesticks
kubectl delete secrets --all -n couriers
kubectl delete secrets --all -n news
kubectl delete secrets --all -n apis
kubectl delete secrets --all -n websites
kubectl delete secrets --all -n services
kubectl delete secrets --all -n traders
kubectl delete secrets --all -n validators
# GHCR secrets
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace tickers
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace backfillers
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace candlesticks
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace couriers
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace news
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace apis
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace websites
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace services
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace traders
kubectl create secret docker-registry ghcr --docker-server https://ghcr.io --docker-username $GHCR_USERNAME --docker-password $GHCR_TOKEN --docker-email $GHCR_EMAIL --namespace validators