Use an External Service

You may want to refer to an external service rather than the small-scale services running in the cluster from a reference deployment.

Examples include:

Warning

CRITICAL SECURITY REQUIREMENT

NEVER commit files containing secrets such as .env or JWT to version control. These files must be managed securely.

As part of updating the inputs for your deployment:

Review the template secret files
Set strong secrets for the values, such as strong passwords
Store the secret securely outside your repository using one of these methods:
- Cloud secrets management service
- Enterprise secrets vault solution
- Kubernetes Secrets with encryption at rest
- Secure file system with restricted access (development only)
Configure your deployment to retrieve credentials from your secure storage at runtime
Add the secrets files to your .gitignore file immediately

You should create your secret values in a secure location and reflect them in Kubernetes Secrets.
The name of the secret should be the one already used by the respective deployment, e.g. ess-webid-postgres-credentials for the WebID Service database
Continue with the rest of the Applying Your Customizations procedure.

Last updated 2 months ago