Hi there, @seizste great question!
/etc/default/sensu-backend approach relies on process management (e.g. systemd or sysvinit) which would not normally be present in a containerized environment, so I wouldn’t recommend that approach.
The Sensu Go
env Secrets Provider should work directly with Kubernetes own built-in secrets management. In practice, Kubernetes secrets are discrete K8s resources that make secrets available to reference from various pod controllers (e.g. StatefulSets); in other words, you have to create a K8s Secret, and then also reference it to actually use it somewhere.
Here’s a few example K8s secrets:
And here’s an example excerpt from a StatefulSet resource, which fetches the value of a K8s Secret and exposes it as an environment variable:
- name: sensu-backend
- name: POD_NAME
- name: INFLUXDB_ADDR
- name: INFLUXDB_DB
- name: INFLUXDB_USER
- name: INFLUXDB_PASSWORD
In this example, I’m fetching the values of my
influxdb secret and mapping them as environment variables (
INFLUXDB_PASSWORD) which will be accessible from the
sensu-backend container in this StatefulSet pod.
I hope this helps!