WEBVTT

00:00.930 --> 00:02.160
-: In this section we're going to wire

00:02.160 --> 00:04.380
up our Postgres secret that we just created

00:04.380 --> 00:07.440
in the last section to our server deployment

00:07.440 --> 00:09.750
and our Postgres deployment as well.

00:09.750 --> 00:11.400
So we're gonna first start inside of our

00:11.400 --> 00:13.643
server deployment.yaml file.

00:13.643 --> 00:16.830
I'm gonna scroll down to my list of environment variables

00:16.830 --> 00:19.080
boots, because we want to provide this password

00:19.080 --> 00:21.180
as an environment variable.

00:21.180 --> 00:23.220
So at the very end of of this list,

00:23.220 --> 00:25.470
I'm gonna add on a new name.

00:25.470 --> 00:28.470
The name is going to be pgpassword.

00:28.470 --> 00:29.970
Now something to make clear here, is that

00:29.970 --> 00:32.430
this is the name of the environment variable.

00:32.430 --> 00:34.230
So this is how our secret,

00:34.230 --> 00:36.450
or our encoded password is gonna show up

00:36.450 --> 00:38.010
inside the container.

00:38.010 --> 00:40.050
The name of pgpassword right here is

00:40.050 --> 00:41.940
not at all related to the secret,

00:41.940 --> 00:43.650
and in fact, it could be something totally different.

00:43.650 --> 00:45.750
It could be mypassword,

00:45.750 --> 00:47.130
or whatever we want it to be.

00:47.130 --> 00:48.840
But in our case,

00:48.840 --> 00:53.070
our copy of the multi server image is going to be looking

00:53.070 --> 00:56.040
for a pgpassword environment variable.

00:56.040 --> 00:58.200
And so, that's why we are going to use specifically

00:58.200 --> 00:59.733
pgpassword as the name.

01:01.620 --> 01:04.170
Then, rather than specifying a value property,

01:04.170 --> 01:07.680
we're going to provide a value from property.

01:07.680 --> 01:09.630
So we're essentially saying, get the value

01:09.630 --> 01:12.390
for this environment variable from some configuration

01:12.390 --> 01:14.310
that we're going to put in here.

01:14.310 --> 01:18.033
And so, we're going to put in a secret key ref,

01:18.870 --> 01:20.760
and then we'll provide a name.

01:20.760 --> 01:23.430
The name is going to be the name of the secret

01:23.430 --> 01:26.310
that we want this environment variable value to come from.

01:26.310 --> 01:27.690
So the name of our secret

01:27.690 --> 01:30.600
that we just put together was pgpassword,

01:30.600 --> 01:33.060
all lowercase right there.

01:33.060 --> 01:35.700
So as my name, I'll put in pgpassword.

01:35.700 --> 01:38.430
And then, we also have to put in a key.

01:38.430 --> 01:42.060
Remember that a secret can store many key value pairs.

01:42.060 --> 01:44.220
We only put one key value pair in here,

01:44.220 --> 01:46.080
but we could have very easily added in

01:46.080 --> 01:48.510
several other key value pairs as well.

01:48.510 --> 01:51.810
And so, we need to point out the key value pair

01:51.810 --> 01:54.810
that we want to shove into this environment variable.

01:54.810 --> 01:57.813
So the key that we want to reference is pgpassword.

01:59.826 --> 02:03.693
So for the key, I'll put in pgpassword, like so.

02:04.590 --> 02:07.800
So now that we put the name and the key right here,

02:07.800 --> 02:10.080
Kubernetes is going to automatically open up

02:10.080 --> 02:12.679
this secret with the name of pgpassword.

02:12.679 --> 02:14.280
It's going to find the key value pair

02:14.280 --> 02:17.400
inside of there, equal to key,

02:17.400 --> 02:19.050
so that's this one right here.

02:19.050 --> 02:21.210
It's gonna find the value associated with it,

02:21.210 --> 02:23.520
which is 12345asdf,

02:23.520 --> 02:26.046
and it's gonna pass that into our container

02:26.046 --> 02:29.760
as the environment variable called pgpassword.

02:29.760 --> 02:31.680
Now, one thing that's a little bit unclear here,

02:31.680 --> 02:33.600
or I feel like might be a little bit confusing,

02:33.600 --> 02:36.390
is the fact that our name of the environment variable

02:36.390 --> 02:39.480
and the key inside the secret are identical.

02:39.480 --> 02:41.490
So again, we could have very easily changed,

02:41.490 --> 02:43.050
say, the key right here to be

02:43.050 --> 02:46.470
mypassword without any issue whatsoever.

02:46.470 --> 02:48.597
We would have just needed to make sure that

02:48.597 --> 02:50.610
the key that we provided right here,

02:50.610 --> 02:51.900
rather than pgpassword,

02:51.900 --> 02:54.783
it would've had to have been mypassword as well.

02:55.920 --> 02:58.420
All right, so I'm gonna change that back, like so.

02:59.460 --> 03:01.170
Okay, so that's how we wire up

03:01.170 --> 03:03.360
a secret as an environment variable.

03:03.360 --> 03:06.600
So our server now knows about the password

03:06.600 --> 03:07.680
to use for the database.

03:07.680 --> 03:09.150
So now, the last thing we have to do,

03:09.150 --> 03:11.820
is to make sure that our Postgres database

03:11.820 --> 03:14.220
knows about the password that it should be using.

03:14.220 --> 03:17.703
So we're essentially going to override its default password.

03:18.690 --> 03:21.030
All right, so for this, we're gonna find our

03:21.030 --> 03:22.773
Postgres deployment file.

03:25.080 --> 03:26.160
We're gonna scroll on down

03:26.160 --> 03:29.160
to our container definition right here,

03:29.160 --> 03:31.020
and we're going to add on a

03:31.020 --> 03:36.020
ENV property to our container definition, like so.

03:36.750 --> 03:39.210
Now, please triple check, make sure that ENV

03:39.210 --> 03:41.280
is on this same indentation level

03:41.280 --> 03:45.210
as the name image ports and volume mounts properties.

03:45.210 --> 03:46.350
If you wanna be real safe,

03:46.350 --> 03:48.690
you could actually just add it up right here,

03:48.690 --> 03:51.900
and not have to worry about matching the indentation at all.

03:51.900 --> 03:53.970
Just a quick reminder, all these key value pairs

03:53.970 --> 03:56.910
inside of a YAML file do not need to be ordered

03:56.910 --> 03:58.353
in any specific fashion.

03:59.640 --> 04:01.620
Okay, so for ENV, right here,

04:01.620 --> 04:05.373
I'm gonna pass in a name of pgpassword.

04:06.450 --> 04:08.580
So now we are setting up a environment variable

04:08.580 --> 04:12.090
of pgpassword that we're going to pass into the container.

04:12.090 --> 04:15.840
If the container or the image Postgres right here

04:15.840 --> 04:18.000
sees an environment variable of pgpassword,

04:18.000 --> 04:21.510
it's going to use that as the default password,

04:21.510 --> 04:22.850
as opposed to the...

04:22.850 --> 04:24.420
Or as the password, as opposed to

04:24.420 --> 04:27.000
the default password of whatever it usually is.

04:27.000 --> 04:30.270
And again, I forget what it is off the top of my head.

04:30.270 --> 04:32.490
Okay, so we're going to create the pgpassword

04:32.490 --> 04:33.570
environment variable,

04:33.570 --> 04:35.034
and then we're gonna say,

04:35.034 --> 04:36.840
you're going to get the value for this from

04:38.400 --> 04:41.160
a secret key reference.

04:41.160 --> 04:44.610
And again, it's going to have a name of pgpassword.

04:44.610 --> 04:46.860
And the key that we want to reference inside

04:46.860 --> 04:48.510
of that password, or that secret,

04:48.510 --> 04:51.270
is pgpassword right there.

04:51.270 --> 04:54.903
So we will provide a key of pgpassword like so.

04:56.400 --> 04:58.350
All right, so that's pretty much it.

04:58.350 --> 05:02.310
So we have now set up a custom password for our database.

05:02.310 --> 05:04.920
We have told our copy of Postgres to make use

05:04.920 --> 05:07.440
of that password, anytime someone tries to connect.

05:07.440 --> 05:10.680
And we've also told our server pod,

05:10.680 --> 05:13.350
or more specifically the multi server container

05:13.350 --> 05:16.920
that gets created, what that secret password is.

05:16.920 --> 05:18.330
So that's pretty much it.

05:18.330 --> 05:19.710
Now, the very last thing that we are going to

05:19.710 --> 05:22.410
need to do is to apply the changes that we just made

05:22.410 --> 05:24.090
to these configuration files.

05:24.090 --> 05:26.220
So I'm sure you recall how to do that.

05:26.220 --> 05:27.970
We'll flip on over to our terminal,

05:28.950 --> 05:33.950
and we'll do a kubectl apply dash F K8s, like so.

05:34.680 --> 05:36.390
Now it looks like I've got a little bit

05:36.390 --> 05:38.160
of an error message here.

05:38.160 --> 05:38.993
You'll notice that it says,

05:38.993 --> 05:41.820
"Cannot convert N64 into string."

05:41.820 --> 05:43.530
I know exactly where that's coming from.

05:43.530 --> 05:45.750
This was a expected error, don't worry about it.

05:45.750 --> 05:47.160
So we'll take a quick pause right here.

05:47.160 --> 05:48.420
When we come back the next section,

05:48.420 --> 05:50.520
we're gonna fix this thing up very quickly.

05:50.520 --> 05:53.020
So quick pause, and I'll see you in just a minute.