Search code examples
kubernetes-podkubernetes-secrets

Kubernetes - How to Change SQL DB connection string with secret and use service hostname

I am new to Kubernetes but I have running docker-compose which basically deploys the Catalog API and Catalog DB.

While working with docker-compose:

I have used docker-compose.override.yaml to override the connection string from local to another container we have for the database like

DatabaseSettings:ConnectionString=Server=catalog,1433;Database=catalogDb;User Id=sa;Password=secretPassw@rd;

In this sense, both the containers are working and the Catalog API container is able to connect to Catalog DB Container without any issue.

Now, coming to the Kubernetes:

I know we have a secret and config map in Kubernetes but those are for individual item replacement by adding those into the deployment kind definition in Kubernetes.

I probably can add the entire connection string as Kubernetes secret and use that as an environment but I have three questions:

  1. Is that a correct approach?
  2. What is the server name should I specify in Kubernetes secret?
  3. Inside a secret file, can we do string interpolation or contamination like we specific SQL Password for SQL container instance but the same password can we reference while we provide the Connection string for Catalog API without writing it the same again?

Just give you a reference, Here is what I have created:

enter image description here

enter image description here

Solution

  • Is that a correct approach?

    Yes, that is the correct approach.

    Anything that is configurable either goes to configmap or secret.

    Secret would be better to store the secrets like DB password and host.

    Just to add :

    Secret is only base64 encoded.

    What is the server name should I specify in Kubernetes secret?

    You should be always using the service name as Server name in connection strings if your service running on Same Kubernetes cluster.

    So that your application connects to Kubernetes service and service forward traffic to POD(container). don't use Cluster IP of POD.

    Inside a secret file, can we do string interpolation or contamination like we specific SQL Password for SQL container instance but the same password can we reference while we provide the Connection string for Catalog API without writing it the same again?

    NO