< Previous Challenge - Home - Next Challenge >
This challenge will cover the management of app configuration, and secret injection in AKS from Azure Key Vault
You need to fulfill these requirements to complete this challenge:
- Supply environment variables to the Web and API containers over Kubernetes config maps or secrets
- For sensitive parameters (like the database user password) make sure that they are not stored anywhere in the Kubernetes cluster, but in a purpose-built secret store such as Azure Key Vault
- Non-sensitive configuration for the containers should be supplied from a configuration map, not hard coded in the manifests
- Make sure that no static password is stored in the AKS cluster that allows access to the Azure Key Vault
- Environment variables in the deployment manifests are not hard coded, but imported from Kubernetes configuration maps
- The SQL password is not stored as a Kubernetes secret or Kubernetes config map
- No Service Principal secret is stored in Kubernetes
- Enable SSL in the ingress controller, and have its SSL certificate supplied from a purpose-built store such as Azure Key Vault
These docs might help you achieving these objectives: