Using Secrets in Kubernetes

In my previous blog post I detailed how to setup Ghost and MySQL using Google Cloud Container Engine (GKE) and Kubernetes. While the set up works great the database credentials were hard-coded and completely visible to anyone that has access to the repository. Ideally you would not want these credentials stored as clear text in your source control (especially production credentials). To help facilitate this, Kubernetes has the concept of a Secret.

Hosting Ghost Using Container Engine

This is the first post in a series that will document how I got my Ghost blog up and running using Google Cloud Container Engine (GKE). By the end of this, you will have a basic (but useable) blog set up that is publicly accessible. This post is going to follow along pretty closely with Google’s tutorial for hosting a Wordpress blog using GKE. I deviate from the Wordpress tutorial in a few key areas: