remove secret from Kustomize

app.rb

@@ -24,6 +24,8 @@ require "config"
 VERSION = "0.2.1"
 
 CHUNK_SIZE = 1024**2
+SESSION_SECRET_HEX_LENGTH = 64
+JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 
 NAME = "kubernaut".freeze

kustomize/app/deployment.yaml

@@ -22,18 +22,12 @@ spec:
             - name: sinatra-web
               containerPort: 4567
           env:
-            - name: KUBERNAUT_SESSION_SECRET
+            - name: SESSION_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: kubernaut
+                  name: kubernaut-session-secret
                   key: session_secret
                   optional: true
-            - name: KUBERNAUT_JWT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: kubernaut
-                  key: jwt_secret
-                  optional: true
           envFrom:
             - configMapRef:
                 name: kubernaut-configmap

kustomize/app/kustomization.yaml

@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
+  - secret.yaml
   - configmap.yaml
   - deployment.yaml
   - hpa.yaml

lib/config.rb

@@ -1,8 +1,5 @@
 require "sensitive"
 
-SESSION_SECRET_HEX_LENGTH = 64
-JWT_SECRET_HEX_LENGTH = 64
-
 class Config
   attr_accessor :cat
 
@@ -12,7 +9,7 @@ class Config
     @prefix = prefix
     @cat = cat
 
-    session_secret ||= fetch_env "SESSION_SECRET" do
+    session_secret ||= ENV.fetch "SESSION_SECRET" do
       SecureRandom.hex SESSION_SECRET_HEX_LENGTH
     end