Challenge, Easy,  on  Kubernetes

Convert Pod to Deployment with Secret Management

Scenario

A Pod named osaka-pgsql-pod is currently running in the osaka-database namespace. The manifest file is available on the dev-machine at:

/home/laborant/osaka-pgsql-pod.yaml

The Pod contains hardcoded environment variables for PostgreSQL configuration. This approach is not secure or scalable for production environments.

You need to migrate this Pod to a Deployment for better scalability and management, externalize the configuration to a Secret for security, and remove the original Pod once the migration is complete.

Tasks

Convert the Pod into a Deployment named osaka-pgsql-deployment with 3 replicas in the osaka-database namespace.

Extract the hardcoded environment variables into a Secret named osaka-pgsql-secret in the osaka-database namespace.

Update the Deployment to consume environment variables from the Secret instead of plain text.

Preserve all existing labels and ensure all replicas are running.

Delete the original Pod osaka-pgsql-pod after successful conversion.

Important: Do not modify the original Pod manifest file. The Deployment should reference the Secret, not plain text values.

Hint

Create Secret from literal values, convert Pod spec to Deployment template, use envFrom with secretRef to inject all Secret keys as environment variables.

Test Cases

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge convert-pod-to-deployment-with-secret-management-d8bbf781

This will create a local copy of the challenge content in a directory named convert-pod-to-deployment-with-secret-management-d8bbf781. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge convert-pod-to-deployment-with-secret-management-d8bbf781

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge