I am interested in running Discourse on my organization’s Kubernetes cluster. To do this, we can use the launcher script to build the image, push it to our Docker repo, and run it in the cluster. But building the image seems to require using the database password for database migration and “precompiling assets.”
When I run
docker inspect on the created image, I see that it has
DISCOURSE_DB_PASSWORD baked in. For security reasons, we don’t want to push this information to our Docker repo.
How do other Kubernetes users get around this? I’m fine with using the database password during the build step, but I don’t want it to be pushed to the Docker repo. Instead I’d like to pass the password as an environment variable when running the container (which is how our other Kubernetes apps work).