Application Configuration
Complete guide to configuring environment variables and settings for both frontend and backend applications.
🔧 Overview
Section titled “🔧 Overview”The application configuration is managed through Kubernetes ConfigMaps and Secrets, providing environment-specific settings for both the Laravel backend and Next.js frontend.
Configuration Architecture
Section titled “Configuration Architecture”Configuration Management:├── Kubernetes ConfigMaps (Non-sensitive data)├── Kubernetes Secrets (Sensitive data)├── Environment-specific files└── Runtime configuration📂 Configuration Structure
Section titled “📂 Configuration Structure”File Organization
Section titled “File Organization”iac/config-maps/├── backend.yaml.example # Backend configuration template├── frontend.yaml.example # Frontend configuration template├── backend.yaml # Actual backend config (git-ignored)├── frontend.yaml # Actual frontend config (git-ignored)└── README.md # Configuration instructions🔐 Backend Configuration (Laravel)
Section titled “🔐 Backend Configuration (Laravel)”Creating Backend Configuration
Section titled “Creating Backend Configuration”# Copy example filecd iac/config-mapscp backend.yaml.example backend.yaml
# Edit with your valuesnano backend.yamlCore Application Settings
Section titled “Core Application Settings”apiVersion: v1kind: ConfigMapmetadata: name: backend-config namespace: productiondata: # Application basics APP_NAME: "myproject" APP_ENV: "production" APP_KEY: "base64:YOUR_GENERATED_KEY" APP_DEBUG: "false" APP_TIMEZONE: "Europe/Berlin" APP_URL: "https://app.myproject.com"Generating Application Key
Section titled “Generating Application Key”# Generate Laravel application keyphp artisan key:generate --show
# Or use OpenSSLopenssl rand -base64 32 | base64Database Configuration
Section titled “Database Configuration”data: # Database connection DB_CONNECTION: "mysql" DB_HOST: "mariadb-service" DB_PORT: "3306" DB_DATABASE: "myproject" DB_USERNAME: "root" DB_PASSWORD: "YOUR_SECURE_PASSWORD"Security Note: In production, move sensitive values to Kubernetes Secrets:
# Create secret for sensitive dataapiVersion: v1kind: Secretmetadata: name: backend-secrets namespace: productiontype: Opaquedata: DB_PASSWORD: <base64-encoded-password> STRIPE_SECRET: <base64-encoded-stripe-secret>Cache and Session Configuration
Section titled “Cache and Session Configuration”data: # Cache settings CACHE_STORE: "redis" SESSION_DRIVER: "redis" SESSION_LIFETIME: "2880" SESSION_ENCRYPT: "false" SESSION_DOMAIN: ".myproject.com"
# Redis connection REDIS_CLIENT: "phpredis" REDIS_HOST: "redis-service" REDIS_PASSWORD: "null" REDIS_PORT: "6379"Queue Configuration
Section titled “Queue Configuration”data: # Queue settings QUEUE_CONNECTION: "redis" BROADCAST_CONNECTION: "reverb"
# Queue processing QUEUE_FAILED_DRIVER: "database"Email Configuration
Section titled “Email Configuration”data: # Email service (AWS SES) MAIL_MAILER: "smtp" MAIL_HOST: "email-smtp.eu-west-1.amazonaws.com" MAIL_PORT: "587" MAIL_USERNAME: "YOUR_SES_USERNAME" MAIL_PASSWORD: "YOUR_SES_PASSWORD" MAIL_ENCRYPTION: "tls" MAIL_FROM_NAME: "myproject"Storage Configuration
Section titled “Storage Configuration”data: # File storage FILESYSTEM_DISK: "r2"
# Cloudflare R2 or MinIO CLOUDFLARE_R2_ACCESS_KEY_ID: "YOUR_ACCESS_KEY" CLOUDFLARE_R2_SECRET_ACCESS_KEY: "YOUR_SECRET_KEY" CLOUDFLARE_R2_BUCKET: "myproject-storage" CLOUDFLARE_R2_ENDPOINT: "https://ACCOUNT.r2.cloudflarestorage.com" CLOUDFLARE_R2_URL: "https://static.myproject.com"Payment Configuration
Section titled “Payment Configuration”data: # Stripe payment processing STRIPE_KEY: "pk_live_YOUR_PUBLISHABLE_KEY" STRIPE_SECRET: "sk_live_YOUR_SECRET_KEY" STRIPE_WEBHOOK_SECRET: "whsec_YOUR_WEBHOOK_SECRET"API Keys and Integrations
Section titled “API Keys and Integrations”data: # Google Services GOOGLE_API_KEY: "YOUR_GOOGLE_API_KEY"
# Twilio SMS TWILIO_SID: "YOUR_TWILIO_SID" TWILIO_AUTH_TOKEN: "YOUR_TWILIO_TOKEN" TWILIO_FROM_NUMBER: "+1234567890" TWILIO_ENABLED: "true"
# Exchange rates FXRATESAPI_TOKEN: "YOUR_FX_API_TOKEN"WebSocket Configuration
Section titled “WebSocket Configuration”data: # Laravel Reverb WebSocket REVERB_APP_ID: "935239" REVERB_APP_KEY: "YOUR_REVERB_KEY" REVERB_APP_SECRET: "YOUR_REVERB_SECRET" REVERB_HOST: "app.myproject.com" REVERB_PORT: "443" REVERB_SCHEME: "https"🎨 Frontend Configuration (Next.js)
Section titled “🎨 Frontend Configuration (Next.js)”Creating Frontend Configuration
Section titled “Creating Frontend Configuration”# Copy example filecp frontend.yaml.example frontend.yaml
# Edit with your valuesnano frontend.yamlCore Frontend Settings
Section titled “Core Frontend Settings”apiVersion: v1kind: ConfigMapmetadata: name: frontend-config namespace: productiondata: # Application URLs NEXT_PUBLIC_APP_URL: "https://myproject.com" NEXT_PUBLIC_BACKEND_URL: "https://app.myproject.com"
# Environment NODE_ENV: "production"API Integration
Section titled “API Integration”data: # Third-party APIs NEXT_PUBLIC_GOOGLE_API_KEY: "YOUR_GOOGLE_API_KEY" NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: "pk_live_YOUR_STRIPE_KEY"
# Analytics NEXT_PUBLIC_GA_MEASUREMENT_ID: "G-XXXXXXXXXX"WebSocket Configuration
Section titled “WebSocket Configuration”data: # WebSocket connection NEXT_PUBLIC_REVERB_HOST: "app.myproject.com" NEXT_PUBLIC_REVERB_APP_KEY: "YOUR_REVERB_KEY" NEXT_PUBLIC_REVERB_PORT: "443" NEXT_PUBLIC_REVERB_SCHEME: "https"Feature Flags
Section titled “Feature Flags”data: # Feature toggles NEXT_PUBLIC_ENABLE_PWA: "true" NEXT_PUBLIC_ENABLE_ANALYTICS: "true" NEXT_PUBLIC_MAINTENANCE_MODE: "false"🌍 Environment-Specific Configuration
Section titled “🌍 Environment-Specific Configuration”Production Configuration
Section titled “Production Configuration”apiVersion: v1kind: ConfigMapmetadata: name: backend-config namespace: productiondata: APP_ENV: "production" APP_DEBUG: "false" LOG_LEVEL: "error" # ... other production settingsStaging Configuration
Section titled “Staging Configuration”apiVersion: v1kind: ConfigMapmetadata: name: backend-config namespace: stagingdata: APP_ENV: "staging" APP_DEBUG: "true" LOG_LEVEL: "debug" # ... other staging settingsDevelopment Configuration
Section titled “Development Configuration”apiVersion: v1kind: ConfigMapmetadata: name: backend-config namespace: developmentdata: APP_ENV: "local" APP_DEBUG: "true" LOG_LEVEL: "debug" # ... other development settings🔒 Secrets Management
Section titled “🔒 Secrets Management”Creating Kubernetes Secrets
Section titled “Creating Kubernetes Secrets”# Create secret from command linekubectl create secret generic backend-secrets \ --from-literal=DB_PASSWORD=your-secure-password \ --from-literal=STRIPE_SECRET=sk_live_your_secret \ --namespace=production
# Create secret from filekubectl create secret generic backend-secrets \ --from-file=.env.secrets \ --namespace=productionSecret YAML Configuration
Section titled “Secret YAML Configuration”apiVersion: v1kind: Secretmetadata: name: backend-secrets namespace: productiontype: Opaquedata: DB_PASSWORD: <base64-encoded-value> STRIPE_SECRET: <base64-encoded-value> MAIL_PASSWORD: <base64-encoded-value>Encoding Secrets
Section titled “Encoding Secrets”# Encode values for secretsecho -n "your-password" | base64
# Decode for verificationecho "eW91ci1wYXNzd29yZA==" | base64 -d🚀 Deployment Process
Section titled “🚀 Deployment Process”Step 1: Prepare Configuration
Section titled “Step 1: Prepare Configuration”# Navigate to config directorycd iac/config-maps
# Copy example filescp backend.yaml.example backend.yamlcp frontend.yaml.example frontend.yaml
# Edit configuration filesnano backend.yamlnano frontend.yamlStep 2: Validate Configuration
Section titled “Step 2: Validate Configuration”# Validate YAML syntaxkubectl apply --dry-run=client -f backend.yamlkubectl apply --dry-run=client -f frontend.yaml
# Check for required fieldsgrep -E "(APP_KEY|DB_PASSWORD|STRIPE)" backend.yamlStep 3: Apply Configuration
Section titled “Step 3: Apply Configuration”# Create namespace if it doesn't existkubectl create namespace production
# Apply configurationkubectl apply -f backend.yamlkubectl apply -f frontend.yaml
# Verify deploymentkubectl get configmaps -n productionStep 4: Update Applications
Section titled “Step 4: Update Applications”# Restart deployments to pick up new configkubectl rollout restart deployment/backend-web -n productionkubectl rollout restart deployment/frontend -n production🔧 Configuration Validation
Section titled “🔧 Configuration Validation”Backend Configuration Check
Section titled “Backend Configuration Check”# Check if config is loadedkubectl exec -it deployment/backend-web -c php -n production -- \ php artisan config:show
# Test database connectionkubectl exec -it deployment/backend-web -c php -n production -- \ php artisan tinker --execute="DB::connection()->getPdo();"
# Test cache connectionkubectl exec -it deployment/backend-web -c php -n production -- \ php artisan tinker --execute="Cache::put('test', 'value'); echo Cache::get('test');"Frontend Configuration Check
Section titled “Frontend Configuration Check”# Check environment variableskubectl exec -it deployment/frontend -n production -- \ env | grep NEXT_PUBLIC
# Test application startupkubectl logs deployment/frontend -n production🔄 Configuration Updates
Section titled “🔄 Configuration Updates”Hot Configuration Updates
Section titled “Hot Configuration Updates”# Update ConfigMapkubectl patch configmap backend-config -n production \ --patch='{"data":{"LOG_LEVEL":"info"}}'
# Rolling restart to apply changeskubectl rollout restart deployment/backend-web -n productionBulk Configuration Updates
Section titled “Bulk Configuration Updates”# Edit ConfigMap directlykubectl edit configmap backend-config -n production
# Apply updated configuration filekubectl apply -f backend-updated.yaml
# Verify changeskubectl get configmap backend-config -o yaml -n production🚨 Troubleshooting Configuration
Section titled “🚨 Troubleshooting Configuration”Common Configuration Issues
Section titled “Common Configuration Issues”1. Missing Required Variables
Section titled “1. Missing Required Variables”# Check for missing environment variableskubectl exec -it deployment/backend-web -c php -n production -- \ php artisan config:show | grep -i null
# Verify ConfigMap contentkubectl describe configmap backend-config -n production2. Invalid Configuration Values
Section titled “2. Invalid Configuration Values”# Test configurationkubectl exec -it deployment/backend-web -c php -n production -- \ php artisan config:cache
# Check application logskubectl logs deployment/backend-web -c php -n production | grep -i error3. Database Connection Issues
Section titled “3. Database Connection Issues”# Test database connectivitykubectl exec -it deployment/backend-web -c php -n production -- \ php artisan migrate:status
# Check database host resolutionkubectl exec -it deployment/backend-web -c php -n production -- \ nslookup mariadb-serviceConfiguration Debugging
Section titled “Configuration Debugging”# View all environment variableskubectl exec -it deployment/backend-web -c php -n production -- env | sort
# Check specific configurationkubectl exec -it deployment/backend-web -c php -n production -- \ php -r "echo getenv('APP_KEY');"
# Validate JSON configurationkubectl get configmap backend-config -o json -n production | jq .data📋 Configuration Checklist
Section titled “📋 Configuration Checklist”Pre-Deployment Checklist
Section titled “Pre-Deployment Checklist”- Application key generated and set
- Database credentials configured
- Redis connection settings verified
- Email service credentials added
- Storage access keys configured
- Payment gateway keys set
- Domain names updated
- SSL certificates configured
- API keys added
- WebSocket configuration set
Post-Deployment Verification
Section titled “Post-Deployment Verification”- Applications start successfully
- Database connections working
- Cache operations functional
- Email sending operational
- File uploads working
- Payment processing active
- WebSocket connections established
- All health checks passing
🔒 Security Best Practices
Section titled “🔒 Security Best Practices”Configuration Security
Section titled “Configuration Security”- Never commit sensitive data to version control
- Use Kubernetes Secrets for sensitive values
- Rotate credentials regularly
- Audit configuration access with RBAC
- Encrypt sensitive ConfigMaps when possible
Access Control
Section titled “Access Control”# RBAC for configuration accessapiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata: namespace: production name: config-readerrules: - apiGroups: [""] resources: ["configmaps", "secrets"] verbs: ["get", "list"]🔄 Configuration Backup
Section titled “🔄 Configuration Backup”Backup Configuration
Section titled “Backup Configuration”# Backup all ConfigMapskubectl get configmaps -n production -o yaml > backup-configmaps.yaml
# Backup specific configurationkubectl get configmap backend-config -n production -o yaml > backup-backend-config.yaml
# Backup secrets (be careful with this)kubectl get secrets -n production -o yaml > backup-secrets.yamlRestore Configuration
Section titled “Restore Configuration”# Restore from backupkubectl apply -f backup-configmaps.yaml
# Verify restorationkubectl get configmaps -n production🔗 Related Documentation
Section titled “🔗 Related Documentation”- Backend Application - Laravel deployment details
- Frontend Application - Next.js deployment details
- Security Guide - Security best practices
- AWS Configuration - Cloud service setup
Proper configuration is essential for secure and reliable application deployment.