K
Q

Spring boot log secret.yaml from helm

8/24/2018

I am getting started with helm. I have defined the deployment, service, configMap and secret yaml files.

I have a simple spring boot application with basic http authentication, the username and password are defined in the secret file.

My application is correctly deployed, and when I tested it in the browser, it tells me that the username and password are wrong.

Is there a way to know what are the values that spring boot receives from helms?

Or is there a way to decrypt the secret.yaml file?

values.yaml

image:
  repository: myrepo.azurecr.io
  name: my-service
  tag: latest 

replicaCount: 1

users:
  - name: "admin"
    password: "admintest"
    authority: "admin"
  - name: "user-test"
    password:  "usertest"
    authority: "user"

spring:
  datasource:
    url: someurl
    username: someusername
    password: somepassword
    platform: postgresql

secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}-{{ .Chart.Name }}-secret
stringData:
  spring.datasource.url: "{{ .Values.spring.datasource.url }}"
  spring.datasource.username: "{{ .Values.spring.datasource.username }}"
  spring.datasource.password: "{{ .Values.spring.datasource.password }}"
  spring.datasource.platform: "{{ .Values.spring.datasource.platform }}"  
  {{- range $idx, $user := .Values.users }}
  users_{{ $idx }}_.name: "{{ $user.name }}"
  users_{{ $idx }}_.password: "{{ printf $user.password }}"
  users_{{ $idx }}_.authority: "{{ printf $user.authority }}"
  {{- end }}
-- andreahg
kubernetes-helm
spring-boot

Similar Questions

services is forbidden: User \"system:anonymous\" cannot list services in the namespace \"kube-system\
Kubelet could not register to master after the hostname changed
how to make kuberbetes external can access the redis cluster?
Persistent Volumes & Claims & Replicas in Helm recommended approach
how to access external service using the minikube host's public ip address

1 Answer

8/24/2018

Normally the secret in the secret.yaml file won't be encrypted, just encoded in base64. So you could decode the content of the secret in tool like https://www.base64decode.org/ If you've got access to the kubernetes dashboard that also provides a way to see the value of the secret.

If you're injecting the secret as environment variables then you can find the pod with kubeclt get pods and then kubectl describe pod <pod_name> will include output of which environment variables are injected.

With helm I find it very useful to run helm install --dry-run --debug as then you can see in the console exactly what kubernetes resources will be created from the template for that install.

-- Ryan Dawson
Source: StackOverflow