Pre Authenticated Datasource using JDBC in Kubernetes/Docker Containers

8/1/2019

During the migration from Java Enterprise web applications such as Tomcat or Weblogic to Kubernetes (or any container orchestration solution), this question raised that because there is no alternative out of the box to handle the connection pool and dynamic data source creation/connection pool feature in the Kubernetes for Java.

Because of this issue secrets should be injected to the containers through the volumes or environment variables which makes the credentials available to the application (developers) in plain text.

Any solution or work-around for this issue?

-- Maziar Aboualizadehbehbahani
docker
jakarta-ee
java
jdbc
kubernetes

1 Answer

8/1/2019

If an application developer can access the production tomcat/weblogic, he can gather the credentials as well, so there is no difference with kubernetes. If you want to prevent developers from getting data from production environments, appropriate access restrictions must be in place.

A kubernetes secret could be used to provide credentials, for more elaborate scenarios a special service like hashicorp vault could be used.

-- Thomas
Source: StackOverflow