K
Q

Pre Authenticated Datasource using JDBC in Kubernetes/Docker Containers

8/1/2019

During the migration from Java Enterprise web applications such as Tomcat or Weblogic to Kubernetes (or any container orchestration solution), this question raised that because there is no alternative out of the box to handle the connection pool and dynamic data source creation/connection pool feature in the Kubernetes for Java.

Because of this issue secrets should be injected to the containers through the volumes or environment variables which makes the credentials available to the application (developers) in plain text.

Any solution or work-around for this issue?

-- Maziar Aboualizadehbehbahani
docker
jakarta-ee
java
jdbc
kubernetes

Similar Questions

How to "kubectl get ep" in deployment.yaml
How to transfer docker volumes to kubernetes volumes in azure?
Connecting grafana (outside service mesh) to datasource inside the service mesh
What's the shortest way to add a label to a Pod using the Kubernetes go-client
How to list all securityContext of kubernetes pod and its container
How to create a Kubernetes deployment using the Node.js SDK
'Access denied' error when using kubectl in Lens' terminal

1 Answer

8/1/2019

If an application developer can access the production tomcat/weblogic, he can gather the credentials as well, so there is no difference with kubernetes. If you want to prevent developers from getting data from production environments, appropriate access restrictions must be in place.

A kubernetes secret could be used to provide credentials, for more elaborate scenarios a special service like hashicorp vault could be used.

-- Thomas
Source: StackOverflow