K
Q

How to access the credentials in Kubernetes for MongoDB with Java?

11/14/2019

I am working on Java Springboot with MongoDB using Kubernetes. Currently I just hard coded the URI in application properties and I would like to know

how can I access to the MongoDB credentials on Kubernetes with Java?

-- Mhanxsolo
java
jenkins
kubernetes
spring

Similar Questions

Kubernetes Cloud Logging Authentication Issue
our GKE container have a problem with start python app. we use CUDA/TensorFlow
Docker containers running terribly slow on baremetals, however system resources under utilised
When to use MiniKube and when to use Kubernetes?

2 Answers

11/14/2019

If I properly understood the question, it is specifically about Java Spring Boot applications running on Kubernetes.

Few options come to my mind...some not that secure or exclusive to running on Kubernetes but still mentioned here:

  • Environment variables with values in the deployment/pod configuration. Everyone with access to the configuration will be able to see them.

    Use ${<env-var>} / ${<end-var>:<default-value>} to access the environment variables in Spring Boot's application.properties/.yaml file. For example, if DB_USERNAME and DB_PASSWORD are two such environment variables:

    spring.data.mongodb.username = ${DB_USERNAME}
spring.data.mongodb.password = ${DB_PASSWORD}

    ...or

    spring.data.mongodb.uri = mongodb://${DB_USERNAME}:${DB_PASSWORD}@<host>:<port>/<dbname>

    This will work regardless whether the application uses spring.data.mongodb.* properties or properties with custom names injected in a @Configuration class with @Value.

  • Based on how the Java application is started in the container, startup arguments can be defined in the deployment/pod configuration, similarly to the bullet point above.

  • Environment variables with values populated from secret(s). Access the environment variables from SpringBoot as above.

  • Secrets as files - the secrets will "appear" in a file dynamically added to the container at some location/directory; it would require you to define your own @Configuration class that loads the user name and password from the file using @PropertySource.

  • The whole application.properties could be put in a ConfigMap. Notice that the properties will be in clear text. Then populate a Volume with the ConfigMap so that application.properties will be added to the container at some location/directory. Point Spring Boot to that location using spring.config.location as env. var, system property, or program argument.

  • Spring Cloud Vault

  • Some other external vault-type of secure storage - an init container can fetch the db credentials and make them available to the Java application in a file on a shared volume in the same pod.

  • Spring Cloud Config...even though it is unlikely you'd want to put db credentials in its default implementation of the server storage backend - git.

-- apisim
Source: StackOverflow
11/14/2019

The recommended way of passing credentials to Kubernetes pods is to use secrets and to expose them to the application either as environment variables, or as a volume. The link above describes in detail how each approach works.

-- Cosmin Ioniță
Source: StackOverflow