K
Q

How to properly setup a spring application using Spring Cloud K8s to work with k8s secrets using helm?

8/31/2021

I have a Spring Boot application where I have the k8s files for deployment, configmaps and secrets. Their values are being updated using helm. I want to have a secrets.yaml where I put the values there and it replaces the values inside my application.yaml from Spring Boot. I managed to this for the configmaps. I created the configmap.yaml, put the values I want to replace there, setup Spring Cloud K8s to have the permission to execute this (creating the rbac) and it worked. But for the secrets I didn't manage to do this.

Here is my application.yaml. I want to replace the banana.database.password.

spring:
  main:
    banner-mode: off
  application:
    name: devops-integration
  cloud:
    kubernetes:
      secrets:
        name: devops-integration
        paths: /etc/secrets
banana:
  valueTest: hello
  valueDebug: world
  database:
    password: dGVzdAo=

Here is my secret.yaml.

apiVersion: v1
kind: Secret
metadata:
  namespace: {{ .Release.Namespace }}
  name: {{ .Release.Name }}
  labels:
    environment: {{ .Values.cloud.project.environment }}
    release: {{ .Release.Name }}
    tier: {{ .Values.application.tier }}
data:
  banana.database.password: {{ .Values.application.database.password }}

Here is my values.yaml with the final value I want for the secret.

application:
  name: devops-integration
  database:
    password: dGVzdHBhc3N3b3JkCg==

And here is my deployment.yaml where I tried to configure mounts for the secrets, but it din't work.

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: {{ .Release.Namespace }}
  name: {{ .Release.Name }}-deployment
  labels:
    environment: {{ .Values.cloud.project.environment }}
    release: {{ .Release.Name }}
    tier: {{ .Values.application.tier }}
spec:
  replicas: {{ .Values.application.pod.replicas }}
  selector:
    matchLabels:
      environment: {{ .Values.cloud.project.environment }}
      release: {{ .Release.Name }}
      tier: {{ .Values.application.tier }}
  template:
    metadata:
      namespace: {{ .Values.cloud.project.namespace }}
      labels:
        environment: {{ .Values.cloud.project.environment }}
        release: {{ .Release.Name }}
        tier: {{ .Values.application.tier }}
    spec:
      containers:
      - image: gcr.io/{{ .Values.cloud.project.name }}/{{ .Values.application.name }}
        name: {{ .Release.Name }}-container
        volumeMounts:
        - mountPath: "/etc/secrets"
          name: {{ .Release.Name }}-volume
        ports:
        - containerPort: {{ .Values.application.pod.container.port }}
          protocol: {{ .Values.application.pod.container.protocol }}
      volumes:
      - name: {{ .Release.Name }}-volume
        secret:
          secretName: {{ .Release.Name }}

When I deploy everything, what happens is that the value for the password is the one inside the application.yaml, not the one that the secret.yaml is using. For the configmaps this same pattern worked.

Does someone know what could I have done wrong?

PS.: Everything will be deployed to GKE.

-- Leonardo Chassot
java
kubernetes
spring
spring-boot
spring-cloud-kubernetes

Similar Questions

Move pods between namespace
terraform apply could not find the resource helm_release
Istio - Block certain IPs to access services
Airflow - How to run a KubernetesPodOperator with a non exiting command
Multiple servers generating error 500 in HANGFIRE

0 Answers