K
Q

How to Configure Spring Boot on Kubernetes With Secrets

2/14/2022

I have encrypted two database passwords with kubeseal, but I am not sure how exactly to mount them in my configuration file assuming I am using Spring Boot.

The application keeps complaining about missing placeholder password. Could not resolve placeholder 'datasources.eco.password'

Here is the generated secret : 

apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  annotations:
    sealedsecrets.bitnami.com/namespace-wide: "true"
  creationTimestamp: null
  name: database-keys
  namespace: eco-test
spec:
  encryptedData:
    ecoadmin: AgBPqs07GicbU4eyYXfQrVoRHCkfPHH8jxN8...sefwfs4fse
    ecodb: AgAHYRYpk5j+ZCyIDpYr89d8pYLJ6E8S...sr3245sefsf
  template:
    data: null
    metadata:
      annotations:
        sealedsecrets.bitnami.com/namespace-wide: "true"
      creationTimestamp: null
      name: database-keys
      namespace: eco-test

Here is where I try to mount the secret in my properties file: 

   datasources:
      eco:
        #url: jdbc:oracle:thin:@10.246...
        url: jdbc:oracle:thin:@12.234...
        username: ECO
        password:
          secretKeyRef:
            name: database-keys
            key: ecodb
        minPoolSize: 5
        maxPoolSize: 20
        edition: 'REL_2021_12_06'
      ecoadmin:
        #url: jdbc:oracle:thin:@10.246...
        url: jdbc:oracle:thin:@21.32...
        username: ECOADM
        password:
          secretKeyRef:
            name: database-keys
            key: ecoadmin
-- Vladyslav Maksyk
bitnami
kubernetes
openshift
sealedsecret
spring-boot

Similar Questions

K8S - Not able to see alerts via - alertmanager
Kubernetes and Docker - Running single core application
kubefed init says "waiting for the federation control plane to come up" and it never comes up
How to access minikube machine from outside?
How do I use relative path for a secret mountPath in deployment configuration

1 Answer

2/15/2022

not sure if you are confusing plattform (k8s) with service (springboot) features here.

when you configure your springboot app to expect a value at "datasources.eco.password", you cannot use the kubernetes method of mounting values from secrets there because it expects something like 

datasources:
  eco:
    password: password123

i assume that you can reference ENVs in your properties file, so one way to go would be to mount the secretsvalue as a ENV and reference that in your properties file.

properties file:

datasources:
  eco:
	#url: jdbc:oracle:thin:@10.246...
	url: jdbc:oracle:thin:@12.234...
	username: ECO
	password: ${DB_ADMIN_KEY_PW}
	minPoolSize: 5
	maxPoolSize: 20
	edition: 'REL_2021_12_06'
  ecoadmin:
	#url: jdbc:oracle:thin:@10.246...
	url: jdbc:oracle:thin:@21.32...
	username: ECOADM
	password: ${DB_ADMIN_KEY_PW}

deployment.yaml:

kind: Deployment
apiVersion: apps/v1
metadata:
  ...
spec:
  ...
  template:
    ...
    spec:
      ...
      containers:
        - name: <app>
		  image: <image>
          env:
            - name: DB_ADMIN_KEY_PW
              valueFrom:
                secretKeyRef:
                  name: database-keys
                  key: ecoadmin
		  ...

references:

-- OlGe
Source: StackOverflow