1

I have a Spring Boot application where I have the k8s files for deployment, configmaps and secrets. Their values are being updated using helm. I want to have a secrets.yaml where I put the values there and it replaces the values inside my application.yaml from Spring Boot. I managed to this for the configmaps. I created the configmap.yaml, put the values I want to replace there, setup Spring Cloud K8s to have the permission to execute this (creating the rbac) and it worked. But for the secrets I didn't manage to do this.

Here is my application.yaml. I want to replace the banana.database.password.

spring:
  main:
    banner-mode: off
  application:
    name: devops-integration
  cloud:
    kubernetes:
      secrets:
        name: devops-integration
        paths: /etc/secrets
banana:
  valueTest: hello
  valueDebug: world
  database:
    password: dGVzdAo=

Here is my secret.yaml.

apiVersion: v1
kind: Secret
metadata:
  namespace: {{ .Release.Namespace }}
  name: {{ .Release.Name }}
  labels:
    environment: {{ .Values.cloud.project.environment }}
    release: {{ .Release.Name }}
    tier: {{ .Values.application.tier }}
data:
  banana.database.password: {{ .Values.application.database.password }}

Here is my values.yaml with the final value I want for the secret.

application:
  name: devops-integration
  database:
    password: dGVzdHBhc3N3b3JkCg==

And here is my deployment.yaml where I tried to configure mounts for the secrets, but it din't work.

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: {{ .Release.Namespace }}
  name: {{ .Release.Name }}-deployment
  labels:
    environment: {{ .Values.cloud.project.environment }}
    release: {{ .Release.Name }}
    tier: {{ .Values.application.tier }}
spec:
  replicas: {{ .Values.application.pod.replicas }}
  selector:
    matchLabels:
      environment: {{ .Values.cloud.project.environment }}
      release: {{ .Release.Name }}
      tier: {{ .Values.application.tier }}
  template:
    metadata:
      namespace: {{ .Values.cloud.project.namespace }}
      labels:
        environment: {{ .Values.cloud.project.environment }}
        release: {{ .Release.Name }}
        tier: {{ .Values.application.tier }}
    spec:
      containers:
      - image: gcr.io/{{ .Values.cloud.project.name }}/{{ .Values.application.name }}
        name: {{ .Release.Name }}-container
        volumeMounts:
        - mountPath: "/etc/secrets"
          name: {{ .Release.Name }}-volume
        ports:
        - containerPort: {{ .Values.application.pod.container.port }}
          protocol: {{ .Values.application.pod.container.protocol }}
      volumes:
      - name: {{ .Release.Name }}-volume
        secret:
          secretName: {{ .Release.Name }}

When I deploy everything, what happens is that the value for the password is the one inside the application.yaml, not the one that the secret.yaml is using. For the configmaps this same pattern worked.

Does someone know what could I have done wrong?

PS.: Everything will be deployed to GKE.

Leonardo Chassot
  • 21
  • 3
  • Which version of `helm` do you use? – moonkotte Sep 01 '21 at 14:53
  • I am very confused of what worked and what not and what are you trying to do, at all. If you have a secret (it is entirely irrelevant how if you use helm or not) and you need some properties from that secret exposed to your spring application - then your approach is entirely wrong. – Eugene Sep 01 '21 at 15:58
  • I'm using helm v3. What I want is that I don'w want to set every secret inside the deployment file, one by one. – Leonardo Chassot Sep 02 '21 at 12:43
  • if you want to notify the users under your question, you need to tag them with `@`, otherwise I have no idea you posted a comment. Your last comment makes no sense in the context of your question. Let's work this out in reverse. Do you have a `secrets.yaml` file and want to expose all of its data as spring properties so that you could use them via `@ConfigurationProperties`, for example? And I will also repeat that using (or not) `helm` for this is irrelevant. – Eugene Sep 05 '21 at 01:27
  • @Eugene sorry, it's my first time working with k8s and helm. I want the values from my `secrets.yaml` to replace the values inside the spring properties. I managed to this this for the `configmap.yaml`, but for the secrets it didn't work – Leonardo Chassot Sep 06 '21 at 13:02
  • Do you need it in _both_ application properties and secrets.yaml? Helm is a way to deploy some manifests to k8s, but its not they only one. Spring does not care how they end up in k8s, all it cares is the ability to read such files. If you do not need them in application.properties and you will read then always from secrets.yaml, then Ill show you how to do it. – Eugene Sep 06 '21 at 19:26

0 Answers0