0

I am running Spring Cloud Dataflow on Kubernetes runtime. Currently, I am using K8 secrets to manage secrets for the dataflow server, and skipper server. Going forward I want to use Spring Cloud Vault as a secrets manager.

Is there any support to configure vault secrets in dataflow and skipper servers?

SCDF Version: springcloud/spring-cloud-dataflow-server:2.10.0
Skipper Version: springcloud/spring-cloud-skipper-server:2.9.0

I enabled following configuration in

application.yaml
vault:
          enabled: true
          authentication: KUBERNETES
          uri: http://<vault_host>
          backend: secret
          application-name: scdf-server
          kubernetes:
            role: internal-app   


bootstrap.yaml
spring:
      application:
        name: scdf-server

I was expecting scdf-server to inject secrets from the vault kV backend, but it seems it's not activating the vault config.

darshilsakhiya
  • 607
  • 14
Jugesh Prasad
  • 1

1 Answers1

0

Spring Cloud Vault isn't in the classpath of the standard build. You can follow these instructions to add jar files to the containers.

Corneil du Plessis
  • 825
  • 7
  • 9
  • Dataflow uses Spring Cloud Kubernetes to process secrets that are mounted under /etc/secrets. Once you add the Vault dependencies (as Corneil pointed out) you should be able to adjust the required SCK properties as necessary. You can see an example where we set these properties in our local K8S scripts https://github.com/spring-cloud/spring-cloud-dataflow/blob/236e763393ae2e3a9761253ab0613de0a7cc5c12/src/local/k8s/yaml/server-deployment.yaml#L79 Also here is some more info on SCK secrets property source https://github.com/spring-cloud/spring-cloud-kubernetes#52-secrets-propertysource – onobc Jan 13 '23 at 15:16