0

I'm running a Java application and in order to start the application it needs some Java environment variables. Below is the way how the variables are passed to the pod.

I created the value (Password) for -Dzookeeper.ssl.keyStore.password as a Kubernetes Secret and then passed as "valueFrom: secretKeyRef:" (As below) But when I exec into the pod and execute 'env' command, I cannot see -Dzookeeper.ssl.keyStore.password environment variable.

      containers:
        - name: java_app
          image: some_image_here
          env:
            - name: JAVA_TOOL_OPTIONS
              value: >-
                -Dspring.profiles.active=some_profile_here
                -Dlogging.config=some_stuff_here
                 .....
                 .....
            - name: -Dzookeeper.ssl.keyStore.password
              valueFrom:
                secretKeyRef:
                  name: password
                  key: PASSWORD

But when I describe the Pod, it shows as below

-Dzookeeper.ssl.keyStore.password: <set to the key 'PASSWORD' in secret 'password'>  Optional: false

And eventually Pod crashes since -Dzookeeper.ssl.keyStore.password is missing

Container-Man
  • 434
  • 1
  • 6
  • 17
  • This might help? https://stackoverflow.com/questions/74228996/how-to-use-kubernetes-secret-to-pull-a-private-docker-image-from-docker-hub – DreamBold Feb 21 '23 at 17:44
  • `name` should be the name of an environment variable. `-Dzookeeper.ssl.keyStore.password` is not a valid environment variable name. – larsks Feb 21 '23 at 18:55
  • @larsks You mean JAVA_TOOL_OPTIONS is not needed? – Container-Man Feb 21 '23 at 19:15
  • I can't answer that question. It looks like you are trying to set **two** environment variables...one named `JAVA_TOOL_OPTIONS` and one named something else. Each element in the `env` list defines a single environment variable. Only you know which ones you need. – larsks Feb 21 '23 at 19:16
  • I'm guessing `-Dzookeeper.ssl.keyStore.password` should be a part of `JAVA_TOOL_OPTIONS` environment variable but you want its value to be injected from the `Secret` – Sibtain Feb 21 '23 at 19:51
  • @Sibtain Exactly! – Container-Man Feb 21 '23 at 19:52
  • The value of -Dzookeeper.ssl.keyStore.password is store in Vault. And Dzookeeper.ssl.keyStore.password is a part of JAVA_TOOL_OPTIONS – Container-Man Feb 21 '23 at 19:53

1 Answers1

3

You need to create an env variable for the Secret itself which can then be referenced in the subsequent env variable JAVA_TOOL_OPTIONS

    containers:
    - name: java_app
      image: some_image_here
      env:
        - name: ZOOKEEPER_KEYSTORE_PASS
          valueFrom:
            secretKeyRef:
              name: password
              key: PASSWORD
        - name: JAVA_TOOL_OPTIONS
          value: >-
            -Dspring.profiles.active=some_profile_here
            -Dlogging.config=some_stuff_here
            -Dzookeeper.ssl.keyStore.password=$(ZOOKEEPER_KEYSTORE_PASS)
             .....
             .....

Note that order matters in the env list. An environment variable is not considered "defined" if it is specified further down the list.

See the docs for more details

Sibtain
  • 1,436
  • 21
  • 39