在Kubernetes / Docker容器中使用JDBC进行预身份验证的数据源
[英]Pre Authenticated Datasource using JDBC in Kubernetes/Docker Containers
问题描述
During the migration from Java Enterprise web applications such as Tomcat or Weblogic to Kubernetes (or any container orchestration solution), this question raised that because there is no alternative out of the box to handle the connection pool and dynamic data source creation/connection pool feature in the Kubernetes for Java. 
在从Java Enterprise Web应用程序(例如Tomcat或Weblogic)迁移到Kubernetes(或任何容器编排解决方案)的过程中,该问题提出,因为没有现成的方法来处理连接池和动态数据源创建/连接池功能在Kubernetes for Java中。
Because of this issue secrets should be injected to the containers through the volumes or environment variables which makes the credentials available to the application (developers) in plain text. 由于这个问题,应该通过卷或环境变量将秘密注入到容器中,从而使凭据以纯文本格式提供给应用程序(开发人员)。
Any solution or work-around for this issue? 任何解决方案或解决此问题的方法?
1 个解决方案
解决方案1
1 2019-08-01 15:51:10
If an application developer can access the production tomcat/weblogic, he can gather the credentials as well, so there is no difference with kubernetes. 如果应用程序开发人员可以访问生产tomcat / weblogic,他也可以收集凭据,因此kubernetes并没有区别。 If you want to prevent developers from getting data from production environments, appropriate access restrictions must be in place. 如果要阻止开发人员从生产环境中获取数据,则必须设置适当的访问限制。
A kubernetes secret could be used to provide credentials, for more elaborate scenarios a special service like hashicorp vault could be used. 可以使用kubernetes机密提供凭据,对于更复杂的情况,可以使用hashicorp Vault这样的特殊服务。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.