[英]How can I set a dynamic environment variable when building my Spring Boot app as a docker image using buildpacks?
If you check the commit for the sample aws-apprunner-terraform code (which uses petclinic) you will find that they include in their dockerfile the following:如果您检查示例 aws-apprunner-terraform 代码(使用 petclinic)的提交,您会发现它们在 dockerfile 中包含以下内容:
ENTRYPOINT env spring.datasource.password=$(aws ssm get-parameter --name /database/password --with-decrypt --region $AWS_REGION | grep Value | cut -d '"' -f4) java -Djava.security.egd=file:/dev/./urandom -jar /app.jar
Essentially it is setting the spring.datasource.password
environment variable dynamically at runtime to retrieve a value from the AWS SSM.本质上,它是在运行时动态设置
spring.datasource.password
环境变量以从 AWS SSM 检索值。 This is all fine when using a Dockerfile.当使用 Dockerfile 时,这一切都很好。
But when I build my application using Spring Boot's in-built bootBuildImage
task (I use gradle) I'm not sure how to achieve the same effect.但是当我使用 Spring Boot 的内置
bootBuildImage
任务(我使用 gradle)构建我的应用程序时,我不确定如何达到相同的效果。
How can I set a environment variable value to be dynamic like is done in the example above when using the build pack provided by Spring Boot?使用 Spring Boot 提供的构建包时,如何将环境变量值设置为动态的,就像上面示例中所做的那样?
You could create a .profile
in the root of your repo with contents like:您可以在 repo 的根目录中创建一个
.profile
,其内容如下:
export MY_VAR=$(some-dynamic-value)
More info: https://github.com/buildpacks/spec/blob/main/buildpack.md#app-interface更多信息: https://github.com/buildpacks/spec/blob/main/buildpack.md#app-interface
When using the Spring Boot Gradle plugin's bootBuildImage
or the Maven plugin's spring-boot:build-image
with the default Paketo buildpacks , you can use service bindings to provide external credentials. When using the Spring Boot Gradle plugin's
bootBuildImage
or the Maven plugin's spring-boot:build-image
with the default Paketo buildpacks , you can use service bindings to provide external credentials.
To test this locally, you'd do something like this:要在本地进行测试,您可以执行以下操作:
$ mkdir -p bindings/db
$ echo "mysql" > bindings/db/type
$ aws ssm get-parameter --name /database/password --with-decrypt --region $AWS_REGION | grep Value | cut -d '"' -f4 > bindings/db/password
to end up with this directory structure:最终得到这个目录结构:
bindings
└── db
├── password
└── type
When running the application in the container, mount the bindings
directory to the container and provide an environment variable named SERVICE_BINDING_ROOT
that points to the bindings
directory.在容器中运行应用程序时,将
bindings
目录挂载到容器并提供一个名为SERVICE_BINDING_ROOT
的环境变量,该变量指向bindings
目录。 The Spring Cloud Bindings library that the Paketo buildpacks contribute to the app image will do the rest. Paketo buildpacks 为应用程序映像贡献的Spring Cloud Bindings库将执行 rest。
I don't know enough about Terraform to advise how best to implement this in the tf scripts.我对 Terraform 知之甚少,无法建议如何最好地在 tf 脚本中实现这一点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.