stackoom
  简体   繁体   中英

Openshift secret in Spring Boot bootstrap.yml

 原文  2018-07-18 11:18:16       spring-boot/ kubernetes/ openshift/ spring-config

Question

This how my bootstrap.yml looks like. 

spring:
  cloud:
    config:
      uri: http://xxxx.com
      username: ****
      password: ****
    vault:
      host: vault-server
      port: 8200
      scheme: http
      authentication: token
      token: ${VAULT_ROOT_TOKEN}
  application:
    name: service-name
management:
  security:
    enabled: false

Application is starting when I configure secret as a ENV variable in Deployment Config – OSE, as below. 

   name: VAULT_ROOT_TOKEN
   value: *********

But Configuring secret as a ENV variable and fetching the value from OSE secret is not working . 

name: VAULT_ROOT_TOKEN
     valueFrom: 
       secretKeyRef:
         name: vault-token
         key: roottoken

Error that I am getting is 

org.springframework.vault.VaultException: Status 400 secret/service-name/default: 400 Bad Request: missing required Host header

Surprise in this scenario, E NV variable is working within the container/POD but somehow it is not able to fetch during the bootstrap procedure . 

env | grep TOKEN
VAULT_ROOT_TOKEN=********

My secret configuration in OSE 

oc describe secret vault-token
Name:       vault-token
Namespace:  ****
Labels:     <none>
Annotations:    <none>

Type:   Opaque

Data
====
roottoken:  37 bytes

What is missing in my deployment-config or secrets in OSE ? How to configure to fetch secret as ENV variable and inject in the bootstrap.yml file?

NOTE : I can't move Vault configuration out of bootstrap.yml.

Openshift Enterprise info: 

Version:
OpenShift Master:v3.2.1.31
Kubernetes Master:v1.2.0-36-g4a3f9c5

1 answers

solution1
 0 ACCPTED  2018-07-23 08:52:40

Finally I was able to achieve this. This is what I have done

Provide the token as an arugument: 

java $JAVA_OPTS -jar -Dspring.cloud.vault.token=${SPRING_CLOUD_VAULT_TOKEN} service-name.jar

This is how my configuration looks like:

Deployment Config: 

- name: SPRING_CLOUD_VAULT_TOKEN
             valueFrom:
               secretKeyRef:
                 name: vault-token
                 key: roottoken

Bootstrap file: 

spring:
  cloud:
    config:
      uri: http://xxxx.com
      username: ****
      password: ****
    vault:
      host: vault-server
      port: 8200
      scheme: http
      authentication: token
      token: ${SPRING_CLOUD_VAULT_TOKEN}
  application:
    name: service-name
management:
  security:
    enabled: false

Thanks for my colleagues who has provided the inputs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question bootstrap.yml not loading for Spring Boot 2 bootstrap.yml not loading in Spring Boot 2 What is the difference between putting a property on application.yml or bootstrap.yml in spring boot? How to log application name in log4j2 by fetching name from bootstrap.yml in spring-boot? how to move spring boot config file bootstrap.yml out of resource package Spring Boot: Load common config application properties file using bootstrap.yml In spring-boot Class constructor get called first or bootstrap.yml? How to get docker ip and port in spring boot bootstrap.yml file Bootstrap.yml not being found/read on Spring Boot 2 application deployed on Tomcat Create Library that has a dependency on Spring Boot that has a it's own bootstrap.yml
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM