Pre Authenticated Datasource using JDBC in Kubernetes/Docker Containers
Question
During the migration from Java Enterprise web applications such as Tomcat or Weblogic to Kubernetes (or any container orchestration solution), this question raised that because there is no alternative out of the box to handle the connection pool and dynamic data source creation/connection pool feature in the Kubernetes for Java.
Because of this issue secrets should be injected to the containers through the volumes or environment variables which makes the credentials available to the application (developers) in plain text.
Any solution or work-around for this issue?
1 answers
solution1
1 2019-08-01 15:51:10
If an application developer can access the production tomcat/weblogic, he can gather the credentials as well, so there is no difference with kubernetes. If you want to prevent developers from getting data from production environments, appropriate access restrictions must be in place.
A kubernetes secret could be used to provide credentials, for more elaborate scenarios a special service like hashicorp vault could be used.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.