stackoom
  简体   繁体   中英

Externalize configuration using ConfigMap with Spring Boot Kubernetes

 原文  2022-06-02 14:00:08       spring-boot/ kubernetes/ spring-cloud-kubernetes

Question

I'm trying to externalize my Spring Boot configuration using ConfigMap s in Kubernetes. I've read the docs and added the dependency on my pom.xml:

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-kubernetes-fabric8-config</artifactId>
  <version>2.1.3</version>
</dependency>

Set my spring.application.name as webapp and created a ConfigMap from a YAML file:

spring:
  web:
    locale: en_US
    locale-resolver: fixed

Using this command:

kubectl create configmap webapp \
--namespace webapp-production \
--from-file=config.yaml

But when my application starts I get the following error:

Can't read configMap with name: [webapp] in namespace: [webapp-production]. Ignoring.
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://IP/api/v1/namespaces/webapp-production/configmaps/webapp. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. configmaps "webapp" is forbidden: User "system:serviceaccount:webapp-production:default" cannot get resource "configmaps" in API group "" in the namespace "webapp-production".

I couldn't find any more info in the docs on how to configure access other than this:

You should check the security configuration section. To access config maps from inside a pod you need to have the correct Kubernetes service accounts, roles and role bindings.

How can I grant the required permissions?

1 answers

solution1
 0  2022-06-02 14:43:54

Finally I got it solved by creating an specific ServiceAccount and setting the deployment template spec.serviceAccountName :

apiVersion: v1
kind: ServiceAccount
metadata:
  name: webapp-service-account
  namespace: webapp-production
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: webapp-cluster-role
  namespace: webapp-production
# Grant access to configmaps for external configuration
rules:
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: webapp-cluster-role-binding
roleRef:
  kind: ClusterRole
  name: webapp-cluster-role
  apiGroup: rbac.authorization.k8s.io
subjects:
  - kind: ServiceAccount
    name: webapp-service-account
    namespace: webapp-production

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to externalize configuration in Spring Boot using profiles? How to edit configmap configuration in spring boot kubernetes application during runtime Spring Boot: How to externalize JDBC datasource configuration? Externalize mongo json query using spring boot Dockerized Spring Boot app not using mounted Kubernetes ConfigMap (application.properties) How can i externalize datasource configuration with spring-boot? Spring Boot: override application.yml properties from Kubernetes ConfigMap Kubernetes secrets and spring boot configuration Externalize query in spring boot application Spring Boot 2.0 externalize property file in Tomcat using WAR packaging
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM