Search code examples
kubernetesclientruntimequarkuskubernetes-secrets

How to use quarkus.kubernetes-config.secrets.enabled in application.yml?

I'm struggling at having secrets read using application.yml.

When I do:

quarkus:
    application:
        name: pi-quarkus-fund-persistence-service
    kubernetes-config:
        enabled: true
        fail-on-missing-config: false
        config-maps: pi-quarkus-fund-persistence-service-configmap
        secrets: pi-quarkus-fund-persistence-service-secrets
            enabled: true

The build fails with:

Failed to build quarkus application: mapping values are not allowed here
    in 'reader', line 16, column 20:
                enabled: true
                        ^

When:

quarkus:
    application:
        name: pi-quarkus-fund-persistence-service
    kubernetes-config:
        enabled: true
        secrets.enabled: true
        fail-on-missing-config: false
        config-maps: pi-quarkus-fund-persistence-service-configmap
        secrets: pi-quarkus-fund-persistence-service-secrets

The build fails with:

Unrecognized configuration key "quarkus.kubernetes-config."secrets.enabled"" was provided; it will be ignored; verify that the dependency extension for this configuration is set or you did not make a typo

When:

quarkus.kubernetes-config.secrets.enabled: true
quarkus:
    application:
        name: pi-quarkus-fund-persistence-service
    kubernetes-config:
        enabled: true
        fail-on-missing-config: false
        config-maps: pi-quarkus-fund-persistence-service-configmap
        secrets: pi-quarkus-fund-persistence-service-secrets

The build succeed but the service fails at startup with:

Configuration is read from Secrets [pi-quarkus-fund-persistence-service-secrets], but quarkus.kubernetes-config.secrets.enabled is false. Check if your application's service account has enough permissions to read secrets.

When I look at this commit: https://github.com/quarkusio/quarkus/commit/93f00af9444deafe950afa1fad60f56fceb81ca3

Line 48: // TODO: should probably use converter here

Could it be because the property is not converted from yaml?

Solution

  • I think this is just about how to write the correct YAML. It should be:

    quarkus:
    application:
        name: pi-quarkus-fund-persistence-service
    kubernetes-config:
        enabled: true
        fail-on-missing-config: false
        config-maps: pi-quarkus-fund-persistence-service-configmap
        secrets:
            ~: pi-quarkus-fund-persistence-service-secrets
            enabled: true

    In retrospect, quarkus.kubernetes-config.secrets.enabled wasn't the best choice for this config property, sorry about that :-(