I'm currently stuck and don`t know how to proceed.
This is my Spring Boot application.properties
...
spring.datasource.driverClassName=org.postgresql.Driver
spring.datasource.url=jdbc:postgresql://${POSTGRES_HOST}:5432/postgres
spring.datasource.username=${POSTGRES_USER}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.testWhileIdle=true
spring.datasource.validationQuery=SELECT 1
spring.jpa.show-sql=true
spring.jpa.hibernate.ddl-auto=update
spring.jpa.hibernate.naming-strategy=org.hibernate.cfg.ImprovedNamingStrategy
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
#Setup SSL
server.port: 8443
server.ssl.key-store: ${TLS_CERTIFICATE}
server.ssl.key-store-password: ${TLS_PASSWORD}
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias fundtr
...
My Deployment yaml for Spring Boot Application:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: f-app
namespace: default
spec:
replicas: 1
template:
metadata:
name: f-app
labels:
app: f-app
spec:
containers:
- name: f-app
image: eu.gcr.io/..../...
env:
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres_user
- name: POSTGRES_PASSWORD
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres_password
- name: POSTGRES_HOST
valueFrom:
configMapKeyRef:
name: hostname-config
key: postgres_host
- name: TLS-CERTIFICATE
valueFrom:
secretKeyRef:
name: f-tls
key: Certificate.p12
- name: TLS-PASSWORD
valueFrom:
secretKeyRef:
name: f-tls
key: password
This is how I create secret in Kubernetes:
kubectl create secret generic f-tls --from-file=Certificate.p12 --from-literal=password=changeit
When it's deployed I'm getting
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: ContainerCannotRun
Message: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:295: setting oom score for ready process caused \"write /proc/13895/oom_score_adj: invalid argument\""
When I remove the Secrets from the Deployment yaml it's working fine, but I could not understand what it the root cause of this issue. I'm using Google Cloud Platform Container Engine.
This answer is specific to Springboot application and that is what asked in question.
Step 1: Create a generic secret from your keystore or p12 file
kubectl create secret generic f-tls-secret --from-file=Certificate.p12 --from-literal=password=changeit
Step 2: Mount the secret to your pod using deployment object
spec:
containers:
- image: eu.gcr.io/..../...
volumeMounts:
- name: tls
mountPath: /workspace/resources/
volumes:
- name: tls
secret:
secretName: f-tls-secret
#Setup SSL server.port: 8443 server.ssl.key-store: classpath:resources/Certificate.p12 server.ssl.key-store-password: ${TLS_PASSWORD} server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias fundtr