May I please know if we have any example accessing secrets in kubernetes(OKE) cluster. Eg some pwd stored as secret and that pwd needs to be assigned to some parameter in property file.
Eg: oracle.ucp.jdbc.PoolDataSource.test_ds.password=""
Looking for pointers
I assume you would have already defined your key "oracle.ucp.jdbc.PoolDataSource.test_ds.password" in your project's microprofile-config.properties file. If not, you should be first defining this in the config properties file. Defining the configuration in microprofile config allows you to inject the configuration into a field of your CDI managed bean instance like so:
@Inject
@ConfigProperty(name = "oracle.ucp.jdbc.PoolDataSource.test_ds.password")
private String password;
The next step is to be able to override the value of the config property in the execution environment. This can be done through environment variables. Helidon config automatically prioritizes environment variables over values defined inside microprofile-config.properties. This gives you the leverage to override the property value by defining the same key as the environment variable like so:
bash> export oracle.ucp.jdbc.PoolDataSource.test_ds.password="foo"
Now, the Helidon application would pick up "foo" as the password instead of the value defined in the properties file.
The final step is to bind the above knowledge with Kubernetes secrets to complete the full circle. You will be defining the property as an environment variable on your container using env property of the container. The "env" property can be bound to a literal or configmap or secret key. In your case you will bind the environment variable to the secret, something like the below:
env:
- name: oracle.ucp.jdbc.PoolDataSource.test_ds.password
valueFrom:
secretKeyRef:
name: <your-k8s-secret-object-with-db-password>
key: <password-key-in-secret>
If you follow all the above steps ditto, your docker container would be injected with the new OS environment variable oracle.ucp.jdbc.PoolDataSource.test_ds.password at startup. The value of the variable would be the password from the mapped K8S secrets object. You can verify this by describing your pod using kubectl describe command.
The Helidon MP application executing in such a container will pick up the environment variable automatically at server startup, and inject the env value into your @ConfigProperty(name = "oracle.ucp.jdbc.PoolDataSource.test_ds.password") annotated field, instead of the value in the config-properties at startup.