You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2020/09/25 11:34:28 UTC
[GitHub] [camel-k] evanshortiss opened a new issue #1715: Environment Variables from Secrets
evanshortiss opened a new issue #1715:
URL: https://github.com/apache/camel-k/issues/1715
Hi, I'm working on a route where I use a JDBC connector to perform a DB INSERT. I'd like to inject the db connection details from an existing secret and load via `System.getenv("DB_PASS"')`.
To configure the datasource I have the following:
```java
@BindToRegistry("dataSource")
public BasicDataSource datasoure() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName("org.postgresql.Driver");
dataSource.setUrl("jdbc:postgresql://postgres:5432/my-db");
dataSource.setUsername("user"); // want to store these in a secret
dataSource.setPassword("pass"); // want to store these in a secret
return dataSource;
}
```
With this my `.to("jdbc:datasource")` line is working, but the username and password are plaintext. I could use `kamel --env` to inject this, but I don't see how `--env` can reference a key in a secret. Is this possible?
Perhaps there's a way to set this in the `application.properties` that I am missing?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698881702
if your put the credential in a secret, then you can use
kamel run --secret your-secret
the value in the secret are made available to the integration thus you can do something like:
```java
@BindToRegistry("dataSource")
public BasicDataSource datasoure(
@PropertyInject("db.usr") String usr,
@PropertyInject("db.pwd") String pwd) {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName("org.postgresql.Driver");
dataSource.setUrl("jdbc:postgresql://postgres:5432/my-db");
dataSource.setUsername(usr); // <-- from secret
dataSource.setPassword(pwd); // <-- from secret
return dataSource;
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698881702
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698968084
So about the `valueFrom` we have some issue that could make it possible:
- https://github.com/apache/camel-k/issues/1680
- https://github.com/apache/camel-k/issues/1657
but they are not yet implemented so you either have to pack them as a properties file like entry or you can use some special resolvers, like:
```
camel.beans.dataSource = #class:org.apache.commons.dbcp.BasicDataSource
camel.beans.dataSource.driverClassName = org.postgresql.Driver
camel.beans.dataSource.url = jdbc:postgresql://postgres:5432/my-db
camel.beans.dataSource.username = {{secret:db-login/POSTGRES_USER}}
camel.beans.dataSource.password = {{secret:db-login/POSTGRES_PASSWORD}}
```
**Note 1** you still need to tell kamel to mount such secrets by with the `--secre` cli option.
**Note 2** hope it works because I just realize there's no tests :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] evanshortiss edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
evanshortiss edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698961863
Thank you @lburgazzoli, those are both nice options!
My confusion is stemming from the fact that normally I can attach a secret to the environment like so:
```
- name: DB_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: db-login-secret
```
Then in properties, for say a Quarkus application, I can do `db.usr=${HOST:DB_USER}`. It seems like with kamel, the secret must contain a properties format file?
My reasoning for this question is I have my DB info in a pre-existing secret:
```
apiVersion: v1
data:
POSTGRES_PASSWORD: cGFzc3dvcmQK
POSTGRES_USER: dXNlcgo=
kind: Secret
metadata:
name: db-login
type: Opaque
```
And I have my properties like so in a config map:
```
kafka.host=cluster-kafka-brokers
kafka.port=9092
kafka.serializerClass=kafka.serializer.StringEncoder
# Kafka meter consumer properties
consumer.topic=meters
consumer.group=CamelMeters
consumer.maxPollRecords=5000
consumer.consumersCount=1
consumer.seekTo=beginning
# Can I pull these from a secret/environment?
camel.beans.dataSource.username = {{db.usr}}
camel.beans.dataSource.password = {{db.pwd}}
```
Is it possible to populate the `dataSource` properties via the existing secret?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698968084
So about the `valueFrom` we have some issue that could make it possible:
- https://github.com/apache/camel-k/issues/1680
- https://github.com/apache/camel-k/issues/1657
but they are not yet implemented so you either have to pack them as a properties file like entry or you can use some special resolvers, like:
```
camel.beans.dataSource = #class:org.apache.commons.dbcp.BasicDataSource
camel.beans.dataSource.driverClassName = org.postgresql.Driver
camel.beans.dataSource.url = jdbc:postgresql://postgres:5432/my-db
camel.beans.dataSource.username = {{secret:db-login/POSTGRES_USER}}
camel.beans.dataSource.password = {{secret:db-login/POSTGRES_PASSWORD}}
```
**Note 1** you still need to tell kamel to mount the `db-login` secrets by with the `--secret` cli option.
**Note 2** hope it works because I just realize there's no tests :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] evanshortiss commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
evanshortiss commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698961863
Thank you @lburgazzoli, those are both nice options!
My confusion is stemming from the fact that normally I can attach a secret to the environment like so:
```
- name: DB_USER
valueFrom:
secretKeyRef:
key: DB_USER
name: db-login-secret
```
Then in properties, for say a Quarkus application, I can do `db.usr=${HOST:DB_USER}`. It seems like with kamel, the secret must contain a properties format file?
My reasoning for this question is I have my DB info in a pre-existing secret:
```
apiVersion: v1
data:
POSTGRES_PASSWORD: cGFzc3dvcmQK
POSTGRES_USER: dXNlcgo=
kind: Secret
metadata:
name: db-login
type: Opaque
```
And I have my properties like so in a config map:
```
kafka.host=cluster-kafka-brokers
kafka.port=9092
kafka.serializerClass=kafka.serializer.StringEncoder
# Kafka meter consumer properties
consumer.topic=meters
consumer.group=CamelMeters
consumer.maxPollRecords=5000
consumer.consumersCount=1
consumer.seekTo=beginning
# Can I pull these from a secret/environment?
camel.beans.dataSource.username = {{db.usr}}
camel.beans.dataSource.password = {{db.pwd}}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698881702
if your put the credential in a secret, then you can use
kamel run --secret your-secret
the secret is then mounted to the pod and its values are made available to the integration thus you can do something like:
```java
@BindToRegistry("dataSource")
public BasicDataSource datasoure(
@PropertyInject("db.usr") String usr,
@PropertyInject("db.pwd") String pwd) {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName("org.postgresql.Driver");
dataSource.setUrl("jdbc:postgresql://postgres:5432/my-db");
dataSource.setUsername(usr); // <-- from secret
dataSource.setPassword(pwd); // <-- from secret
return dataSource;
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698988428
yes please go ahead
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698968084
So about the `valueFrom` we have some issue that could make it possible:
- https://github.com/apache/camel-k/issues/1680
- https://github.com/apache/camel-k/issues/1657
but they are not yet implemented so you either have to pack your credentials as a properties file or you can use some special resolvers, like:
```
camel.beans.dataSource = #class:org.apache.commons.dbcp.BasicDataSource
camel.beans.dataSource.driverClassName = org.postgresql.Driver
camel.beans.dataSource.url = jdbc:postgresql://postgres:5432/my-db
camel.beans.dataSource.username = {{secret:db-login/POSTGRES_USER}}
camel.beans.dataSource.password = {{secret:db-login/POSTGRES_PASSWORD}}
```
**Note 1** you still need to tell kamel to mount the `db-login` secrets by with the `--secret` cli option.
**Note 2** hope it works because I just realize there's no tests :)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698968084
So about the `valueFrom` we have some issue that could make it possible:
- https://github.com/apache/camel-k/issues/1680
- https://github.com/apache/camel-k/issues/1657
but they are not yet implemented so you either have to pack your credentials as a properties file or you can use some special resolvers, like:
```
camel.beans.dataSource = #class:org.apache.commons.dbcp.BasicDataSource
camel.beans.dataSource.driverClassName = org.postgresql.Driver
camel.beans.dataSource.url = jdbc:postgresql://postgres:5432/my-db
camel.beans.dataSource.username = {{secret:db-login/POSTGRES_USER}}
camel.beans.dataSource.password = {{secret:db-login/POSTGRES_PASSWORD}}
```
**Note 1** you still need to tell kamel to mount the `db-login` secrets by with the `--secret` cli option.
**Note 2** hope it works because I just realize there's no tests :)
**Note 3** it should also work with `@PropertyInject`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698885613
btw, note that you can configure the datasource using properties only, see https://camel.apache.org/components/latest/others/main.html#_specifying_custom_beans, in that case you can reference any other property using placeholder `{{ }}`, like:
```
camel.beans.dataSource = #class:org.apache.commons.dbcp.BasicDataSource
camel.beans.dataSource.driverClassName = org.postgresql.Driver
camel.beans.dataSource.url = jdbc:postgresql://postgres:5432/my-db
camel.beans.dataSource.username = {{db.usr}}
camel.beans.dataSource.password = {{db.pwd}}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698881702
if your put the credential in a secret, then you can use
kamel run --secret your-secret
the secret is then mounted to the pod and its values are made available to the integration thus you can do something like:
```java
@BindToRegistry("dataSource")
public BasicDataSource datasoure(
@PropertyInject("db.usr") String usr,
@PropertyInject("db.pwd") String pwd) {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName("org.postgresql.Driver");
dataSource.setUrl("jdbc:postgresql://postgres:5432/my-db");
dataSource.setUsername(usr); // <-- from secret
dataSource.setPassword(pwd); // <-- from secret
return dataSource;
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] evanshortiss closed issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
evanshortiss closed issue #1715:
URL: https://github.com/apache/camel-k/issues/1715
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] evanshortiss edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
evanshortiss edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698961863
Thank you @lburgazzoli, those are both nice options!
My confusion is stemming from the fact that normally I can attach a secret to the environment like so:
```
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: POSTGRES_USER
name: db-login-secret
```
Then in properties, for say a Quarkus application, I can do `db.usr=${POSTGRES_USER:default-user}`. It seems like with kamel, the secret must contain a properties format file?
My reasoning for this question is I have my DB info in a pre-existing secret:
```
apiVersion: v1
data:
POSTGRES_PASSWORD: cGFzc3dvcmQK
POSTGRES_USER: dXNlcgo=
kind: Secret
metadata:
name: db-login
type: Opaque
```
And I have my properties like so in a config map:
```
kafka.host=cluster-kafka-brokers
kafka.port=9092
kafka.serializerClass=kafka.serializer.StringEncoder
# Kafka meter consumer properties
consumer.topic=meters
consumer.group=CamelMeters
consumer.maxPollRecords=5000
consumer.consumersCount=1
consumer.seekTo=beginning
# Can I pull these from a secret/environment?
camel.beans.dataSource.username = {{db.usr}}
camel.beans.dataSource.password = {{db.pwd}}
```
Is it possible to populate the `dataSource` properties via the existing secret?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] lburgazzoli edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
lburgazzoli edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698968084
So about the `valueFrom` we have some issue that could make it possible:
- https://github.com/apache/camel-k/issues/1680
- https://github.com/apache/camel-k/issues/1657
but they are not yet implemented so you either have to pack your credentials as a properties file or you can use some special resolvers, like:
```
camel.beans.dataSource = #class:org.apache.commons.dbcp.BasicDataSource
camel.beans.dataSource.driverClassName = org.postgresql.Driver
camel.beans.dataSource.url = jdbc:postgresql://postgres:5432/my-db
camel.beans.dataSource.username = {{secret:db-login/POSTGRES_USER}}
camel.beans.dataSource.password = {{secret:db-login/POSTGRES_PASSWORD}}
```
**Note 1** you still need to tell kamel to mount the `db-login` secret with the `--secret` cli option.
**Note 2** hope it works because I just realize there's no tests :)
**Note 3** it should also work with `@PropertyInject`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] evanshortiss edited a comment on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
evanshortiss edited a comment on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698961863
Thank you @lburgazzoli, those are both nice options!
My confusion is stemming from the fact that normally I can attach a secret to the environment like so:
```
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: POSTGRES_USER
name: db-login-secret
```
Then in properties, for say a Quarkus application, I can do `db.usr=${HOST:DB_USER}`. It seems like with kamel, the secret must contain a properties format file?
My reasoning for this question is I have my DB info in a pre-existing secret:
```
apiVersion: v1
data:
POSTGRES_PASSWORD: cGFzc3dvcmQK
POSTGRES_USER: dXNlcgo=
kind: Secret
metadata:
name: db-login
type: Opaque
```
And I have my properties like so in a config map:
```
kafka.host=cluster-kafka-brokers
kafka.port=9092
kafka.serializerClass=kafka.serializer.StringEncoder
# Kafka meter consumer properties
consumer.topic=meters
consumer.group=CamelMeters
consumer.maxPollRecords=5000
consumer.consumersCount=1
consumer.seekTo=beginning
# Can I pull these from a secret/environment?
camel.beans.dataSource.username = {{db.usr}}
camel.beans.dataSource.password = {{db.pwd}}
```
Is it possible to populate the `dataSource` properties via the existing secret?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-k] evanshortiss commented on issue #1715: Environment Variables from Secrets
Posted by GitBox <gi...@apache.org>.
evanshortiss commented on issue #1715:
URL: https://github.com/apache/camel-k/issues/1715#issuecomment-698987723
> hope it works because I just realize there's no tests
🤣 well good news, since it appears to be working! I used it with the `PropertyInject`
It would be very helpful to mention this on the [docs for configmap/secret](https://camel.apache.org/camel-k/latest/configuration/configmap-secret.html#_configuration_via_secret). If I can help by adding this example I'd be happy to do so 👍
Thank you for all your help @lburgazzoli!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org