camel-k icon indicating copy to clipboard operation
camel-k copied to clipboard
verified publisher icon apache

Directly reference secrets in KameletBinding

Open nicolaferraro opened this issue 3 years ago • 3 comments

I thought there was an issue for this, but apparently not. When creating a KameletBinding you put all properties in plaintext, including secret ones. There are ways to save data in secrets but they involve using a specific format of the underlying runtime (.properties file in the secret with Camel notation camel.kamelet.<name>.<id>.<key>=<val>), which is not ideal for a high level construct like the KameletBinding.

There should be something like:

source:
  # ...
  properties:
    queue: myqueue
    accessKey:
      secretRef:
        name: mysecret
        key: access-key

The problems with that is that the spec -> properties are no longer expected to be compliant with the JSON-schema definition in the Kamelet. So we may decide to change that definition as well, or provide a propertyRef section. There are multiple solutions, but we need one before it goes to v1.

nicolaferraro avatar Jan 13 '22 15:01 nicolaferraro

This issue has been automatically marked as stale due to 90 days of inactivity. It will be closed if no further activity occurs within 15 days. If you think that’s incorrect or the issue should never stale, please simply write any comment. Thanks for your contributions!

github-actions[bot] avatar Apr 20 '22 00:04 github-actions[bot]

Hi, I might have encountered an issue with keda (nice to see the area tag here) in combination with not having this feature.

If we're using KameletBindings and we have a Keda enabled Kamelet, the secrets mounted into the pods (through traits.mount.configs are not visible to keda. Meaning either I'm forced to expose the secret as part of KameletBinding and have the Kamelet Keda enabled, or I can hide credentials into a secret, but then I'd have to configure Keda manually. Maybe this has something to do with our credentials using metadata parameter with a value computed from a template.

I'm now unsure, whether I should file a bug report, or if I have encountered something unsupported, in which case this feature might "fix" it in addition to being amazing by itself :).

If anyone else has a tip for a workaround, I'm all ears.

edit: All my other ideas failed. camel.apache.org/keda.authenticationRef.name is ignored and using environment variable from scale target also doesn't work, since the kameletbinding doesn't have the variable, only the deployment created by it does.

djetelina avatar May 05 '23 16:05 djetelina

If I understand correctly, the problem you're facing is different than this one. I invite you to log a separate issue with all details and a minimum reproducer so we can take care of it as well.

squakez avatar May 08 '23 07:05 squakez