apache
Get environment variable value is empty in properties file
What happened?
Hi Team In our Kubernetes cluster, we already have a Secret to store the database Host, USERNAME, PASSWORD, etc. For security reasons, we don't want to store sensitive information like the database password in the properties file of the Git Repo
So we specify our template with 'kamel run --build-property=file:quarkus.properties --property file:datasource.properties xxx.java --dev --pod-template pod-template.yaml' :
containers:
- name: integration
envFrom:
- secretRef:
name: ui-postgresql
datasource.properties:
After running in our pod, I through the exec
env | grep PASSWORD way to query the environment variables, ensure the environment variable exists in the pod, but our program error, said an error connecting to the database PASSWORD cannot be empty, So I continue to troubleshoot the /etc/camel/conf.d/user.properties The properties file:
As you can see, we got an empty value. We also tried ${PASSWORD: "Test"} to try to specify a default value, but we still couldn't get the PASSWORD value, and the result was Test
We also tried changing the Key to DB_PASS to prevent a collision, but still no luck
Steps to reproduce
No response
Relevant log output
No response
Camel K version
1.11.1
Hello. Just a couple of notes regarding this issue. First of all, you need to make sure that the property you're willing to use is really a build time properties as, in such case, likely you need to provide it ahead of time, during build phase. I think it's not the case for database user/password though. Then, specifically to your problem, this is happening because you are not setting the environment variable (ie, via environment trait). What you need is the application Pod to have something like:
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: mysqlpwd
key: password
However, I think we don't have that feature out of the box. The only way to manage this at the moment would be using Pod trait configuration. If you think this is something useful/required, please, open a new issue asking for the feature to enhance the environment trait to include configmap/secret values.
@squakez Thank you for your reply. I get it. Do you think it is feasible to use initContainer? In my pod-template, I added initContainer, and in initContainer, I used kubectl describe secret xxx to get the USERNAME and PASSWORD in Secret, Then regeneration into a /etc/camel/conf.d/user.properties, this may be a temporary solution?
Or camel k's best practices for password management, which I can't seem to find
InitContainers is something we support: https://camel.apache.org/camel-k/2.2.x/traits/pod.html#_init_containers - however I don't think it really solves the problem or at least, does not seems a very orthodox thing to do. I think we need to develop a feature here to support this ootb, so, I invite you to log another issue requesting it. Thanks.
Regarding this issue, the current status:
We do this by commenting in the java file:
# camel-k: dependency=mvn:io.quarkus:quarkus-jdbc-postgresql
# camel-k: build-property=quarkus.datasource.xxx.db-kind=postgresql
# camel-k: config=secret:<secret-name>
# camel-k: config=file:datasource.properties
The datasource.properties file continues to retrieve the value in Secret using ${PASSWORD}:
quarkus.datasource.xxx.password=${PASSWORD}
kamel run xxx.java --dev
In this way, my requirements can be realized. Is there any other better scheme that can tell me? Thanks!