Files
spring-cloud-static/Greenwich.SR5/multi/multi__kubernetes_propertysource_implementations.html
2020-02-03 11:48:03 +01:00

223 lines
48 KiB
HTML

<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>140.&nbsp;Kubernetes PropertySource implementations</title><link rel="stylesheet" type="text/css" href="css/manual-multipage.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="multi_spring-cloud.html" title="Spring Cloud"><link rel="up" href="multi__spring_cloud_kubernetes.html" title="Part&nbsp;XVII.&nbsp;Spring Cloud Kubernetes"><link rel="prev" href="multi__kubernetes_native_service_discovery.html" title="139.&nbsp;Kubernetes native service discovery"><link rel="next" href="multi__ribbon_discovery_in_kubernetes.html" title="141.&nbsp;Ribbon Discovery in Kubernetes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">140.&nbsp;Kubernetes PropertySource implementations</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="multi__kubernetes_native_service_discovery.html">Prev</a>&nbsp;</td><th width="60%" align="center">Part&nbsp;XVII.&nbsp;Spring Cloud Kubernetes</th><td width="20%" align="right">&nbsp;<a accesskey="n" href="multi__ribbon_discovery_in_kubernetes.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h2 class="title"><a name="_kubernetes_propertysource_implementations" href="#_kubernetes_propertysource_implementations"></a>140.&nbsp;Kubernetes PropertySource implementations</h2></div></div></div><p>The most common approach to configuring your Spring Boot application is to create an <code class="literal">application.properties</code> or <code class="literal">applicaiton.yaml</code> or
an <code class="literal">application-profile.properties</code> or <code class="literal">application-profile.yaml</code> file that contains key-value pairs that provide customization values to your
application or Spring Boot starters. You can override these properties by specifying system properties or environment
variables.</p><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="configmap-propertysource" href="#configmap-propertysource"></a>140.1&nbsp;Using a <code class="literal">ConfigMap</code> <code class="literal">PropertySource</code></h2></div></div></div><p>Kubernetes provides a resource named <a class="link" href="https://kubernetes.io/docs/user-guide/configmap/" target="_top"><code class="literal">ConfigMap</code></a> to externalize the
parameters to pass to your application in the form of key-value pairs or embedded <code class="literal">application.properties</code> or <code class="literal">application.yaml</code> files.
The <a class="link" href="./spring-cloud-kubernetes-config" target="_top">Spring Cloud Kubernetes Config</a> project makes Kubernetes <code class="literal">ConfigMap</code> instances available
during application bootstrapping and triggers hot reloading of beans or Spring context when changes are detected on
observed <code class="literal">ConfigMap</code> instances.</p><p>The default behavior is to create a <code class="literal">ConfigMapPropertySource</code> based on a Kubernetes <code class="literal">ConfigMap</code> that has a <code class="literal">metadata.name</code> value of either the name of
your Spring application (as defined by its <code class="literal">spring.application.name</code> property) or a custom name defined within the
<code class="literal">bootstrap.properties</code> file under the following key: <code class="literal">spring.cloud.kubernetes.config.name</code>.</p><p>However, more advanced configuration is possible where you can use multiple <code class="literal">ConfigMap</code> instances.
The <code class="literal">spring.cloud.kubernetes.config.sources</code> list makes this possible.
For example, you could define the following <code class="literal">ConfigMap</code> instances:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spring</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: cloud-k8s-app
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> cloud</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> kubernetes</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> config</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: default-name
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> namespace</span>: default-namespace
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> sources</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-comment"># Spring Cloud Kubernetes looks up a ConfigMap named c1 in namespace default-namespace</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - name</span>: c1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-comment"># Spring Cloud Kubernetes looks up a ConfigMap named default-name in whatever namespace n2</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - namespace</span>: n2
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-comment"># Spring Cloud Kubernetes looks up a ConfigMap named c3 in namespace n3</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - namespace</span>: n3
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: c3</pre></div><p>In the preceding example, if <code class="literal">spring.cloud.kubernetes.config.namespace</code> had not been set,
the <code class="literal">ConfigMap</code> named <code class="literal">c1</code> would be looked up in the namespace that the application runs.</p><p>Any matching <code class="literal">ConfigMap</code> that is found is processed as follows:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">Apply individual configuration properties.</li><li class="listitem">Apply as <code class="literal">yaml</code> the content of any property named <code class="literal">application.yaml</code>.</li><li class="listitem">Apply as a properties file the content of any property named <code class="literal">application.properties</code>.</li></ul></div><p>The single exception to the aforementioned flow is when the <code class="literal">ConfigMap</code> contains a <span class="strong"><strong>single</strong></span> key that indicates
the file is a YAML or properties file. In that case, the name of the key does NOT have to be <code class="literal">application.yaml</code> or
<code class="literal">application.properties</code> (it can be anything) and the value of the property is treated correctly.
This features facilitates the use case where the <code class="literal">ConfigMap</code> was created by using something like the following:</p><div class="informalexample"><pre class="screen">kubectl create configmap game-config --from-file=/path/to/app-config.yaml</pre></div><p>Assume that we have a Spring Boot application named <code class="literal">demo</code> that uses the following properties to read its thread pool
configuration.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><code class="literal">pool.size.core</code></li><li class="listitem"><code class="literal">pool.size.maximum</code></li></ul></div><p>This can be externalized to config map in <code class="literal">yaml</code> format as follows:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> pool.size.core</span>: <span class="hl-number">1</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> pool.size.max</span>: <span class="hl-number">16</span></pre></div><p>Individual properties work fine for most cases. However, sometimes, embedded <code class="literal">yaml</code> is more convenient. In this case, we
use a single property named <code class="literal">application.yaml</code> to embed our <code class="literal">yaml</code>, as follows:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application.yaml</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> pool</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> size</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> core</span>: <span class="hl-number">1</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> max</span>:<span class="hl-number">16</span></pre></div><p>The following example also works:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> custom-name.yaml</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> pool</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> size</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> core</span>: <span class="hl-number">1</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> max</span>:<span class="hl-number">16</span></pre></div><p>You can also configure Spring Boot applications differently depending on active profiles that are merged together
when the <code class="literal">ConfigMap</code> is read. You can provide different property values for different profiles by using an
<code class="literal">application.properties</code> or <code class="literal">application.yaml</code> property, specifying profile-specific values, each in their own document
(indicated by the <code class="literal">---</code> sequence), as follows:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application.yml</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the World
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye
---
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> spring</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> profiles</span>: development
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the Developers
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye to the Developers
---
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> spring</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> profiles</span>: production
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the Ops</pre></div><p>In the preceding case, the configuration loaded into your Spring Application with the <code class="literal">development</code> profile is as follows:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the Developers
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye to the Developers</pre></div><p>However, if the <code class="literal">production</code> profile is active, the configuration becomes:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the Ops
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye</pre></div><p>If both profiles are active, the property that appears last within the <code class="literal">ConfigMap</code> overwrites any preceding values.</p><p>Another option is to create a different config map per profile and spring boot will automatically fetch it based
on active profiles</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application.yml</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the World
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye</pre></div><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo-development
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application.yml</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> spring</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> profiles</span>: development
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the Developers
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye to the Developers</pre></div><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: demo-production
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application.yml</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> spring</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> profiles</span>: production
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> greeting</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Hello to the Ops
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> farewell</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> message</span>: Say Goodbye</pre></div><p>To tell Spring Boot which <code class="literal">profile</code> should be enabled at bootstrap, you can pass a system property to the Java
command. To do so, you can launch your Spring Boot application with an environment variable that you can define with the OpenShift
<code class="literal">DeploymentConfig</code> or Kubernetes <code class="literal">ReplicationConfig</code> resource file, as follows:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: DeploymentConfig
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spec</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> replicas</span>: <span class="hl-number">1</span>
...
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> spec</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> containers</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - env</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - name</span>: JAVA_APP_DIR
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> value</span>: /deployments
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - name</span>: JAVA_OPTIONS
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> value</span>: -Dspring.profiles.active=developer</pre></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>You should check the security configuration section. To access config maps from inside a pod you need to have the correct
Kubernetes service accounts, roles and role bindings.</p></td></tr></table></div><p>Another option for using <code class="literal">ConfigMap</code> instances is to mount them into the Pod by running the Spring Cloud Kubernetes application
and having Spring Cloud Kubernetes read them from the file system.
This behavior is controlled by the <code class="literal">spring.cloud.kubernetes.config.paths</code> property. You can use it in
addition to or instead of the mechanism described earlier.
You can specify multiple (exact) file paths in <code class="literal">spring.cloud.kubernetes.config.paths</code> by using the <code class="literal">,</code> delimiter.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>You have to provide the full exact path to each property file, because directories are not being recursively parsed.</p></td></tr></table></div><div class="table"><a name="d0e37630" href="#d0e37630"></a><p class="title"><b>Table&nbsp;140.1.&nbsp;Properties:</b></p><div class="table-contents"><table class="table" summary="Properties:" style="border-collapse: collapse;border-top: 1px solid ; border-bottom: 1px solid ; "><colgroup><col class="col_1"><col class="col_2"><col class="col_3"><col class="col_4"></colgroup><thead><tr><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Name</th><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Type</th><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Default</th><th style="border-bottom: 1px solid ; " align="left" valign="top">Description</th></tr></thead><tfoot><tr><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.config.enableApi</code></p></th><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></th><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">true</code></p></th><th style="" align="left" valign="top"><p>Enable or disable consuming <code class="literal">ConfigMap</code> instances through APIs</p></th></tr></tfoot><tbody><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.config.enabled</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">true</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Enable ConfigMaps <code class="literal">PropertySource</code></p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.config.name</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">String</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">${spring.application.name}</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Sets the name of <code class="literal">ConfigMap</code> to look up</p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.config.namespace</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">String</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p>Client namespace</p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Sets the Kubernetes namespace where to lookup</p></td></tr><tr><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.config.paths</code></p></td><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">List</code></p></td><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">null</code></p></td><td style="" align="left" valign="top"><p>Sets the paths where <code class="literal">ConfigMap</code> instances are mounted</p></td></tr></tbody></table></div></div><br class="table-break"></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_secrets_propertysource" href="#_secrets_propertysource"></a>140.2&nbsp;Secrets PropertySource</h2></div></div></div><p>Kubernetes has the notion of <a class="link" href="https://kubernetes.io/docs/concepts/configuration/secret/" target="_top">Secrets</a> for storing
sensitive data such as passwords, OAuth tokens, and so on. This project provides integration with <code class="literal">Secrets</code> to make secrets
accessible by Spring Boot applications. You can explicitly enable or disable This feature by setting the <code class="literal">spring.cloud.kubernetes.secrets.enabled</code> property.</p><p>When enabled, the <code class="literal">SecretsPropertySource</code> looks up Kubernetes for <code class="literal">Secrets</code> from the following sources:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">Reading recursively from secrets mounts</li><li class="listitem">Named after the application (as defined by <code class="literal">spring.application.name</code>)</li><li class="listitem">Matching some labels</li></ol></div><p><span class="strong"><strong>Note:</strong></span></p><p>By default, consuming Secrets through the API (points 2 and 3 above) <span class="strong"><strong>is not enabled</strong></span> for security reasons. The permission 'list' on secrets allows clients to inspect secrets values in the specified namespace.
Further, we recommend that containers share secrets through mounted volumes.</p><p>If you enable consuming Secrets through the API, we recommend that you limit access to Secrets by using an authorization policy, such as RBAC.
For more information about risks and best practices when consuming Secrets through the API refer to <a class="link" href="https://kubernetes.io/docs/concepts/configuration/secret/#best-practices" target="_top">this doc</a>.</p><p>If the secrets are found, their data is made available to the application.</p><p>Assume that we have a spring boot application named <code class="literal">demo</code> that uses properties to read its database
configuration. We can create a Kubernetes secret by using the following command:</p><div class="informalexample"><pre class="screen">oc create secret generic db-secret --from-literal=username=user --from-literal=password=p455w0rd</pre></div><p>The preceding command would create the following secret (which you can see by using <code class="literal">oc get secrets db-secret -o yaml</code>):</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> password</span>: cDQ1NXcwcmQ=
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> username</span>: dXNlcg==
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: Secret
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> creationTimestamp</span>: <span class="hl-number">2017</span>-<span class="hl-number">07</span>-<span class="hl-number">04</span>T09:<span class="hl-number">15</span>:<span class="hl-number">57</span>Z
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: db-secret
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> namespace</span>: default
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> resourceVersion</span>: <span xmlns:d="http://docbook.org/ns/docbook" class="hl-string">"357496"</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> selfLink</span>: /api/v1/namespaces/default/secrets/db-secret
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> uid</span>: <span class="hl-number">63</span>c89263-<span class="hl-number">6099</span>-<span class="hl-number">11e7</span>-b3da-<span class="hl-number">76d</span>6186905a8
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">type</span>: Opaque</pre></div><p>Note that the data contains Base64-encoded versions of the literal provided by the <code class="literal">create</code> command.</p><p>Your application can then use this secret&#8201;&#8212;&#8201;for example, by exporting the secret&#8217;s value as environment variables:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: Deployment
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: ${project.artifactId<span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">}</span>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">spec</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> template</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> spec</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> containers</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - env</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - name</span>: DB_USERNAME
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> valueFrom</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> secretKeyRef</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: db-secret
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key</span>: username
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> - name</span>: DB_PASSWORD
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> valueFrom</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> secretKeyRef</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: db-secret
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> key</span>: password</pre></div><p>You can select the Secrets to consume in a number of ways:</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p class="simpara">By listing the directories where secrets are mapped:</p><div class="informalexample"><pre class="programlisting">-Dspring.cloud.kubernetes.secrets.paths=/etc/secrets/db-secret,etc/secrets/postgresql</pre></div><p class="simpara">If you have all the secrets mapped to a common root, you can set them like:</p><div class="informalexample"><pre class="programlisting">-Dspring.cloud.kubernetes.secrets.paths=/etc/secrets</pre></div></li><li class="listitem"><p class="simpara">By setting a named secret:</p><div class="informalexample"><pre class="programlisting">-Dspring.cloud.kubernetes.secrets.name=db-secret</pre></div></li><li class="listitem"><p class="simpara">By defining a list of labels:</p><div class="informalexample"><pre class="programlisting">-Dspring.cloud.kubernetes.secrets.labels.broker=activemq
-Dspring.cloud.kubernetes.secrets.labels.db=postgresql</pre></div></li></ol></div><div class="table"><a name="d0e37842" href="#d0e37842"></a><p class="title"><b>Table&nbsp;140.2.&nbsp;Properties:</b></p><div class="table-contents"><table class="table" summary="Properties:" style="border-collapse: collapse;border-top: 1px solid ; border-bottom: 1px solid ; "><colgroup><col class="col_1"><col class="col_2"><col class="col_3"><col class="col_4"></colgroup><thead><tr><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Name</th><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Type</th><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Default</th><th style="border-bottom: 1px solid ; " align="left" valign="top">Description</th></tr></thead><tfoot><tr><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.secrets.enableApi</code></p></th><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></th><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">false</code></p></th><th style="" align="left" valign="top"><p>Enables or disables consuming secrets through APIs (examples 2 and 3)</p></th></tr></tfoot><tbody><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.secrets.enabled</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">true</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Enable Secrets <code class="literal">PropertySource</code></p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.secrets.name</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">String</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">${spring.application.name}</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Sets the name of the secret to look up</p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.secrets.namespace</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">String</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p>Client namespace</p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Sets the Kubernetes namespace where to look up</p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.secrets.labels</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Map</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">null</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Sets the labels used to lookup secrets</p></td></tr><tr><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.secrets.paths</code></p></td><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">List</code></p></td><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">null</code></p></td><td style="" align="left" valign="top"><p>Sets the paths where secrets are mounted (example 1)</p></td></tr></tbody></table></div></div><br class="table-break"><p>Notes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">The <code class="literal">spring.cloud.kubernetes.secrets.labels</code> property behaves as defined by
<a class="link" href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-Configuration-Binding#map-based-binding" target="_top">Map-based binding</a>.</li><li class="listitem">The <code class="literal">spring.cloud.kubernetes.secrets.paths</code> property behaves as defined by
<a class="link" href="https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-Configuration-Binding#collection-based-binding" target="_top">Collection-based binding</a>.</li><li class="listitem">Access to secrets through the API may be restricted for security reasons. The preferred way is to mount secrets to the Pod.</li></ul></div><p>You can find an example of an application that uses secrets (though it has not been updated to use the new <code class="literal">spring-cloud-kubernetes</code> project) at
<a class="link" href="https://github.com/fabric8-quickstarts/spring-boot-camel-config" target="_top">spring-boot-camel-config</a></p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="_propertysource_reload" href="#_propertysource_reload"></a>140.3&nbsp;<code class="literal">PropertySource</code> Reload</h2></div></div></div><p>Some applications may need to detect changes on external property sources and update their internal status to reflect the new configuration.
The reload feature of Spring Cloud Kubernetes is able to trigger an application reload when a related <code class="literal">ConfigMap</code> or
<code class="literal">Secret</code> changes.</p><p>By default, this feature is disabled. You can enable it by using the <code class="literal">spring.cloud.kubernetes.reload.enabled=true</code> configuration property (for example, in the <code class="literal">application.properties</code> file).</p><p>The following levels of reload are supported (by setting the <code class="literal">spring.cloud.kubernetes.reload.strategy</code> property):
* <code class="literal">refresh</code> (default): Only configuration beans annotated with <code class="literal">@ConfigurationProperties</code> or <code class="literal">@RefreshScope</code> are reloaded.
This reload level leverages the refresh feature of Spring Cloud Context.
* <code class="literal">restart_context</code>: the whole Spring <code class="literal">ApplicationContext</code> is gracefully restarted. Beans are recreated with the new configuration.
* <code class="literal">shutdown</code>: the Spring <code class="literal">ApplicationContext</code> is shut down to activate a restart of the container.
When you use this level, make sure that the lifecycle of all non-daemon threads is bound to the <code class="literal">ApplicationContext</code>
and that a replication controller or replica set is configured to restart the pod.</p><p>Assuming that the reload feature is enabled with default settings (<code class="literal">refresh</code> mode), the following bean is refreshed when the config map changes:</p><div class="informalexample"><pre class="screen">@Configuration
@ConfigurationProperties(prefix = "bean")
public class MyConfig {
private String message = "a message that can be changed live";
// getter and setters
}</pre></div><p>To see that changes effectively happen, you can create another bean that prints the message periodically, as follows</p><div class="informalexample"><pre class="programlisting"><em><span class="hl-annotation" style="color: gray">@Component</span></em>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">public</span> <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">class</span> MyBean {
<em><span class="hl-annotation" style="color: gray">@Autowired</span></em>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">private</span> MyConfig config;
<em><span class="hl-annotation" style="color: gray">@Scheduled(fixedDelay = 5000)</span></em>
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">public</span> <span xmlns:d="http://docbook.org/ns/docbook" class="hl-keyword">void</span> hello() {
System.out.println(<span xmlns:d="http://docbook.org/ns/docbook" class="hl-string">"The message is: "</span> + config.getMessage());
}
}</pre></div><p>You can change the message printed by the application by using a <code class="literal">ConfigMap</code>, as follows:</p><div class="informalexample"><pre class="programlisting"><span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">apiVersion</span>: v1
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">kind</span>: ConfigMap
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">metadata</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> name</span>: reload-example
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute">data</span>:
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> application.properties</span>: |-
<span xmlns:d="http://docbook.org/ns/docbook" class="hl-attribute"> bean.message</span>=Hello World!</pre></div><p>Any change to the property named <code class="literal">bean.message</code> in the <code class="literal">ConfigMap</code> associated with the pod is reflected in the
output. More generally speaking, changes associated to properties prefixed with the value defined by the <code class="literal">prefix</code>
field of the <code class="literal">@ConfigurationProperties</code> annotation are detected and reflected in the application.
<a class="link" href="multi__kubernetes_propertysource_implementations.html#configmap-propertysource" title="140.1&nbsp;Using a ConfigMap PropertySource">Associating a <code class="literal">ConfigMap</code> with a pod</a> is explained earlier in this chapter.</p><p>The full example is available in <a class="link" href="https://github.com/fabric8io/spring-cloud-kubernetes/tree/master/spring-cloud-kubernetes-examples/kubernetes-reload-example" target="_top"><code class="literal">spring-cloud-kubernetes-reload-example</code></a>.</p><p>The reload feature supports two operating modes:
* Event (default): Watches for changes in config maps or secrets by using the Kubernetes API (web socket).
Any event produces a re-check on the configuration and, in case of changes, a reload.
The <code class="literal">view</code> role on the service account is required in order to listen for config map changes. A higher level role (such as <code class="literal">edit</code>) is required for secrets
(by default, secrets are not monitored).
* Polling: Oeriodically re-creates the configuration from config maps and secrets to see if it has changed.
You can configure the polling period by using the <code class="literal">spring.cloud.kubernetes.reload.period</code> property and defaults to 15 seconds.
It requires the same role as the monitored property source.
This means, for example, that using polling on file-mounted secret sources does not require particular privileges.</p><div class="table"><a name="d0e38098" href="#d0e38098"></a><p class="title"><b>Table&nbsp;140.3.&nbsp;Properties:</b></p><div class="table-contents"><table class="table" summary="Properties:" style="border-collapse: collapse;border-top: 1px solid ; border-bottom: 1px solid ; "><colgroup><col class="col_1"><col class="col_2"><col class="col_3"><col class="col_4"></colgroup><thead><tr><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Name</th><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Type</th><th style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top">Default</th><th style="border-bottom: 1px solid ; " align="left" valign="top">Description</th></tr></thead><tfoot><tr><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.reload.period</code></p></th><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">Duration</code></p></th><th style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">15s</code></p></th><th style="" align="left" valign="top"><p>The period for verifying changes when using the <code class="literal">polling</code> strategy</p></th></tr></tfoot><tbody><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.reload.enabled</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">false</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Enables monitoring of property sources and configuration reload</p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.reload.monitoring-config-maps</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">true</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Allow monitoring changes in config maps</p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.reload.monitoring-secrets</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Boolean</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">false</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>Allow monitoring changes in secrets</p></td></tr><tr><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p>`spring.cloud.kubernetes.reload.strategy `</p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">Enum</code></p></td><td style="border-right: 1px solid ; border-bottom: 1px solid ; " align="left" valign="top"><p><code class="literal">refresh</code></p></td><td style="border-bottom: 1px solid ; " align="left" valign="top"><p>The strategy to use when firing a reload (<code class="literal">refresh</code>, <code class="literal">restart_context</code>, or <code class="literal">shutdown</code>)</p></td></tr><tr><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">spring.cloud.kubernetes.reload.mode</code></p></td><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">Enum</code></p></td><td style="border-right: 1px solid ; " align="left" valign="top"><p><code class="literal">event</code></p></td><td style="" align="left" valign="top"><p>Specifies how to listen for changes in property sources (<code class="literal">event</code> or <code class="literal">polling</code>)</p></td></tr></tbody></table></div></div><br class="table-break"><p>Notes:
* You should not use properties under <code class="literal">spring.cloud.kubernetes.reload</code> in config maps or secrets. Changing such properties at runtime may lead to unexpected results.
* Deleting a property or the whole config map does not restore the original state of the beans when you use the <code class="literal">refresh</code> level.</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="multi__kubernetes_native_service_discovery.html">Prev</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="multi__spring_cloud_kubernetes.html">Up</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="multi__ribbon_discovery_in_kubernetes.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">139.&nbsp;Kubernetes native service discovery&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="multi_spring-cloud.html">Home</a></td><td width="40%" align="right" valign="top">&nbsp;141.&nbsp;Ribbon Discovery in Kubernetes</td></tr></table></div></body></html>