secret init container changes

Dockerfile

@@ -5,6 +5,6 @@ WORKDIR /app
 
 # Copy the JAR file from the local fiu-api/target directory to the working directory in the Docker image
 COPY fiu-api/target/fiu-api-*.jar /app/fiu-application.jar
-
+COPY scripts/start.sh /app/start.sh
 # Define the command to run the application
-CMD ["java", "-jar", "fiu-application.jar", "com.rupeesense.fi.FIUServiceApplication"]
+CMD ["sh", "/app/start.sh"]

k8s/configMap.yaml

@@ -8,13 +8,13 @@ data:
   application.properties: |  # Combine your configurations into one file
     spring.datasource.url=jdbc:postgresql://172.22.0.3:5432/fiu_datastore?useSSL=false
     spring.datasource.username=fiu-application
-    spring.datasource.password=${sm://database-password}
+    spring.datasource.password=${DB_PASSWORD}
     spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
     spring.jpa.hibernate.ddl-auto=update
     app.fiu.fiu-id=setu-fiu-id
     app.fiu.setu-uri=https://fiu-uat.setu.co
     app.fiu.setu-client-id=f26b25b8-8e33-4c86-a28e-4575ddeeb09a
-    app.fiu.setu-client-secret=${sm://setu-client-secret}
+    app.fiu.setu-client-secret=${SETU_CLIENT_SECRET}
     management.endpoints.web.exposure.include=health, prometheus
     management.endpoint.prometheus.enabled=true
     logging.level.root=INFO

k8s/deployment.yaml

@@ -15,18 +15,33 @@ spec:
       serviceAccountName: fiu-application-service-account
       nodeSelector:
         iam.gke.io/gke-metadata-server-enabled: "true"
+      initContainers:
+        - name: secrets-init
+          image: doitintl/secrets-init:0.3.6
+          command:
+            - sh
+          args:
+            - -c
+            - "cp /usr/local/bin/secrets-init /secrets-init/bin/"
+          volumeMounts:
+            - mountPath: /secrets-init/bin
+              name: secrets-init-volume
       containers:
         - name: fiu-service
+          env:
+            - name: DB_PASSWORD
+              value: gcp:secretmanager:projects/271330748043/secrets/database-password/versions/latest
+            - name: SETU_CLIENT_SECRET
+              value: gcp:secretmanager:projects/271330748043/secrets/setu-client-secret/versions/latest
           image: ghcr.io/rupeesense/fiu-application:main
           imagePullPolicy: Always
           ports:
             - containerPort: 8080
+          command:
+            - "/secrets-init/bin/secrets-init"
           args:
-            - "java"
-            - "-jar"
-            - "fiu-application.jar"
-            - "com.rupeesense.fi.FIUServiceApplication"
-            - "--spring.config.location=/config/application.properties, /secrets/app-secrets.properties"
+            - "--provider=google"
+            - "/app/start.sh"
           volumeMounts:
             - name: config-volume
               mountPath: /config
@@ -38,6 +53,8 @@ spec:
         - name: config-volume
           configMap:
             name: fiu-application-config
+        - name: secrets-init-volume
+          emptyDir: { }
         - name: app-secret-mount
           secret:
             secretName: fiu-application-secret

scripts/start.sh

@@ -0,0 +1,2 @@
+java -jar fiu-application.jar com.rupeesense.fi.FIUServiceApplication \
+ --spring.config.location=/config/application.properties, /secrets/app-secrets.properties