From c187f1c7185ad343bca863b67290bb2d545b3c25 Mon Sep 17 00:00:00 2001 From: Aviral Verma Date: Wed, 6 Sep 2023 09:37:34 +0530 Subject: [PATCH] secret init container changes --- Dockerfile | 4 ++-- k8s/configMap.yaml | 4 ++-- k8s/deployment.yaml | 27 ++++++++++++++++++++++----- scripts/start.sh | 2 ++ 4 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 scripts/start.sh diff --git a/Dockerfile b/Dockerfile index 7af7eb6..9f5cba7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,6 @@ WORKDIR /app # Copy the JAR file from the local fiu-api/target directory to the working directory in the Docker image COPY fiu-api/target/fiu-api-*.jar /app/fiu-application.jar - +COPY scripts/start.sh /app/start.sh # Define the command to run the application -CMD ["java", "-jar", "fiu-application.jar", "com.rupeesense.fi.FIUServiceApplication"] \ No newline at end of file +CMD ["sh", "/app/start.sh"] diff --git a/k8s/configMap.yaml b/k8s/configMap.yaml index 059c855..ff7a64b 100644 --- a/k8s/configMap.yaml +++ b/k8s/configMap.yaml @@ -8,13 +8,13 @@ data: application.properties: | # Combine your configurations into one file spring.datasource.url=jdbc:postgresql://172.22.0.3:5432/fiu_datastore?useSSL=false spring.datasource.username=fiu-application - spring.datasource.password=${sm://database-password} + spring.datasource.password=${DB_PASSWORD} spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect spring.jpa.hibernate.ddl-auto=update app.fiu.fiu-id=setu-fiu-id app.fiu.setu-uri=https://fiu-uat.setu.co app.fiu.setu-client-id=f26b25b8-8e33-4c86-a28e-4575ddeeb09a - app.fiu.setu-client-secret=${sm://setu-client-secret} + app.fiu.setu-client-secret=${SETU_CLIENT_SECRET} management.endpoints.web.exposure.include=health, prometheus management.endpoint.prometheus.enabled=true logging.level.root=INFO diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml index 8d73707..a15ffc5 100644 --- a/k8s/deployment.yaml +++ b/k8s/deployment.yaml @@ -15,18 +15,33 @@ spec: serviceAccountName: fiu-application-service-account nodeSelector: iam.gke.io/gke-metadata-server-enabled: "true" + initContainers: + - name: secrets-init + image: doitintl/secrets-init:0.3.6 + command: + - sh + args: + - -c + - "cp /usr/local/bin/secrets-init /secrets-init/bin/" + volumeMounts: + - mountPath: /secrets-init/bin + name: secrets-init-volume containers: - name: fiu-service + env: + - name: DB_PASSWORD + value: gcp:secretmanager:projects/271330748043/secrets/database-password/versions/latest + - name: SETU_CLIENT_SECRET + value: gcp:secretmanager:projects/271330748043/secrets/setu-client-secret/versions/latest image: ghcr.io/rupeesense/fiu-application:main imagePullPolicy: Always ports: - containerPort: 8080 + command: + - "/secrets-init/bin/secrets-init" args: - - "java" - - "-jar" - - "fiu-application.jar" - - "com.rupeesense.fi.FIUServiceApplication" - - "--spring.config.location=/config/application.properties, /secrets/app-secrets.properties" + - "--provider=google" + - "/app/start.sh" volumeMounts: - name: config-volume mountPath: /config @@ -38,6 +53,8 @@ spec: - name: config-volume configMap: name: fiu-application-config + - name: secrets-init-volume + emptyDir: { } - name: app-secret-mount secret: secretName: fiu-application-secret diff --git a/scripts/start.sh b/scripts/start.sh new file mode 100644 index 0000000..b846865 --- /dev/null +++ b/scripts/start.sh @@ -0,0 +1,2 @@ +java -jar fiu-application.jar com.rupeesense.fi.FIUServiceApplication \ + --spring.config.location=/config/application.properties, /secrets/app-secrets.properties \ No newline at end of file