How to read kubernetes secrets values from volume mount in spring boot

Question

My code is below

apiVersion: v1
kind: Secret
metadata:
 name: test-secret
 namespace: default
type: Opaque
data:
 secret.db_user: |
   dGVzdA==
 secret.db_password: |
   dGVzdA==

And then i mount this as volume mount in the deployment section, Now i want to read this secret and map to spring.datasource.username and spring.datasource.passowrd without env configuration in the deployment section. Read should be from java code. How can i do that.

Answer 1

You can either mount the secrets as environment variables OR as files into a pod. The best remains to mount them as environment variables for me (https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) but all cases are differents.

You can use "subPath" to mount the secret key to a specific subdirectory without overwriting its whole content (that means only mount the file in the existing directory among with others existing files for example).

    volumeMounts:
      - mountPath: "/var/my-app/db_creds"
          subPath: db_creds
        name: db-creds
        readOnly: true
  volumes:
    - name: db-creds
      secret:
        secretName: test-secret

(or you can mount both username and password into two separate files)

If you want to read a file with spring (here with spring environment varialbes but you can do the same in your app.properties, you get the point), here is an example with my truststore that is a file (the ${SSL_TRUSTSTORE} environment variable contains the path to the truststore:

  SPRING_KAFKA_SSL_TRUSTSTORE_LOCATION: "file://${SSL_TRUSTSTORE}"