Spring boot Spring Boot bootstrap.yml中的Openshift秘密
这就是我的bootstrap.yml的样子Spring boot Spring Boot bootstrap.yml中的Openshift秘密,spring-boot,kubernetes,openshift,spring-config,Spring Boot,Kubernetes,Openshift,Spring Config,这就是我的bootstrap.yml的样子 spring: cloud: config: uri: http://xxxx.com username: **** password: **** vault: host: vault-server port: 8200 scheme: http authentication: token token: ${VAULT_ROOT_TOKE
spring:
cloud:
config:
uri: http://xxxx.com
username: ****
password: ****
vault:
host: vault-server
port: 8200
scheme: http
authentication: token
token: ${VAULT_ROOT_TOKEN}
application:
name: service-name
management:
security:
enabled: false
当我在部署配置中将secret配置为ENV变量时,应用程序正在启动,如下所示
name: VAULT_ROOT_TOKEN
value: *********
但是将secret配置为ENV变量并从OSE secret获取值不起作用
name: VAULT_ROOT_TOKEN
valueFrom:
secretKeyRef:
name: vault-token
key: roottoken
env | grep TOKEN
VAULT_ROOT_TOKEN=********
我得到的错误是
org.springframework.vault.VaultException: Status 400 secret/service-name/default: 400 Bad Request: missing required Host header
令人惊讶的是,在这种情况下,ENV变量在容器/POD中工作,但在引导过程中它不知何故无法获取
name: VAULT_ROOT_TOKEN
valueFrom:
secretKeyRef:
name: vault-token
key: roottoken
env | grep TOKEN
VAULT_ROOT_TOKEN=********
我在OSE中的秘密配置
oc describe secret vault-token
Name: vault-token
Namespace: ****
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
roottoken: 37 bytes
我终于做到了这一点。这就是我所做的 提供代币作为担保:
java $JAVA_OPTS -jar -Dspring.cloud.vault.token=${SPRING_CLOUD_VAULT_TOKEN} service-name.jar
我的配置如下所示:
部署配置:
- name: SPRING_CLOUD_VAULT_TOKEN
valueFrom:
secretKeyRef:
name: vault-token
key: roottoken
引导文件:
spring:
cloud:
config:
uri: http://xxxx.com
username: ****
password: ****
vault:
host: vault-server
port: 8200
scheme: http
authentication: token
token: ${SPRING_CLOUD_VAULT_TOKEN}
application:
name: service-name
management:
security:
enabled: false
感谢我的同事们提供的意见