These are chat archives for spring-cloud/spring-cloud

7th
Jul 2018
Ravattailor
@Ravattailor
Jul 07 2018 13:04
Hi all, how can I use 3DES algo with jasypt
Jose Armesto
@fiunchinho
Jul 07 2018 19:53
I have a kubernetes secret created with some.key=value, and I'm trying to use the spring-cloud-kubernetes integration, but when I @Value("some.key"), application fails with Could not resolve placeholder
I understood that the values in the secret would be available in my spring app?
salaboy
@salaboy
Jul 07 2018 19:58
@fiunchinho hi there.. I have an example here: https://salaboy.com/2018/05/24/spring-cloud-kubernetes-example/
@fiunchinho that will not take the value from the secret.. it will take it from a configmap
Jose Armesto
@fiunchinho
Jul 07 2018 19:59
both secrets an configmaps work in a similar way, right?
salaboy
@salaboy
Jul 07 2018 20:00
@fiunchinho as far as I understood you can consume a secret from a configmap
@fiunchinho I think that you will need to setup a configmap to consume that secret
it sounds like a good example to include in my blog post
Jose Armesto
@fiunchinho
Jul 07 2018 20:01

@fiunchinho I think that you will need to setup a configmap to consume that secret

I don't think that's possible in kubernetes?

you can't make a config map reference a secret AFAIK
salaboy
@salaboy
Jul 07 2018 20:04
let me see
Jose Armesto
@fiunchinho
Jul 07 2018 20:04
the links to the Github repository on your post are currently broken :(
salaboy
@salaboy
Jul 07 2018 20:04
oh really?
which one?
let me fix that
there was supposed to be a configmap too
salaboy
@salaboy
Jul 07 2018 20:05
let me see
wondering why are those gone.. I problably move them to the other project
and pasted the wrong links
Jose Armesto
@fiunchinho
Jul 07 2018 20:07
if you have the link to the configmap, that could be helpful
salaboy
@salaboy
Jul 07 2018 20:07
yeah sure
give me a sec
trying to find out what happened with those resources
@fiunchinho I might messed up the example when I was cleaning it to run it again for a meetup
I will fix the blog post as well
those files are in the history
Jose Armesto
@fiunchinho
Jul 07 2018 20:16
I have to always set the data to a full yaml file? I thought individual keys could bet

could you use

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Values.service.name }}
data:
  minion.art=:)
  minion.type=one-eyed-minion

instead?

salaboy
@salaboy
Jul 07 2018 20:16
yeah.. I think that should work as well
Jose Armesto
@fiunchinho
Jul 07 2018 20:17
how can I debug why my value is not being loaded?
salaboy
@salaboy
Jul 07 2018 20:17
how are you debugging your pods?
Jose Armesto
@fiunchinho
Jul 07 2018 20:17
they just fail to start because the property is not present so I get Could not resolve placeholder
I have a Secret created with that value, and the secret is named after the application
salaboy
@salaboy
Jul 07 2018 20:18
@fiunchinho I will give that a try during the week
@fiunchinho in the meantime can you try to use a configmap instead of a secret to see if that fixes the problem?
Jose Armesto
@fiunchinho
Jul 07 2018 20:19
any docs or links to help me find the issue meanwhile?
salaboy
@salaboy
Jul 07 2018 20:19
then we can investigate the secreat later
@fiunchinho becuase they work in a similar way.. but if you do kubectl get configmaps you will only get the configmaps not the secrets
right?
Jose Armesto
@fiunchinho
Jul 07 2018 20:20
right
salaboy
@salaboy
Jul 07 2018 20:21
so that is why your secret is not working
:)
Jose Armesto
@fiunchinho
Jul 07 2018 20:21
should I see anything in the app logs telling me that it's loading things from configmaps/secrets?
salaboy
@salaboy
Jul 07 2018 20:21
the spring-cloud-kubernetes-config module is only reading from configmaps
and yes.. there is a log at bootstrap .. as far as I remember that tells you that there is a configmap present
Jose Armesto
@fiunchinho
Jul 07 2018 20:22
but this dependency adds support for both configmaps and secrets right? compile("org.springframework.cloud:spring-cloud-starter-kubernetes:0.2.0.RELEASE")
or do I need to add any other dependency?
salaboy
@salaboy
Jul 07 2018 20:23
oh oh.. ok so you are using the old stuff with spring boot 1.5.x?
@fiunchinho sorry.. I didn’t ask before
@fiunchinho I’m talking about 0.3.0.RC1
Jose Armesto
@fiunchinho
Jul 07 2018 20:23
yeah, all our apps use spring boot 1.5.x
salaboy
@salaboy
Jul 07 2018 20:23
for spring boot 2.x
oh ok.. so that might be the case.. I’m not sure
Jose Armesto
@fiunchinho
Jul 07 2018 20:24
you mean, because this is not compatible with spring boot 1.5.x ?
it doesn't say anything in the project readme :/
salaboy
@salaboy
Jul 07 2018 20:24
@fiunchinho yeah.. it should work with secrets
@fiunchinho I think you should be ok
if you are using spring boot 1.5.x and org.springframework.cloud:spring-cloud-starter-kubernetes:0.2.0.RELEASE
Jose Armesto
@fiunchinho
Jul 07 2018 20:25
it doesn't work with configmaps either, I just tested it
salaboy
@salaboy
Jul 07 2018 20:25
you should be able to read secrets in the same way..
how does your configmap look like?
Jose Armesto
@fiunchinho
Jul 07 2018 20:25
apiVersion: v1
data:
  my.key: something
kind: ConfigMap
salaboy
@salaboy
Jul 07 2018 20:25
you need the metadata:
name: {{ .Values.service.name }}
with your spring.application.name in there
Jose Armesto
@fiunchinho
Jul 07 2018 20:26
yeah, I have that too
and it matches spring.application.name
I tried also adding
salaboy
@salaboy
Jul 07 2018 20:26
try the whole application.properties approach
Jose Armesto
@fiunchinho
Jul 07 2018 20:26
cloud:
    kubernetes:
      secrets:
        enabled: true
        name: my-app
        namespace: default
to my bootstrap.yml
but it didn't help
salaboy
@salaboy
Jul 07 2018 20:27
can you try in your configmap to do something similar of what I did?
data:
application.properties: |-
minion.art=:)
Jose Armesto
@fiunchinho
Jul 07 2018 20:29
it doesn't let me use that
Invalid value: "The edited file failed validation": [yaml: line 4: could not find expected ':', [invalid character 'a' looking for beginning of value, invalid character 'a' looking for beginning of value]]
I'm trying
apiVersion: v1
data:
  application.properties: |-
my.key=something
kind: ConfigMap
salaboy
@salaboy
Jul 07 2018 20:32
@fiunchinho which version of kubernetes are you using?
Jose Armesto
@fiunchinho
Jul 07 2018 20:33
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.0", GitCommit:"91e7b4fd31fcd3d5f436da26c980becec37ceefe", GitTreeState:"clean", BuildDate:"2018-06-27T22:29:25Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"", Minor:"", GitVersion:"v1.9.4", GitCommit:"bee2d1505c4fe820744d26d41ecd3fdd4a3d6546", GitTreeState:"clean", BuildDate:"2018-03-21T21:48:36Z", GoVersion:"go1.9.1", Compiler:"gc", Platform:"linux/amd64"}
minikube
salaboy
@salaboy
Jul 07 2018 20:34
interesting..
Jose Armesto
@fiunchinho
Jul 07 2018 20:34
ok, I managed to do it, I'm not sure why
salaboy
@salaboy
Jul 07 2018 20:34
:)
Jose Armesto
@fiunchinho
Jul 07 2018 20:34
I mean, create the configmap
let's test it now...
salaboy
@salaboy
Jul 07 2018 20:34
ok great.. I need to go now
I will be around during the week
I will fix my example
and we can check the secret stuff together
until we fix it
i want to make sure that those secrets are also working in the new version
Jose Armesto
@fiunchinho
Jul 07 2018 20:35
do you know what should I look for in the logs to see that's actually trying to fetch the values?
still doesn't work :(
it's like it's not even trying
maybe I'm missing maven dependencies in my project?
salaboy
@salaboy
Jul 07 2018 20:38
@fiunchinho instead of adding all you can add
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-kubernetes-config</artifactId>
</dependency>
if you are only using configmaps/secrets
Jose Armesto
@fiunchinho
Jul 07 2018 20:38
ok, I'll try
Jose Armesto
@fiunchinho
Jul 07 2018 20:42
wow! now it seems it's working
after adding the dependency you pasted
so adding the whole thing doesn't work
but adding the config dependency works? wtf
hehe
salaboy
@salaboy
Jul 07 2018 20:46
@fiunchinho i was thinking about that..
@fiunchinho it might be that you had conflicting deps trying to consume from the config server
Jose Armesto
@fiunchinho
Jul 07 2018 20:50
I'm not using spring cloud config server here
so to tell you the truth, I'm testing an use-case that I believe could be interesting to other people
salaboy
@salaboy
Jul 07 2018 20:52
what is that use case?
Jose Armesto
@fiunchinho
Jul 07 2018 20:52
we are currently encrypting secrets using AWS KMS, and we rely on this library by zalando https://github.com/zalando/spring-cloud-config-aws-kms
which decrypts the secrets during app bootstrap
salaboy
@salaboy
Jul 07 2018 20:52
nice
Jose Armesto
@fiunchinho
Jul 07 2018 20:52
I'm trying to set the encrypted values directly as kubernetes secrets/configmaps
salaboy
@salaboy
Jul 07 2018 20:52
yeah.. I would like to try that with the new verison and spring boot 2 as well
Jose Armesto
@fiunchinho
Jul 07 2018 20:52
and see if the zalando library still works
salaboy
@salaboy
Jul 07 2018 20:52
cool
Jose Armesto
@fiunchinho
Jul 07 2018 20:53
the difference is that right now, if we want to rotate a secret, I need to make a commit to the repository and re-deploy the application
but if the value is coming from kubernetes and decrypted with zalando library
I can just use the re-load feature
I don't need to re-deploy
does that make sense?
salaboy
@salaboy
Jul 07 2018 21:56
Reload should work yes