Home » DevOps » Configuring Open Liberty Datasources via Kubernetes Secrets

About Sebastian Daschner

Sebastian Daschner
Sebastian Daschner is a self-employed Java consultant and trainer. He is the author of the book 'Architecting Modern Java EE Applications'. Sebastian is a Java Champion, Oracle Developer Champion and JavaOne Rockstar.

Configuring Open Liberty Datasources via Kubernetes Secrets

In Open Liberty, configuration of datasource credentials is typically done in the server.xml file. If we use containers and container orchestration, we ideally make use of Infrastructure-as-Code and store all configuration under version control. However, this is certainly not desired for these datasource credentials. For that reason, Kubernetes secret definitions allow us to separately store secret values that shouldn’t be visible to everyone in our clusters.

In Open Liberty we can define an optional bootstrap.properties file which defines properties that are read before the server.xml configuration and thus can affect configuration behavior. We use this file to define the credentials to our datasource:

coffee-shop.db.username=postgres
coffee-shop.db.password=postgres

However, this file will not be included into our Docker image but injected into the container at runtime, by Kubernetes secrets, for example.

These properties then can be referenced in our server.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<server description="Java EE 8 Server">

  ...

  <dataSource id="DefaultDataSource" jdbcDriverRef="postgresql-driver"
      type="javax.sql.ConnectionPoolDataSource" transactional="true">

    <properties serverName="coffee-shop-db" portNumber="5432"
        databaseName="postgres"
        user="${coffee-shop.db.username}"
        password="${coffee-shop.db.password}"/>

  </dataSource>

  ...

</server>

In order to inject the bootstrap.properties file into our running container we define a deployment volume that is populated from a Kubernetes secret:

kind: Deployment
apiVersion: apps/v1beta1
metadata:
  name: coffee-shop
spec:
# ...
      containers:
      - name: coffee-shop
        image: ...
        volumeMounts:
        - name: database-credentials-volume
          mountPath: /opt/wlp/usr/servers/defaultServer/bootstrap.properties
          subPath: bootstrap.properties
          readOnly: true
      volumes:
      - name: database-credentials-volume
        secret:
          secretName: database-credentials

This requires a Kubernetes secret database-credentials which contains the contents of the bootstrap.properties file under the same key name. The properties are then loaded from the bootstrap file at server start-up time.

For further information on Open Liberty configuration, have a look at the documentation.

Published on Java Code Geeks with permission by Sebastian Daschner, partner at our JCG program. See the original article here: Configuring Open Liberty Datasources via Kubernetes Secrets

Opinions expressed by Java Code Geeks contributors are their own.

(0 rating, 0 votes)
You need to be a registered member to rate this.
Start the discussion Views Tweet it!
Do you want to know how to develop your skillset to become a Java Rockstar?
Subscribe to our newsletter to start Rocking right now!
To get you started we give you our best selling eBooks for FREE!
1. JPA Mini Book
2. JVM Troubleshooting Guide
3. JUnit Tutorial for Unit Testing
4. Java Annotations Tutorial
5. Java Interview Questions
6. Spring Interview Questions
7. Android UI Design
and many more ....
I agree to the Terms and Privacy Policy

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of