Secrets and environment configuration

The Akka Operator has support for managing Kubernetes Secrets new tab that can be used, for example, as credentials for custom integrations. Note that the operator has specific and more convenient support for certain integrations.

Secrets

Secrets with entries that will be mounted as files can be defined in secretVolumes of the deployment descriptor.

kubernetes/shopping-cart-service-cr.yml
apiVersion: akka.lightbend.com/v1
kind: AkkaMicroservice
metadata:
  name: shopping-cart-service
spec:
  image: <image>
  secretVolumes:
    - secretName: shopping-cart-service-secret
      mountPath: "/etc/secret-volume"

The Secret can be created with for example:

kubectl create secret generic \
    shopping-cart-service-secret \
    --from-file=connect.zip=secure-connect-bundle.zip

You can see the mounted files with:

kubectl exec -i -t <pod name> -- /bin/bash

ls /etc/secret-volume

Environment variables

Environment variables can be used for the configuration of custom integrations.

Secrets new tab with entries that will be included as environment variables be defined in envSecret of the deployment descriptor.

kubernetes/shopping-cart-service-cr.yml
apiVersion: akka.lightbend.com/v1
kind: AkkaMicroservice
metadata:
  name: shopping-cart-service
spec:
  image: <image>
  envSecret:
    secretName: shopping-cart-service-env

The application.conf can use such environment variables with:

      username = ${?DB_USER}
      password = ${?DB_PWD}

The Secret can be created with for example:

kubectl create secret generic \
    shopping-cart-service-env \
    --from-literal=DB_USER=scott \
    --from-literal=DB_PWD=tiger

Configuration

For environment specific configuration that will override the application.conf in the image (jar) you can define configuration in the Secrets new tab specified by the configSecret in the deployment descriptor.

The entries in the Secret will be concatenated into a main.conf together with configuration provided by the operator. The main.conf includes application.conf and will be loaded when the ActorSystem is started.

kubernetes/shopping-cart-service-cr.yml
apiVersion: akka.lightbend.com/v1
kind: AkkaMicroservice
metadata:
  name: shopping-cart-service
spec:
  image: <image>
  configSecret:
    secretName: shopping-cart-service-config

The Secret can be created with for example:

kubectl create secret generic \
    shopping-cart-service-config \
    --from-file=logging.conf=kubernetes/logging.conf \
    --from-file=environment.conf=kubernetes/environment.conf

You can see the mounted main.conf with:

kubectl exec -i -t <pod name> -- /bin/bash

cat /etc/config-volume/main.conf

Application configuration in the Pod

The Akka Operator will automatically provide configuration for the Integrations to the application.

For troubleshooting it can be good to know how the configuration is loaded.

The configuration that the Akka Operator provides via a Secret is located in /etc/config-volume/main.conf in the Pod. The main.conf includes application.conf and the JVM system property config.file is set to main.conf by the operator. In other words, main.conf will be used when the application starts the ActorSystem without specifying a configuration, or when using ConfigFactory.load().

You can see the mounted main.conf with:

kubectl exec -i -t <pod name> -- /bin/bash

cat /etc/config-volume/main.conf