SPRING_CLOUD_DATAFLOW_TASK_USE_KUBERNETES_SECRETS_FOR_DB_CREDENTIALS不适用于SCDF中的计划作业

时间:2020-09-10 12:50:21

标签: java spring-boot spring-batch openshift spring-cloud-dataflow

我试图掩盖我从SCDF计划的任务的数据库凭据。我正在使用2.6.1版本。 SCDF和任务在Openshift平台上运行。

当我使用属性SPRING_CLOUD_DATAFLOW_TASK_USE_KUBERNETES_SECRETS_FOR_DB_CREDENTIALS=true(添加到SCDF-deployment.yaml中)启动一个执行一次作业的作业时,没有任何计划,则DB凭据将在POD描述页面中被屏蔽。但是,当我从SCDF计划相同的作业时,即使相同的属性仍设置为true,DB凭据也会公开。

我正在寻找任何其他配置或变通办法来掩盖DB凭据,即使作业是根据SCDF的计划启动的。目前,它仅适用于非计划的工作/任务。

以下是我为掩盖凭据所做的更改。

Deployment.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: scdf-server
  labels:
    app: scdf-server
spec:
  selector:
    matchLabels:
      app: scdf-server
  replicas: 1
  template:
    metadata:
      labels:
        app: scdf-server
    spec:
      containers:
      - name: scdf-server
        image: docker-registry.default.svc:5000/batch/scdf-server
        imagePullPolicy: Always
        ports:
        - containerPort: 80
        livenessProbe:
          httpGet:
            path: /management/health
            port: 80
          initialDelaySeconds: 45
        readinessProbe:
          httpGet:
            path: /management/info
            port: 80
          initialDelaySeconds: 45
        resources:
          limits:
            cpu: 1.0
            memory: 1024Mi
          requests:
            cpu: 0.5
            memory: 512Mi
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: dev
        - name: KUBERNETES_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: "metadata.namespace"
        - name: SERVER_PORT
          value: '80'
        - name: SPRING_CLOUD_CONFIG_ENABLED
          value: 'false'
        - name: SPRING_CLOUD_DATAFLOW_FEATURES_ANALYTICS_ENABLED
          value: 'true'
        - name: SPRING_CLOUD_DATAFLOW_FEATURES_SCHEDULES_ENABLED
          value: 'true'
        - name: SPRING_CLOUD_DATAFLOW_TASK_COMPOSED_TASK_RUNNER_URI
          value: 'docker://springcloud/spring-cloud-dataflow-composed-task-runner:2.6.0.BUILD-SNAPSHOT'
        - name: SPRING_CLOUD_KUBERNETES_CONFIG_ENABLE_API
          value: 'true'
        - name: SPRING_CLOUD_KUBERNETES_SECRETS_ENABLE_API
          value: 'true'
        - name: SPRING_CLOUD_KUBERNETES_SECRETS_PATHS
          value: /etc/secrets
        - name: SPRING_CLOUD_DATAFLOW_FEATURES_TASKS_ENABLED
          value: 'true'
        - name: SPRING_CLOUD_KUBERNETES_CONFIG_NAME
          value: scdf-server
        - name: SPRING_CLOUD_DATAFLOW_SERVER_URI
          value: 'http://${SCDF_SERVER_SERVICE_HOST}:${SCDF_SERVER_SERVICE_PORT}'
        - name: SPRING_APPLICATION_JSON
          value: "{ \"maven\": { \"local-repository\": null, \"remote-repositories\": { \"repo1\": { \"url\": \"https://repo.spring.io/libs-snapshot\"} } } }"
        - name: SPRING_CLOUD_DATAFLOW_TASK_USE_KUBERNETES_SECRETS_FOR_DB_CREDENTIALS
          value: 'true'
      serviceAccountName: scdf-sa

0 个答案:

没有答案
相关问题
最新问题