-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Andrea Cosentino <[email protected]>
- Loading branch information
Showing
1 changed file
with
58 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
== OCP Secrets Retrieval with Apache Camel Kubernetes Component | ||
|
||
In Camel we provide the secret function to retrieve configmap values from a configmap resource. | ||
|
||
The syntax is pretty simple: | ||
|
||
.... | ||
configmap:name/key[:defaultValue] | ||
.... | ||
|
||
It’s important to restrict the ability to read configmap with the least amount of permissions for your cluster. So the application should run with a role with only list/read configmaps permission. | ||
|
||
This could be done with the following command: | ||
|
||
.... | ||
oc create clusterrole configmapreader --verb=get --verb=list --resource=configmap --namespace=<namespace> | ||
.... | ||
|
||
The minimum permissions are list and get. | ||
|
||
Alternatively, you can create a yaml file with the following content: | ||
|
||
.... | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: configmapreader | ||
rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- get | ||
- list | ||
.... | ||
|
||
And then run | ||
|
||
.... | ||
oc apply -f <file_name> | ||
.... | ||
|
||
The application will have to run with that clusterrole. | ||
|
||
This will ensure the running application won’t be able to do more than list and get configmap. | ||
|
||
The same configuration could be seen on OCP by following the Camel on | ||
OCP Best Practices repository, in particular, the OCP Configmaps section. You | ||
can follow the example for both the runtimes supported by Red Hat Build | ||
of Apache Camel: | ||
|
||
https://github.com/jboss-fuse/apache-camel-on-ocp-best-practices/tree/main/examples/ocp/configmaps/camel-quarkus/retrieval[Camel-Quarkus | ||
- Camel on OCP Best practices - Camel Quarkus - Configmap Retrieval] | ||
|
||
https://github.com/jboss-fuse/apache-camel-on-ocp-best-practices/tree/main/examples/ocp/configmaps/camel-spring-boot/retrieval[Camel-Spring-Boot | ||
- Camel on OCP Best practices - Camel Spring Boot - Configmap Retrieval] | ||
|