diff --git a/ocp-configmaps.adoc b/ocp-configmaps.adoc new file mode 100644 index 0000000..0c1a8d8 --- /dev/null +++ b/ocp-configmaps.adoc @@ -0,0 +1,58 @@ +== OCP Secrets Retrieval with Apache Camel Kubernetes Component + +In Camel we provide the secret function to retrieve configmap values from a configmap resource. + +The syntax is pretty simple: + +.... +configmap:name/key[:defaultValue] +.... + +It’s important to restrict the ability to read configmap with the least amount of permissions for your cluster. So the application should run with a role with only list/read configmaps permission. + +This could be done with the following command: + +.... +oc create clusterrole configmapreader --verb=get --verb=list --resource=configmap --namespace= +.... + +The minimum permissions are list and get. + +Alternatively, you can create a yaml file with the following content: + +.... +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: configmapreader +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list +.... + +And then run + +.... +oc apply -f +.... + +The application will have to run with that clusterrole. + +This will ensure the running application won’t be able to do more than list and get configmap. + +The same configuration could be seen on OCP by following the Camel on +OCP Best Practices repository, in particular, the OCP Configmaps section. You +can follow the example for both the runtimes supported by Red Hat Build +of Apache Camel: + +https://github.com/jboss-fuse/apache-camel-on-ocp-best-practices/tree/main/examples/ocp/configmaps/camel-quarkus/retrieval[Camel-Quarkus +- Camel on OCP Best practices - Camel Quarkus - Configmap Retrieval] + +https://github.com/jboss-fuse/apache-camel-on-ocp-best-practices/tree/main/examples/ocp/configmaps/camel-spring-boot/retrieval[Camel-Spring-Boot +- Camel on OCP Best practices - Camel Spring Boot - Configmap Retrieval] +