使用 Spring Cloud Vault 3.0 和 Spring Boot 2.4,引导上下文初始化(bootstrap.yml、bootstrap.properties)单击此处获取官方文档
我的应用程序 pod 被 bootstrap.yaml 压垮了 我应该修改为application.yaml吗,可以吗?
我们从 2.3.7 升级了 Springboot 3.3.1 由于 bootstrap.yaml 没有选择 AWS 秘密,我的应用程序 pod 崩溃并且无法启动。
我的 bootstrap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "app.name" . }}
labels: {{ include "app.labels" . | indent 4 }}
data:
bootstrap.yaml: >-
aws:
secretsmanager:
prefix: /secret
defaultContext: {{ .Release.Namespace }}
profileSeparator: _
failFast: true
name: "{{ .Release.Namespace }}_{{ template "app.name" . }}"
enabled: true
cloud:
aws:
region:
static: {{ .Values.region }}
我的部署.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "app.name" . }}
labels: {{ include "app.labels" . | indent 4 }}
annotations:
reloader.stakater.com/auto: "true"
spec:
{{- if not .Values.hpa.enabled }}
replicas: {{ .Values.replicas }}
{{- end }}
selector:
matchLabels: {{ include "app.selector" . | indent 6 }}
template:
metadata:
labels: {{ include "app.selector" . | indent 8 }}
spec:
serviceAccountName: {{ template "app.name" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: generate-keystore
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- >
openssl pkcs12 -export -name cert -in /cert/tls.crt -inkey /cert/tls.key -nodes -out /keystore/keystore.p12 -passout pass:password;
{{- if .Values.mTLS }}
keytool -importcert -file /cert/ca.crt -alias CAcert -keystore /keystore/truststore.p12 -storetype PKCS12 -noprompt -storepass password;
{{- end }}
volumeMounts:
- mountPath: /keystore
name: keystore
- mountPath: /cert
name: cert
{{- if or .Values.apm.elastic.enabled .Values.apm.otel.enabled }}
- name: apm-attach
image: {{ .Values.apm.image.name }}:{{ .Values.apm.image.tag }}
imagePullPolicy: IfNotPresent
volumeMounts:
- name: apm
mountPath: apm
command:
- sh
- -c
- "mkdir -p /apm/elastic-apm/ /apm/otel && cp /elastic-apm-agent.jar /apm/elastic-apm/ && cp /aws-opentelemetry-agent.jar /apm/otel "
{{- end }}
containers:
- name: {{ .Values.name }}
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: 8080
name: service
name: service
readinessProbe: {{- toYaml .Values.readinessProbe | nindent 10 }}
livenessProbe: {{- toYaml .Values.livenessProbe | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
env:
- name: ENVIRONMENT
value: {{ .Release.Namespace }}
- name: ENV
value: {{ .Release.Namespace }}
#spring boot variables
- name: SERVER_PORT
value: "8080"
- name: SERVER_SSL_ENABLED
value: "true"
- name: SERVER_SSL_KEY_STORE
value: /keystore/keystore.p12
- name: SERVER_SSL_KEY_STORE_PASSWORD
value: "password"
- name: SERVER_SSL_KEY_STORE_TYPE
value: "PKCS12"
- name: SERVER_SERVLET_CONTEXT_PATH
value: "/{{ .Values.name }}"
{{- if .Values.mTLS }}
- name: SERVER_SSL_TRUST_STORE
value: /keystore/truststore.p12
- name: SERVER_SSL_TRUST_STORE_PASSWORD
value: password
- name: SERVER_SSL_TRUST_STORE_TYPE
value: PKCS12
{{- end }}
- name: MANAGEMENT_SERVER_PORT
value: "8888"
- name: MANAGEMENT_ENDPOINTS_WEB_BASE_PATH
value: "/"
- name: MANAGEMENT_ENDPOINTS_WEB_PATH-MAPPING_HEALTH
value: health
- name: MANAGEMENT_SERVER_SSL_ENABLED
value: "false"
- name: MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE
value: "*"
- name: MANAGEMENT_ENDPOINT_SHUTDOWN_ENABLED
value: "false"
- name: MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS
value: ALWAYS
- name: SPRING_BOOTSTRAP_JAVA_OPTS
value: -Dspring.cloud.bootstrap.location=/bootstrap/
- name: AWS_STS_REGIONAL_ENDPOINTS
value: regional
#end spring boot
#elastic apm
{{- if .Values.apm.elastic.enabled }}
- name: ELASTIC_APM_JAVA_OPTS
value: >
-Delastic.apm.server_urls={{ .Values.apm.elastic.server }}
-Delastic.apm.application_packages=org.iata.timatic
-Delastic.apm.service_name={{ .Values.name }}
-Delastic.apm.service_version={{ .Values.image.tag }}
-Delastic.apm.environment={{ .Values.environment }}
-Delastic.apm.enable_log_correlation=true
-javaagent:/apm/elastic-apm/elastic-apm-agent.jar
{{.Values.apm.elastic.config}}
{{- else if .Values.apm.otel.enabled }}
- name: OTEL_RESOURCE_ATTRIBUTES
value: service.name={{ .Values.name }}-{{ .Release.Namespace }},service.namespace={{ .Release.Namespace }},environment={{ .Release.Namespace }}
- name: OTEL_APM_JAVA_OPTS
value: -javaagent:/apm/otel/aws-opentelemetry-agent.jar
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "http://aws-otel-opentelemetry-collector.aws-otel:4317"
- name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
value: "http://aws-otel-opentelemetry-collector.aws-otel:4317"
{{- range $key, $value := .Values.apm.otel.envs }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
{{- end }}
#java opts
{{- range $key, $value := .Values.javaOpts }}
- name: {{ printf "%s_JAVA_OPTS" $key | upper }}
value: {{ $value }}
{{- end }}
#iterate through common envs
{{- range $key, $value := .Values.envs }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
resources: {{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: /keystore
name: keystore
- mountPath: /bootstrap
name: bootstrap
#apm mounts
{{- if or .Values.apm.elastic.enabled .Values.apm.otel.enabled }}
- name: apm
mountPath: /apm
{{- end }}
volumes:
- name: keystore
emptyDir: {}
- name: cert
secret:
defaultMode: 420
secretName: {{ template "app.name" . }}-app-cert
- name: bootstrap
configMap:
name: {{ template "app.name" . }}
{{- if or .Values.apm.elastic.enabled .Values.apm.otel.enabled }}
- name: apm
emptyDir: {}
{{- end }}
我需要做哪些改变?
您仍然可以将
bootstrap.yml您需要使用以下依赖项
implementation('org.springframework.cloud:spring-cloud-starter-bootstrap')