How to use Secret resources to pass credentials as environment variables into the properties file
You can pass credentials like username or password as environment variables via a Secret
resource in Kubernetes. The docker images for previous versions of Scalar products use the dockerize
command for templating properties files. The docker images for the latest versions of Scalar products get values directly from environment variables.
Note: You cannot use the following environment variable names in your custom values file since these are used in the Scalar Helm Chart internal.
HELM_SCALAR_DB_CONTACT_POINTS
HELM_SCALAR_DB_CONTACT_PORT
HELM_SCALAR_DB_USERNAME
HELM_SCALAR_DB_PASSWORD
HELM_SCALAR_DB_STORAGE
HELM_SCALAR_DL_LEDGER_PROOF_ENABLED
HELM_SCALAR_DL_LEDGER_AUDITOR_ENABLED
HELM_SCALAR_DL_LEDGER_PROOF_PRIVATE_KEY_PATH
HELM_SCALAR_DL_AUDITOR_SERVER_PORT
HELM_SCALAR_DL_AUDITOR_SERVER_PRIVILEGED_PORT
HELM_SCALAR_DL_AUDITOR_SERVER_ADMIN_PORT
HELM_SCALAR_DL_AUDITOR_LEDGER_HOST
HELM_SCALAR_DL_AUDITOR_CERT_HOLDER_ID
HELM_SCALAR_DL_AUDITOR_CERT_VERSION
HELM_SCALAR_DL_AUDITOR_CERT_PATH
HELM_SCALAR_DL_AUDITOR_PRIVATE_KEY_PATH
SCALAR_DB_LOG_LEVEL
SCALAR_DL_LEDGER_LOG_LEVEL
SCALAR_DL_AUDITOR_LOG_LEVEL
SCALAR_DB_CLUSTER_MEMBERSHIP_KUBERNETES_ENDPOINT_NAMESPACE_NAME
SCALAR_DB_CLUSTER_MEMBERSHIP_KUBERNETES_ENDPOINT_NAME
-
Set environment variable name to the properties configuration in the custom values file.
- Example
-
ScalarDB Server
-
ScalarDB Server 3.7 or earlier (Go template syntax)
scalardb:
databaseProperties: |
...
scalar.db.username={{ default .Env.SCALAR_DB_USERNAME "" }}
scalar.db.password={{ default .Env.SCALAR_DB_PASSWORD "" }}
... -
ScalarDB Server 3.8 or later (Apache Commons Text syntax)
scalardb:
databaseProperties: |
...
scalar.db.username=${env:SCALAR_DB_USERNAME}
scalar.db.password=${env:SCALAR_DB_PASSWORD}
...
-
-
ScalarDB Cluster
scalardbCluster:
scalardbClusterNodeProperties: |
...
scalar.db.username=${env:SCALAR_DB_USERNAME}
scalar.db.password=${env:SCALAR_DB_PASSWORD}
... -
ScalarDB Analytics with PostgreSQL
scalardbAnalyticsPostgreSQL:
databaseProperties: |
...
scalar.db.username=${env:SCALAR_DB_USERNAME}
scalar.db.password=${env:SCALAR_DB_PASSWORD}
... -
ScalarDL Ledger
-
ScalarDL Ledger 3.7 or earlier (Go template syntax)
ledger:
ledgerProperties: |
...
scalar.db.username={{ default .Env.SCALAR_DB_USERNAME "" }}
scalar.db.password={{ default .Env.SCALAR_DB_PASSWORD "" }}
... -
ScalarDL Ledger 3.8 or later (Apache Commons Text syntax)
ledger:
ledgerProperties: |
...
scalar.db.username=${env:SCALAR_DB_USERNAME}
scalar.db.password=${env:SCALAR_DB_PASSWORD}
...
-
-
ScalarDL Auditor
-
ScalarDL Auditor 3.7 or earlier (Go template syntax)
auditor:
auditorProperties: |
...
scalar.db.username={{ default .Env.SCALAR_DB_USERNAME "" }}
scalar.db.password={{ default .Env.SCALAR_DB_PASSWORD "" }}
... -
ScalarDL Auditor 3.8 or later (Apache Commons Text syntax)
auditor:
auditorProperties: |
...
scalar.db.username=${env:SCALAR_DB_USERNAME}
scalar.db.password=${env:SCALAR_DB_PASSWORD}
...
-
-
ScalarDL Schema Loader
-
ScalarDL Schema Loader 3.7 or earlier (Go template syntax)
schemaLoading:
databaseProperties: |
...
scalar.db.username={{ default .Env.SCALAR_DB_USERNAME "" }}
scalar.db.password={{ default .Env.SCALAR_DB_PASSWORD "" }}
... -
ScalarDL Schema Loader 3.8 or later (Apache Commons Text syntax)
schemaLoading:
databaseProperties: |
...
scalar.db.username=${env:SCALAR_DB_USERNAME}
scalar.db.password=${env:SCALAR_DB_PASSWORD}
...
-
-
- Example
-
Create a
Secret
resource that includes credentials.
You need to specify the environment variable name as keys of theSecret
.-
Example
kubectl create secret generic scalardb-credentials-secret \
--from-literal=SCALAR_DB_USERNAME=postgres \
--from-literal=SCALAR_DB_PASSWORD=postgres
-
-
Set the
Secret
name to the following keys in the custom values file.- Keys
scalardb.secretName
(ScalarDB Server)scalardbCluster.secretName
(ScalarDB Cluster)scalardbAnalyticsPostgreSQL.secretName
(ScalarDB Analytics with PostgreSQL)ledger.secretName
(ScalarDL Ledger)auditor.secretName
(ScalarDL Auditor)schemaLoading.secretName
(ScalarDL Schema Loader)
- Example
-
ScalarDB Server
scalardb:
secretName: "scalardb-credentials-secret" -
ScalarDB Cluster
scalardbCluster:
secretName: "scalardb-cluster-credentials-secret" -
ScalarDB Analytics with PostgreSQL
scalardbAnalyticsPostgreSQL:
secretName: scalardb-analytics-postgresql-credentials-secret
-
- Keys