This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push: new eac8e303e97 Add documentation about Kubernetes Secret Properties Function to Secret Component (#15253) eac8e303e97 is described below commit eac8e303e97a760e8f445d7eb2175d691148871a Author: Andrea Cosentino <anco...@gmail.com> AuthorDate: Wed Aug 21 14:29:17 2024 +0200 Add documentation about Kubernetes Secret Properties Function to Secret Component (#15253) Signed-off-by: Andrea Cosentino <anco...@gmail.com> --- .../main/docs/kubernetes-secrets-component.adoc | 74 +++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) diff --git a/components/camel-kubernetes/src/main/docs/kubernetes-secrets-component.adoc b/components/camel-kubernetes/src/main/docs/kubernetes-secrets-component.adoc index 5cb4bdc60e8..bbdb04575ef 100644 --- a/components/camel-kubernetes/src/main/docs/kubernetes-secrets-component.adoc +++ b/components/camel-kubernetes/src/main/docs/kubernetes-secrets-component.adoc @@ -80,6 +80,78 @@ from("direct:listByLabels").process(new Processor() { This operation returns a list of Secrets from your cluster using a label selector (with key1 and key2, with value value1 and value2) - +== Using secrets properties function with Kubernetes + +The `camel-kubernetes` component include the following secrets related functions: + +* `secret` - A function to lookup the string property from Kubernetes Secrets. +* `secret-binary` - A function to lookup the binary property from Kubernetes Secrets. + +Camel reads Secrets from the Kubernetes API Server. And when RBAC is enabled on the cluster, +the ServiceAccount that is used to run the application needs to have the proper permissions for such access. + +Before the Kubernetes property placeholder functions can be used they need to be configured with either (or both) + +- path - A _mount path_ that must be mounted to the running pod, to load the configmaps or secrets from local disk. +- kubernetes client - *Autowired* An `io.fabric8.kubernetes.client.KubernetesClient` instance to use for connecting to the Kubernetes API server. + +Camel will first use _mount paths_ (if configured) to lookup, and then fallback to use the `KubernetesClient`. + +A secret named `mydb` could contain username and passwords to connect to a database such as: + +[source,properties] +---- +myhost = killroy +myport = 5555 +myuser = scott +mypass = tiger +---- + +This can be used in Camel with for example the Postrgres Sink Kamelet: + +[source,xml] +---- +<camelContext> + <route> + <from uri="direct:rome"/> + <setBody> + <constant>{ "username":"oscerd", "city":"Rome"}</constant> + </setBody> + <to uri="kamelet:postgresql-sink?serverName={{secret:mydb/myhost}} + &serverPort={{secret:mydb/myport}} + &username={{secret:mydb/myuser}} + &password={{secret:mydb/mypass}} + &databaseName=cities + &query=INSERT INTO accounts (username,city) VALUES (:#username,:#city)"/> + </route> +</camelContext> +---- + +The postgres-sink Kamelet can also be configured in `application.properties` which reduces the configuration +in the route above: + +[source,properties] +---- +camel.component.kamelet.postgresql-sink.databaseName={{secret:mydb/myhost}} +camel.component.kamelet.postgresql-sink.serverPort={{secret:mydb/myport}} +camel.component.kamelet.postgresql-sink.username={{secret:mydb/myuser}} +camel.component.kamelet.postgresql-sink.password={{secret:mydb/mypass}} +---- + +Which reduces the route to: + +[source,xml] +---- +<camelContext> + <route> + <from uri="direct:rome"/> + <setBody> + <constant>{ "username":"oscerd", "city":"Rome"}</constant> + </setBody> + <to uri="kamelet:postgresql-sink?databaseName=cities + &query=INSERT INTO accounts (username,city) VALUES (:#username,:#city)"/> + </route> +</camelContext> +---- include::spring-boot:partial$starter.adoc[]