With Spring Cloud Vault 3.0 and Spring Boot 2.4, the bootstrap context initialization (bootstrap.yml, bootstrap.properties) click here for official documentation
My application pod is crushing with bootstrap.yaml
should I modify it to application.yaml, is it works?
We are upgraded Springboot 3.3.1 from 2.3.7
because of bootstrap.yaml is not picking the AWS secrets, my application pod is crushing and not able to start.
Please refer both bootstrap and deployment files and suggest me.
my bootstrap.yaml is below
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "app.name" . }}
labels: {{ include "app.labels" . | indent 4 }}
data:
bootstrap.yaml: >-
aws:
secretsmanager:
prefix: /secret
defaultContext: {{ .Release.Namespace }}
profileSeparator: _
failFast: true
name: "{{ .Release.Namespace }}_{{ template "app.name" . }}"
enabled: true
cloud:
aws:
region:
static: {{ .Values.region }}my deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "app.name" . }}
labels: {{ include "app.labels" . | indent 4 }}
annotations:
reloader.stakater.com/auto: "true"
spec:
{{- if not .Values.hpa.enabled }}
replicas: {{ .Values.replicas }}
{{- end }}
selector:
matchLabels: {{ include "app.selector" . | indent 6 }}
template:
metadata:
labels: {{ include "app.selector" . | indent 8 }}
spec:
serviceAccountName: {{ template "app.name" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: generate-keystore
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- >
openssl pkcs12 -export -name cert -in /cert/tls.crt -inkey /cert/tls.key -nodes -out /keystore/keystore.p12 -passout pass:password;
{{- if .Values.mTLS }}
keytool -importcert -file /cert/ca.crt -alias CAcert -keystore /keystore/truststore.p12 -storetype PKCS12 -noprompt -storepass password;
{{- end }}
volumeMounts:
- mountPath: /keystore
name: keystore
- mountPath: /cert
name: cert
{{- if or .Values.apm.elastic.enabled .Values.apm.otel.enabled }}
- name: apm-attach
image: {{ .Values.apm.image.name }}:{{ .Values.apm.image.tag }}
imagePullPolicy: IfNotPresent
volumeMounts:
- name: apm
mountPath: apm
command:
- sh
- -c
- "mkdir -p /apm/elastic-apm/ /apm/otel && cp /elastic-apm-agent.jar /apm/elastic-apm/ && cp /aws-opentelemetry-agent.jar /apm/otel "
{{- end }}
containers:
- name: {{ .Values.name }}
image: {{ .Values.image.name }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: 8080
name: service
name: service
readinessProbe: {{- toYaml .Values.readinessProbe | nindent 10 }}
livenessProbe: {{- toYaml .Values.livenessProbe | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
env:
- name: ENVIRONMENT
value: {{ .Release.Namespace }}
- name: ENV
value: {{ .Release.Namespace }}
#spring boot variables
- name: SERVER_PORT
value: "8080"
- name: SERVER_SSL_ENABLED
value: "true"
- name: SERVER_SSL_KEY_STORE
value: /keystore/keystore.p12
- name: SERVER_SSL_KEY_STORE_PASSWORD
value: "password"
- name: SERVER_SSL_KEY_STORE_TYPE
value: "PKCS12"
- name: SERVER_SERVLET_CONTEXT_PATH
value: "/{{ .Values.name }}"
{{- if .Values.mTLS }}
- name: SERVER_SSL_TRUST_STORE
value: /keystore/truststore.p12
- name: SERVER_SSL_TRUST_STORE_PASSWORD
value: password
- name: SERVER_SSL_TRUST_STORE_TYPE
value: PKCS12
{{- end }}
- name: MANAGEMENT_SERVER_PORT
value: "8888"
- name: MANAGEMENT_ENDPOINTS_WEB_BASE_PATH
value: "/"
- name: MANAGEMENT_ENDPOINTS_WEB_PATH-MAPPING_HEALTH
value: health
- name: MANAGEMENT_SERVER_SSL_ENABLED
value: "false"
- name: MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE
value: "*"
- name: MANAGEMENT_ENDPOINT_SHUTDOWN_ENABLED
value: "false"
- name: MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS
value: ALWAYS
- name: SPRING_BOOTSTRAP_JAVA_OPTS
value: -Dspring.cloud.bootstrap.location=/bootstrap/
- name: AWS_STS_REGIONAL_ENDPOINTS
value: regional
#end spring boot
#elastic apm
{{- if .Values.apm.elastic.enabled }}
- name: ELASTIC_APM_JAVA_OPTS
value: >
-Delastic.apm.server_urls={{ .Values.apm.elastic.server }}
-Delastic.apm.application_packages=org.iata.timatic
-Delastic.apm.service_name={{ .Values.name }}
-Delastic.apm.service_version={{ .Values.image.tag }}
-Delastic.apm.environment={{ .Values.environment }}
-Delastic.apm.enable_log_correlation=true
-javaagent:/apm/elastic-apm/elastic-apm-agent.jar
{{.Values.apm.elastic.config}}
{{- else if .Values.apm.otel.enabled }}
- name: OTEL_RESOURCE_ATTRIBUTES
value: service.name={{ .Values.name }}-{{ .Release.Namespace }},service.namespace={{ .Release.Namespace }},environment={{ .Release.Namespace }}
- name: OTEL_APM_JAVA_OPTS
value: -javaagent:/apm/otel/aws-opentelemetry-agent.jar
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "http://aws-otel-opentelemetry-collector.aws-otel:4317"
- name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
value: "http://aws-otel-opentelemetry-collector.aws-otel:4317"
{{- range $key, $value := .Values.apm.otel.envs }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
{{- end }}
#java opts
{{- range $key, $value := .Values.javaOpts }}
- name: {{ printf "%s_JAVA_OPTS" $key | upper }}
value: {{ $value }}
{{- end }}
#iterate through common envs
{{- range $key, $value := .Values.envs }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
resources: {{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: /keystore
name: keystore
- mountPath: /bootstrap
name: bootstrap
#apm mounts
{{- if or .Values.apm.elastic.enabled .Values.apm.otel.enabled }}
- name: apm
mountPath: /apm
{{- end }}
volumes:
- name: keystore
emptyDir: {}
- name: cert
secret:
defaultMode: 420
secretName: {{ template "app.name" . }}-app-cert
- name: bootstrap
configMap:
name: {{ template "app.name" . }}
{{- if or .Values.apm.elastic.enabled .Values.apm.otel.enabled }}
- name: apm
emptyDir: {}
{{- end }}What are the changes I need to follow??