Open mhartmann-jaconi opened 7 months ago
alvarosanchez
commented
7 months ago Secrets are supported too: https://github.com/micronaut-projects/micronaut-kubernetes/blob/master/src/main/docs/guide/config-client.adoc#secrets
Note that you need to explicitly enable it (and give your deployment secret read permissions).
Please give it a try.
mhartmann-jaconi
commented
7 months ago I already tried the same approach, as for configmaps:
micronaut:
config-client:
enabled: true
kubernetes:
client:
secrets:
enabled: true
watch: true
labels:
- app: keycloakBut unfortunately this doesn't seem to work. I need to restart the service to make it aware of new secrets.
alvarosanchez
commented
7 months ago My apologies, secrets watching is indeed not supported, but is a legitimate ask. Reopening this
Feature description
Feature Request Support of watch mechanism for K8s secrets, read via K8s-api, so that secret content is stored as property source in application context without a server restart.
Current State From this documentation I get the impression (and my tests seem to prove that), that only ConfigMaps can be watched to dynamically (without restart) provide configuration as property source in the application context.
My Usecase I have an application, which does oauth-secured calls to other backend services in context of a "tenant" (a keycloak realm), where we have multiple ones of. To achieve that, we need a client-id/-secret per tenant in the application context. From time to time, there are new keycloak realms added and new client-credentials get generated and reflected as K8s secrets automatically (initiated by a different team). As a service owner I don't want to take manual action (restart service), when a new K8s secret appears, I just want the application to handle that by itself (eg. via K8s-api 'watch').