I deploy several Steeltoe-based (v3) aspnetcore .net8 microservices on Kubernetes (v1.35). In a cluster the service discovery is native so it is not required client-side. But, the ability to read configmap and secrets is a must have.
Configmap can be read through the api (still the preferred choice), alternatively they can be mounted as files (so it is transparent to the service). On the other end, secrets should be mounted in the pod and read from it (see: #976), so no api call is required to use them but the framework need to support the file structure.
Example (java spring boot):
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-service
spec:
template:
spec:
containers:
- env:
- name: SPRING_CLOUD_KUBERNETES_SECRETS_PATHS
value: /etc/secrets/test-service
image: test-service:1.0.0
volumeMounts:
- mountPath: /etc/secrets/test-service
name: test-service-volume
readOnly: true
volumes:
- name: test-service-volume
secret:
defaultMode: 420
secretName: test-serviceapiVersion: v1
kind: Secret
type: Opaque
metadata:
name: test-service
namespace: test
stringData:
jdbc.test.jdbc-url: jdbc:sqlserver://localhost:1433;databaseName=Test;Encrypt=true;TrustServerCertificate=true;
jdbc.test.password: ***
jdbc.test.username: ***
spring.rabbitmq.password: ***
# see folder structure
$ ls -alh /etc/secrets/test-service/
total 4K
drwxrwxrwt 3 root root 160 Mar 23 14:06 .
drwxr-xr-x 3 root root 4.0K Mar 23 14:11 ..
drwxr-xr-x 2 root root 120 Mar 23 14:06 ..2026_03_23_14_06_16.2737885139
lrwxrwxrwx 1 root root 32 Mar 23 14:06 ..data -> ..2026_03_23_14_06_16.2737885139
lrwxrwxrwx 1 root root 56 Mar 23 14:06 jdbc.test.jdbc-url -> ..data/jdbc.test.jdbc-url
lrwxrwxrwx 1 root root 56 Mar 23 14:06 jdbc.test.password -> ..data/jdbc.test.password
lrwxrwxrwx 1 root root 56 Mar 23 14:06 jdbc.test.username -> ..data/jdbc.test.username
lrwxrwxrwx 1 root root 31 Mar 23 14:06 spring.rabbitmq.password -> ..data/spring.rabbitmq.password
# see file content
$ cat /etc/secrets/test-service/spring.rabbitmq.password
pb[REDACTED]m7/app $
So, spring has the ability to read each file inside the directory and uses the filename as key and its content as the value and injects it into the application configuration.
For me the Steeltoe's Kubernetes package can "just" have the following features:
- injects cluster information in the info actuator
- provides additional health endpoints: liveness and readiness
- can read configmap from kubernetes api
- can read secrets mounted inside the pod
If necessary I can contribute.
Thanks!
I deploy several Steeltoe-based (v3) aspnetcore .net8 microservices on Kubernetes (v1.35). In a cluster the service discovery is native so it is not required client-side. But, the ability to read configmap and secrets is a must have.
Configmap can be read through the api (still the preferred choice), alternatively they can be mounted as files (so it is transparent to the service). On the other end, secrets should be mounted in the pod and read from it (see: #976), so no api call is required to use them but the framework need to support the file structure.
Example (java spring boot):
So, spring has the ability to read each file inside the directory and uses the filename as key and its content as the value and injects it into the application configuration.
For me the Steeltoe's Kubernetes package can "just" have the following features:
If necessary I can contribute.
Thanks!