spring-boot-debug-app
vault-helm
spring-boot-debug-app | vault-helm | |
---|---|---|
3 | 3 | |
1 | 1,038 | |
- | 1.1% | |
10.0 | 7.4 | |
over 1 year ago | 8 days ago | |
Kotlin | Shell | |
- | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
spring-boot-debug-app
-
Spring Boot logging with Loki, Promtail, and Grafana (Loki stack)
This is a GitHub link to my demo app. It’s simple Spring Boot web app used to debugging various stuff. There are many ways to configure JSON logging in Spring Boot. I decided to use Logback because it is easy to configure and one of the most widely used logging library in the Java Community. To enable JSON logging we need to add below dependencies.
-
Spring Boot monitoring with Prometheus Operator
My demo app (GitHub Link) uses Spring Boot version 3, or more precisely the latest release from 2022, i.e. 3.0.1. The core monitoring component in Spring Boot is Actuator. If you remember the migration of Spring Boot from version 1 to 2, you’ll probably remember that update brought a lot of breaking changes in Actuator. Fortunately, in the case of version 3, no such changes have been made, so you can apply the following configurations to Spring Boot version 2.x.x
-
Injecting secrets from Vault into Helm charts with ArgoCD
apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: demo spec: destination: namespace: sandbox server: https://kubernetes.default.svc project: default source: path: infra/helm repoURL: https://github.com/luafanti/spring-boot-debug-app targetRevision: main plugin: env: - name: HELM_VALUES value: | serviceAccount: create: true image: repository: luafanti/spring-boot-debug-app tag: main pullPolicy: IfNotPresent replicaCount: 1 resources: memoryRequest: 256Mi memoryLimit: 512Mi cpuRequest: 500m cpuLimit: 1 probes: liveness: initialDelaySeconds: 15 path: /actuator/health/liveness failureThreshold: 3 successThreshold: 1 timeoutSeconds: 3 periodSeconds: 5 readiness: initialDelaySeconds: 15 path: /actuator/health/readiness failureThreshold: 3 successThreshold: 1 timeoutSeconds: 3 periodSeconds: 5 ports: http: name: http value: 8080 management: name: management value: 8081 envs: - name: VAULT_SECRET_USER value: - name: VAULT_SECRET_PASSWORD value: log: level: spring: "info" service: "info" syncPolicy: {}
vault-helm
-
Injecting secrets from Vault into Helm charts with ArgoCD
To install Vault we will use the official Helm chart provided by HashiCorp. For simplicity, install it in developer mode. In dev mode, Vault doesn't need to be initialized or unsealed, but remember, it's only for development or experimentation. Never, ever run a dev mode in production
-
Securing Kubernetes Secrets with HashiCorp Vault
Once the above steps are done, it's time to install the HashiCorp Vault. The recommended way to deploy a Vault in the Kubernetes cluster is using the Vault’s official Helm chart. To deploy Vault in HA with auto unsealing use the below-mentioned values.yml file.
-
Question on Do's/Don'ts for Certain Software in Containers/k8s
Yup. There's an official Hashi chart.
What are some alternatives?
helm-charts
vault-operator - Run and manage Vault on Kubernetes simply and securely
jmespath.py - JMESPath is a query language for JSON.
argo-helm - ArgoProj Helm Charts
grafana-loki-stack-helmfile - Grafana Loki stack with predefined dashboard - helmfile installation
argocd-vault-plugin - An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
kubectx - Faster way to switch between clusters and namespaces in kubectl
Logback - The reliable, generic, fast and flexible logging framework for Java.
arogcd-vault-plugin-with-helm - Repository contains configuration resources to setup secret injections from Vault into Helm charts with ArgoCD