Page Properties | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||
Resources & Remarks Modification History
|
...
Profile Type | Configuration File Name(s) | Referenced by | Description |
---|---|---|---|
prod, dev | service-specific configurations:
| all services except CONFIG service | Separation of development and production environments. A service with prod (dev) as active profile is running in the production (development) environment. Per default, all services are deployed in the production environment. If you want to build a test environment, you need to manually create the corresponding profiles. The CONFIG service will always try to load parameters from an |
kubernetes | application-kubernetes.yml |
| Used in Kubernetes systems. Furthermore, the API gateway and SYSTEM service query the Kubernetes API Server for other services in the namespace. |
redis | application-redis.yml |
| Redis connection parameters. |
mq | application-mq.yml |
| Messaging queue connection parameters. |
dbs | application-dbs.yml |
| Database connection parameters. |
es | application-es.yml |
| Elasticsearch connection parameters Index configuration used to create Elasticsearch index. |
storage | application-storage.yml |
| Binary data storage connection parameters. |
lc | application-lc.yml | Lifecycle configuration for asynchronous operations. | |
keycloak | - |
| Enables user-role-mapping in Keycloak. |
docker | application-docker.yml |
| The profile |
oauth2 | application-oauth2.yml |
| Contains authentication related parameters. |
metrics | application-metrics.yml |
| Profile under development. In the future, metrics should provide a possibility to monitor responses from the service instance. |
jpapostgres, jpa | - |
| Decides whether PostgreSQL wire protocol (jpapostgres ) or MS SQL (jpa ) should be used for the database connection of the AUDIT and/or REGISTRY service.If jpapostgres is used, the corresponding service uses the PostgreSQL driver that can connect either a PostgreSQL database or a database which implements the PostgreSQL wire protocol, e.g., CockroachDB.For the usage of an MS SQL database, remove the jpapostgres profile from the AUDIT and REGISTRY services and assign the jpa profile instead. |
noamqp | - |
| Decides whether a messaging provider should be used by the API gateway and the COMMANDER service or not. If
If
|
...
- Convert the password in the
application-dbs.yml
file to Base64 format.
Example command for Windows Powershell:[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("changeme"))
Example command for Linux:echo -n "changeme" | base64 -w0
Both example commands lead to the outputY2hhbmdlbWU=
. Create a
yuuvis-secrets.yml
file with the following content:Code Block apiVersion: v1 kind: Secret metadata: name: yuuvis-secrets namespace: yuuvis type: Opaque data: POSTGRES_PASSWORD: Y2hhbmdlbWU=
The section data contains a list of key-value pairs that can contain multiple entries. As spacers within the string key name, only underscores are allowed. The value is the password in Base64 format.
- Create a Kubernetes Secret by running the command
kubectl apply -f yuuvis-secrets.yml
. Replace the password in the
application-dbs.yml
file by a placeholder:Code Block yuuvis.db.password: ${POSTGRES_PASSWORD}
Adjust the deployments of all yuuvis® services using the profile
dbs
by extending the sectionenv
:Code Block env: - name: POSTGRE_PASSWORD valueFrom: secretKeyRef: name: yuuvis-secrets key: POSTGRE_PASSWORD
The
name
and thekey
given insecretKeyRef
have to correspond to the name and the data value defined in the fileyuuvis-secrets.yml
.
Summary
Profiles act as globally reusable configuration elements or allow for the customization of specific service instances. The file name defines whether the configured parameters are available to multiple services or only one specific service. The profiles can be modified directly before the deployment or in a running system. Custom profiles can be added and referenced as well in addition to the always installed profiles. Sensitive data like passwords can be outsourced from the profiles and stored in Kubernetes Secrets instead.
...