In siddhi email documentation it says that the account configurations can be done on the deployment file. But there is no information about how to use those variables and where the deployment yaml should be or which deployment file should be.
https://wso2-extensions.github.io/siddhi-io-email/api/1.0.2/
So I have tried creating a deployment file inside the conf/PROFILE/
and also tried adding the fields in all the deployment.yaml files.
But I haven't found a way to use inside the siddhi app.
The following element should be added to /conf/profile/deployment.yaml file to set the system properties,
siddhi:
extensions:
- extension:
name: email
namespace: sink
properties:
host: 0.0.0.0
port: 5511
Please see below, documentation for further information.
Related
I have this error when I deploy my app:
My properties are these:
quarkus.vault.secret-config-kv-path=kv2/dev/test/test/getting-started-v1
quarkus.vault.kv-secret-engine-version=2
quarkus.vault.authentication.kubernetes.role=getting-started-v1
My policy in hashicorp is the same and the role is attached for this policie.
When I disabled this property: quarkus.vault.secret-config-kv-path the app running but not load any secrets this is the console message:
I have used this documentation
Any help or idea for get the values for hashicorp, probably other method programmatic
This could be a typical issue with kv ver 1 vs 2. Ver 2 has different path. You should consider it in your settings and policy, check the document: https://developer.hashicorp.com/vault/tutorials/secrets-management/versioned-kv#compare-kv-v1-and-kv-v2
In most cases you need to add data after a mount point in the path: kv2/data/dev/test/test...
We are using config server with Vault backend to fetch application secrets.
Config server project is using spring-vault-core dependency and spring-vault-dependencies dependency management for Vault.
Vault related config in application yml file is as follows:
spring:
cloud:
config:
server:
vault:
order: 0
uri: <complete URI>
connection-timeout: 5000
read-timeout: 15000
kvVersion: 2
backend: secret
defaultKey: config
This works fine and fetches me the Vault secrets in secret/config.
I am unable to add secret fetching from multiple paths in Vault (secret/config + secret/customFolder). I have tried adding comma separated application-name etc as suggested across various posts but does not work. Has anyone tried something similar?
You can take a look to the composite profile.
There are a lot of additional questions - what exactly you are trying to do, and why do you want to have this?
For us, for example, it was important to split infra services configurations and also split, actually, microservices configurations by itself. And, important requirement, to be able to "overwrite" it (in case of migrations, for instance).
We have achieve that with two things:
on config server side we are using composite configuration (with exactly the same type and uri, but little bit different backend and keys),
on config client's side we are specifying several values for spring.cloud.config.name property (coma separated list).
I'm having some issues when trying to use Hashicorp vault template (kubernetes with Google Kubernetes Engine) with to.be.continuous.
Actually when I use it with Google Docker Kaniko layer I got an error message: ... wget: bad address 'vault-secrets-provider'.
It seems that Kaniko doesn't recognize the vault-secrets-provider layer. Would you please help me with this? Or perhaps, where I can ask for some help?
This is a summary of .gitlab-ci.yml
# Kubernetes template
- project: 'to-be-continuous/kubernetes'
ref: '2.0.4'
file: '/templates/gitlab-ci-k8s.yml'
- project: "to-be-continuous/kubernetes"
ref: "2.0.4"
file: "templates/gitlab-ci-k8s-vault.yml"
...
K8S_DEFAULT_KUBE_CONFIG: "#url#http://vault-secrets-provider/api/secrets/noprod?field=kube_config"
VAULT_BASE_URL: "http://myvault.myserver.com/v1"
Error Message:
[ERROR] Failed getting secret K8S_DEFAULT_KUBE_CONFIG:
... wget: bad address 'vault-secrets-provider'
I tried many times directly without Vault layer and Kaniko works ok, I mean without Vault secrets.
How I can accomplish this? I tried modifying the kaniko template but without success.
I will appreciate any help with this.
To fix your issue, first upgrade the docker template to its latest version (2.3.0 at the time this response was written).
Then depending on your case you have 2 options:
Docker needs to handle some of your secrets managed by Vault: then you shall also activate the Vault variant for Docker,
Docker doesn't needs to handle any secret managed by Vault: don't use the Vault variant for Docker, you'll have a warning message from Docker not being able to decode the secret (basically the same as the one you had, but not failing the build),
You shall simply use it in your .gitlab-ci.yml file:
include:
# Docker template
- project: 'to-be-continuous/docker'
ref: '2.3.0'
file: '/templates/gitlab-ci-docker.yml'
# Vault variant for Docker (depending on your above case)
- project: 'to-be-continuous/docker'
ref: '2.3.0'
file: '/templates/gitlab-ci-docker-vault.yml'
# Kubernetes template
- project: 'to-be-continuous/kubernetes'
ref: '2.0.4'
file: '/templates/gitlab-ci-k8s.yml'
- project: "to-be-continuous/kubernetes"
ref: "2.0.4"
file: "/templates/gitlab-ci-k8s-vault.yml"
K8S_DEFAULT_KUBE_CONFIG: "#url#http://vault-secrets-provider/api/secrets/noprod?field=kube_config"
VAULT_BASE_URL: "http://myvault.myserver.com/v1"
I have been trying to get the github payload trigger in openshift since quite some time but doesnt seem to work via yaml file. Basically when I create the pipeline in Openshift via yaml file I want the github trigger to be available as soon as it appears on the dashboard and do not want to run any manual command.
Have appended below text with parameters while creating pipeline but this doesnt work:
triggers:
- github:
secretReference: ${GITHUB_WEBHOOK_SECRET}
secret: ${GITHUB_WEBHOOK_SECRET}
type: GitHub
- type: ConfigChange
have also tried putting this in shell :
oc patch bc/testapp --patch "{\"spec\": {\"triggers\": [{\"type\": \"GitHub\",\"github\": {\"secretReference\": {\"name\": \"mysecret\"}}}]}}"
Any one succeeded in doing this ? please help
it should be like below :
triggers:
- github:
secretReference:
name: ${GITHUB_WEBHOOK_SECRET}
type: GitHub
Just realized that geoip was present by default within the nginx-ingress in the context of kubernetes; that is, looked around, being new into nginx geoip, I don't have much clue about how to benefit from this
Firstly, is there any declarative setup to effectively have it working ? A configmap setup, or so ?
Secondly, how such info is passed from the nginx-ingress to an app ? Is the info present in the headers ? is there any extra setup to apply ?
thanks a lot for any experienced input; best
Find usefull documentation about how to configure Geoip2 for nginx ingress kubernetes deployment.
Example Nginx Configuration ConfigMap
You will find the expected ConfigMap name at the nginx controller container entrypoint or environment variables. Furthermore you can override this name, the way to do so will depend on your nginx installation/deployment method.
ConfiMap Nginx supported configurations
You will find there a listed all the supported configs/properties plus a sort description about them and how to use them.
For this specific question, the property to configure Geoip2 is "use-geoip2" (link below)
Enable GeoIP2
remark: you will need a license and add a flag at nginx entry command providing it
The nginx_http_geoip_module module creates variables with values depending on the client IP address, using the precompiled MaxMind databases.
This module is not built by default, it should be enabled with the --with-http_geoip_module configuration parameter.
The module analyze headers, next connect to defined database, fetch the localization information and offers a variables regarding to them like
country or city of connection origin. Some examples:
$geoip_country_code - two-letter country code
$geoip_city - city name
$geoip_postal_code - postal code