Document secret key references

Resolves spring-cloud#3339
Feixu2015 · Jul 15, 2019 · a8b2869 · a8b2869
1 parent c7afbaa
commit a8b2869
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 0 deletions.
diff --git a/spring-cloud-dataflow-docs/src/main/asciidoc/configuration-kubernetes.adoc b/spring-cloud-dataflow-docs/src/main/asciidoc/configuration-kubernetes.adoc
@@ -217,6 +217,18 @@ These properties are also used when configuring the <<configuration-kubernetes-t
 |The toleration value to apply, used in conjunction with `operator` to select to appropriate `effect`.
 |<none>
 
+|secretKeyRefs.envVarName
+|The environment variable name to hold the secret data
+|<none>
+
+|secretKeyRefs.secretName
+|The secret name to access
+|<none>
+
+|secretKeyRefs.dataKey
+|The key name to obtain secret data from
+|<none>
+
 |maximumConcurrentTasks
 |The maximum concurrent tasks allowed for this platform instance.
 |20

diff --git a/spring-cloud-dataflow-docs/src/main/asciidoc/getting-started-kubernetes.adoc b/spring-cloud-dataflow-docs/src/main/asciidoc/getting-started-kubernetes.adoc
@@ -634,3 +634,67 @@ data:
 ====
 
 Replacing the `tolerations` key / value pairs according to your desired toleration configuration.
+
+==== Secret Key References
+
+Secrets can be referenced and their decoded value inserted into the pod(s) environment.
+Refer to the https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables[Using Secrets as Environment Variables] section of the Kubernetes reference for more information.
+
+The following example shows how you can individually configure applications:
+
+====
+[source,options=nowrap]
+----
+deployer.<app>.kubernetes.secretKeyRefs=[{envVarName: 'MY_SECRET', secretName: 'testsecret', dataKey: 'password'}]
+----
+====
+
+Replace `<app>` with the name of your application and the `envVarName`, `secretName` and `dataKey` attributes with the appropriate values for your application environment and secret.
+
+You can configure secret key references at the global server level as well.
+
+The following example shows how to do so for streams:
+
+====
+[source,yaml]
+----
+data:
+  application.yaml: |-
+    spring:
+      cloud:
+        skipper:
+          server:
+            platform:
+              kubernetes:
+                accounts:
+                  default:
+                    secretKeyRefs:
+                      - envVarName: MY_SECRET
+                        secretName: testsecret
+                        dataKey: password
+----
+====
+
+The following example shows how to do so for tasks:
+
+====
+[source,yaml]
+----
+data:
+  application.yaml: |-
+    spring:
+      cloud:
+        dataflow:
+          task:
+            platform:
+              kubernetes:
+                accounts:
+                  default:
+                    secretKeyRefs:
+                      - envVarName: MY_SECRET
+                        secretName: testsecret
+                        dataKey: password
+----
+====
+
+Replacing the `envVarName`, `secretName` and `dataKey` attributes with the appropriate values for your secret.