book

Quarkus Cookbook

by Alex Soto Bueno, Jason Porter

July 2020

Intermediate to advanced

392 pages

7h 20m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Who Should Read This BookWhy We Wrote This BookNavigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
Developer-FriendlyIntegration with KubernetesMemory and First Response TimeA Basic Quarkus Workflow
2.1. Scaffolding a Quarkus Project with Maven2.2. Scaffolding a Quarkus Project with Gradle2.3. Scaffolding a Quarkus Project with the Quarkus Start Coding Website2.4. Scaffolding a Quarkus Project with Visual Studio Code2.5. Live Reloading with Dev Mode2.6. Serving Static Resources
3.1. Creating a Simple REST API Endpoint3.2. Extracting Request Parameters3.3. Using Semantic HTTP Response Status Codes3.4. Binding HTTP Methods3.5. Enabling Cross-Origin Resource Sharing (CORS)3.6. Using Reactive Routes3.7. Intercepting HTTP Requests3.8. Secure Connections with SSL
4.1. Configuring the Application with Custom Properties4.2. Accessing Configuration Properties Programmatically4.3. Overwriting Configuration Values Externally4.4. Configuring with Profiles4.5. Changing Logger Configuration4.6. Adding Application Logs4.7. Advanced Logging4.8. Configuring with Custom Profiles4.9. Creating Custom Sources4.10. Creating Custom Converters4.11. Grouping Configuration Values4.12. Validating Configuration Values
5.1. Marshalling/Unmarshalling JSON5.2. Marshalling/Unmarshalling XML5.3. Validating Input and Output Values5.4. Creating Custom Validations5.5. Validating Objects Programmatically5.6. Injecting Dependencies5.7. Creating Factories5.8. Executing Object Life Cycle Events5.9. Executing Application Life Cycle Events5.10. Using a Named Qualifier5.11. Using Custom Qualifiers5.12. Qualifying and Configuring Annotations5.13. Creating Interceptors5.14. Writing Behavioral Tests5.15. Writing Unit Tests5.16. Creating Mock Objects5.17. Creating Mock Objects with Mockito5.18. Grouping Several Annotations into One with a Meta-Annotation5.19. Executing Code Before or After a Test5.20. Testing the Native Executable
6.1. Running in Command Mode6.2. Creating a Runnable JAR File6.3. Über-JAR Packaging6.4. Building a Native Executable6.5. Building a Docker Container for JAR File6.6. Building a Docker Container for Native File6.7. Build and Dockerize a Native SSL Application
7.1. Defining a Datasource7.2. Using Multiple Datasources7.3. Adding Datasource Health Check7.4. Defining Transaction Boundaries Declaratively7.5. Setting a Transaction Context7.6. Programmatic Transaction Control7.7. Setting and Modifying a Transaction Timeout7.8. Setup with Persistence.xml7.9. Setup Without persistence.xml7.10. Using Entities from a Different JAR7.11. Persisting Data with Panache7.12. Finding All Entity Instances with Panache listAll Method7.13. Finding Individual Entities with Panache findById Method7.14. Finding Entities Using Panache Find and List Methods7.15. Obtaining a Count of Entities Using the Panache count Method7.16. Paginating Through Entity Lists Using the Panache page Method7.17. Streaming Results via the Panache Stream Method7.18. Testing Panache Entities7.19. Using a Data Access Object (DAO) or Repository Pattern7.20. Using Amazon DynamoDB7.21. Working with MongoDB7.22. Using Panache with MongoDB7.23. Using Neo4j with Quarkus7.24. Flyway at Startup7.25. Using Flyway Programmatically
8.1. Implementing Automatic Retries8.2. Implementing Timeouts8.3. Avoiding Overloads with the Bulkhead Pattern8.4. Avoiding Unnecessary Calls with the Circuit Breaker Pattern8.5. Disabling Fault Tolerance

9.1. Using Automatic Health Checks9.2. Creating Custom Health Checks9.3. Exposing Metrics9.4. Creating Metrics9.5. Using Distributed Tracing9.6. Custom Distributed Tracing
10.1. Building and Pushing Container Images10.2. Generating Kubernetes Resources10.3. Generating Kubernetes Resources with Health Checks10.4. Deploying Services on Kubernetes10.5. Deploying Services on OpenShift10.6. Building and Deploying a Container Image Automatically10.7. Configuring an Application from Kubernetes10.8. Configuring an Application from Kubernetes with Config Extension10.9. Interacting with a Kubernetes Cluster Programmatically10.10. Testing Kubernetes Client Interactions10.11. Implementing a Kubernetes Operator10.12. Deploying and Managing Serverless Workloads with Knative
Quarkus Security Basics11.1. Authentication and Authorization with Elytron Properties File Config11.2. Authentication and Authorization with Elytron Security JDBC Config11.3. Authorization with MicroProfile JWT11.4. Authorization and Authentication with OpenId Connect11.5. Protecting Web Resources with OpenId Connect
12.1. Storing Data Using Kubernetes Secrets12.2. Store Configuration Secrets Securely with Vault12.3. Cryptography as a Service12.4. Generate Database Password as Secret12.5. Authenticating Services Using Vault Kubernetes Auth
13.1. Using the JAX-RS Web Client13.2. Using the MicroProfile REST Client13.3. Implementing a CRUD Client13.4. Manipulating Headers13.5. Using REST Client for Multipart Messages13.6. Using REST Client to Configure SSL
14.1. Using Spring Dependency Injection14.2. Using Spring Web14.3. Using Spring Data JPA14.4. Using Spring Security14.5. Using Spring Boot Properties
15.1. Creating Async HTTP Endpoints15.2. Streaming Data Asynchronously15.3. Using Messaging to Decouple Components15.4. Reacting to Apache Kafka Messages15.5. Sending Messages to Apache Kafka15.6. Marshalling POJOs into/out of Kafka15.7. Using Kafka Streams API15.8. Using AMQP with Quarkus15.9. Using MQTT15.10. Query Using Reactive SQL15.11. Insert Using Reactive SQL Client15.12. Using the Reactive MongoDB Client15.13. Using the Reactive Neo4j Client
16.1. Creating Templates with the Qute Template Engine16.2. Rending HTML Using Qute16.3. Changing the Location of Qute Templates16.4. Extending Qute Data Classes16.5. Describing Endpoints with OpenAPI16.6. Customizing OpenAPI Spec16.7. Sending Email Synchronously16.8. Sending Email Reactively16.9. Creating Scheduled Jobs16.10. Using Application Data Caching

Content preview from Quarkus Cookbook

Chapter 12. Application Secrets Management

Every application has information that needs to be kept confidential. This information could include database credentials, external service authentication, or even the location of certain resources. All of these are collectively called secrets. Your application needs a secure place to store these secrets both during application startup and at rest. In this chapter, we will discuss secret management using Kubernetes and Vault.

12.1 Storing Data Using Kubernetes Secrets

Problem

You want to store secrets in Kubernetes in a safer way than directly on the Pod or container.

Solution

Use Kubernetes secrets to store and retrieve sensitive data such as passwords, tokens, or SSH keys in plain text on a container. Kubernetes has the concept of secret objects that can be used to store sensitive data.

It is important to know that storing sensitive data in a secret object does not automatically make it secure because Kubernetes does not encrypt data but instead encodes it in Base64 by default. Using secrets gives you some features that are not provided by the standard configuration process:

You can define the authorization policies to access the secret.
You can configure Kubernetes to encrypt sensitive data (this is known as encryption at rest).
You can grant access to a specific container instance using lists.