inject environment variables in tomcat catalina.properties [Kubernetes]
I had the same problem and the answer from @jamesfry helped me to have it fixed. Though it was hard for me to find how to set "system property" for the container in Kubernetes. So sharing fix with exact code change required in your 'Deployment' based on James's answer:
containers: - name: myapp image: tomcat8-jre8:latest imagePullPolicy: Always env: - name: JAVA_OPTS value: -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=org.apache.tomcat.util.digester.EnvironmentPropertySource - name: DATABASE_HOST valueFrom: secretKeyRef: name: my-secret key: external.database.host - name: DATABASE_USER valueFrom: secretKeyRef: name: my-secret key: external.database.user - name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: my-secret key: external.database.password
Note that your JNDI could directly use your env variables in the deployment file, as below:
<Resource factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" name="jdbc/mysource" auth="Container" type="javax.sql.DataSource" driverClassName="org.postgresql.Driver" url="jdbc:postgresql://${DATABASE_HOST}" # secret url username="${DATABASE_USER}" password="${DATABASE_PASSWORD}" />
And you don't need to touch catalina.properties.
See https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html.
TLDR; set the system property org.apache.tomcat.util.digester.PROPERTY_SOURCE
to org.apache.tomcat.util.digester.EnvironmentPropertySource
and the environment will be used for variable interpolation instead of system properties.
An alternative, setting system properties from environment variables in setenv.sh
, unfortunately dumps the properties to the console on startup (declaring them 'command line arguments') and thus leaks any secrets shared this way.