With Kubernetes Secrets, you can hide the MySQL password.
Upload the MySQL password with:
kubectl create secret generic kube-demo --from-literal=mysql-password=changeme1 -n demo
You can decode the secret with:
kubectl get secret kube-demo -o jsonpath='{.data.mysql-password}' -n demo | base64 -d
You need to remove the password clear value from the ConfiMap. You can do this editing the ConfigMap with:
kubectl edit cm kube-demo -n demo
To use the Secret, you can inject it as Environment Variable removing the comment from lines into kubernetes/deployment.yaml file:
- name: SPRING_DATASOURCE_PASSWORD
valueFrom:
secretKeyRef:
name: kube-demo
key: mysql-password
And redeploy the microservice with:
kubectl apply -f kubernetes/deployment.yaml