sebastiandaschner blog

Configuring Open Liberty Datasources via Kubernetes Secrets

#kubernetes #openliberty friday, december 14, 2018

In Open Liberty, configuration of datasource credentials is typically done in the server.xml file. If we use containers and container orchestration, we ideally make use of Infrastructure-as-Code and store all configuration under version control. However, this is certainly not desired for these datasource credentials. For that reason, Kubernetes secret definitions allow us to separately store secret values that shouldn’t be visible to everyone in our clusters.

In Open Liberty we can define an optional file which defines properties that are read before the server.xml configuration and thus can affect configuration behavior. We use this file to define the credentials to our datasource:


However, this file will not be included into our Docker image but injected into the container at runtime, by Kubernetes secrets, for example.

These properties then can be referenced in our server.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<server description="Java EE 8 Server">


  <dataSource id="DefaultDataSource" jdbcDriverRef="postgresql-driver"
      type="javax.sql.ConnectionPoolDataSource" transactional="true">

    <properties serverName="coffee-shop-db" portNumber="5432"




In order to inject the file into our running container we define a deployment volume that is populated from a Kubernetes secret:

kind: Deployment
apiVersion: apps/v1beta1
  name: coffee-shop
# ...
      - name: coffee-shop
        image: ...
        - name: database-credentials-volume
          mountPath: /opt/wlp/usr/servers/defaultServer/
          readOnly: true
      - name: database-credentials-volume
          secretName: database-credentials

This requires a Kubernetes secret database-credentials which contains the contents of the file under the same key name. The properties are then loaded from the bootstrap file at server start-up time.

For further information on Open Liberty configuration, have a look at the documentation.


Found the post useful? Subscribe to my newsletter for more free content, tips and tricks on IT & Java: