XYZ*_*len 2 yaml kubernetes kubernetes-helm kubernetes-secrets
I'm looking for a possible way to reference the secrets in my deployment.yaml (1 liner)
Currently I'm using the
containers:
- name: {{ template "myapp.name" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: Always
env:
- name: COUCHDB_USER
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-secrets
key: COUCHDB_USER
- name: COUCHDB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-secrets
key: COUCHDB_PASSWORD
With the minimal modification possible, I want to achieve something like this:
containers:
- name: {{ template "myapp.name" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: Always
env:
- name: COUCHDB_URL
value: http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@{{ .Release.Name }}-couchdb:5984
如果我可以在部署过程中一步一步完成此操作,而不是传递2个env vars并将其解析到我的应用程序中,那将是一个很好的选择。
我没有看到任何方法来实现它,而无需进行设置COUCHDB_USER并COUCHDB_PASSWORD在容器环境中。
一种解决方法是,您可以在其中指定密码,container.EnvFrom然后将所有密码keys转换为环境变量。然后,您可以使用这些环境变量来创建复合环境(即COUCHDB_URL)。
仅供参考,()使用kubernetes中的另一个env创建env 。花括号{}暂时无法使用。
一个例子是
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
COUCHDB_USER: YWRtaW4=
COUCHDB_PASSWORD: MWYyZDFlMmU2N2Rm
---
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
envFrom:
- secretRef:
name: mysecret
env:
- name: COUCHDB_URL
value: http://$(COUCHDB_USER):$(COUCHDB_PASSWORD)rest-of-the-url
您可以通过以下方式确认输出:
$ kubectl exec -it secret-env-pod bash
root@secret-env-pod:/data# env | grep COUCHDB
COUCHDB_URL=http://admin:1f2d1e2e67dfrest-of-the-url
COUCHDB_PASSWORD=1f2d1e2e67df
COUCHDB_USER=admin
在您的情况下,容器的yaml为:
$ kubectl exec -it secret-env-pod bash
root@secret-env-pod:/data# env | grep COUCHDB
COUCHDB_URL=http://admin:1f2d1e2e67dfrest-of-the-url
COUCHDB_PASSWORD=1f2d1e2e67df
COUCHDB_USER=admin
| 归档时间: |
|
| 查看次数: |
1500 次 |
| 最近记录: |