将多个k8s秘密组合到一个env变量中 [英] Combining multiple k8s secrets into an env variable
问题描述
我的k8s命名空间包含一个Secret
,该Secret
是在部署时(由svcat
创建)创建的,因此这些值是事先未知的.
My k8s namespace contains a Secret
which is created at deployment time (by svcat
), so the values are not known in advance.
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: my-database-credentials
data:
hostname: ...
port: ...
database: ...
username: ...
password: ...
Deployment
需要以略有不同的格式注入这些值:
A Deployment
needs to inject these values in a slightly different format:
...
containers:
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: my-database-credentials
key: jdbc:postgresql:<hostname>:<port>/<database> // ??
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: my-database-credentials
key: username
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: my-database-credentials
key: password
DATABASE_URL
必须由先前定义的机密的hostname
,port
,数据库"组成.
The DATABASE_URL
needs to be composed out of the hostname
, port
, 'database` from the previously defined secret.
有什么方法可以做这个组合吗?
Is there any way to do this composition?
推荐答案
Kubernetes允许您将先前定义的环境变量用作后续环境变量的一部分.从 Kubernetes API参考文档 :
Kubernetes allows you to use previously defined environment variables as part of subsequent environment variables. From the Kubernetes API reference docs:
使用容器中先前定义的环境变量和所有服务环境变量来扩展变量引用$(VAR_NAME).
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables.
因此,您可以先将所需的机密值提取到环境变量中,然后用这些变量组成DATABASE_URL
.
So, you can first extract the required secret values into environment variables, and then compose the DATABASE_URL
with those variables.
...
containers:
env:
- name: DB_URL_HOSTNAME // part 1
valueFrom:
secretKeyRef:
name: my-database-credentials
key: hostname
- name: DB_URL_PORT // part 2
valueFrom:
secretKeyRef:
name: my-database-credentials
key: port
- name: DB_URL_DBNAME // part 3
valueFrom:
secretKeyRef:
name: my-database-credentials
key: database
- name: DATABASE_URL // combine
value: jdbc:postgresql:$(DB_URL_HOSTNAME):$(DB_URL_PORT)/$(DB_URL_DBNAME)
...
请注意用于变量扩展的圆括号$(...)
.
Note the round brackets $(...)
used for variable expansion.
这篇关于将多个k8s秘密组合到一个env变量中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!