将多个k8s秘密组合到一个env变量中 [英] Combining multiple k8s secrets into an env variable

查看:1494
本文介绍了将多个k8s秘密组合到一个env变量中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的k8s命名空间包含一个Secret,该Secret是在部署时(由svcat创建)创建的,因此这些值是事先未知的.

My k8s namespace contains a Secret which is created at deployment time (by svcat), so the values are not known in advance.

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: my-database-credentials
data:
  hostname: ...
  port: ...
  database: ...
  username: ...
  password: ...

Deployment需要以略有不同的格式注入这些值:

A Deployment needs to inject these values in a slightly different format:

...

containers:
  env:
  - name: DATABASE_URL
    valueFrom:
      secretKeyRef:
        name: my-database-credentials
        key: jdbc:postgresql:<hostname>:<port>/<database> // ??

  - name: DATABASE_USERNAME
    valueFrom:
      secretKeyRef:
        name: my-database-credentials
        key: username

  - name: DATABASE_PASSWORD
    valueFrom:
      secretKeyRef:
        name: my-database-credentials
        key: password

DATABASE_URL必须由先前定义的机密的hostnameport,数据库"组成.

The DATABASE_URL needs to be composed out of the hostname, port, 'database` from the previously defined secret.

有什么方法可以做这个组合吗?

Is there any way to do this composition?

推荐答案

Kubernetes允许您将先前定义的环境变量用作后续环境变量的一部分.从 Kubernetes API参考文档 :

Kubernetes allows you to use previously defined environment variables as part of subsequent environment variables. From the Kubernetes API reference docs:

使用容器中先前定义的环境变量和所有服务环境变量来扩展变量引用$(VAR_NAME).

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables.

因此,您可以先将所需的机密值提取到环境变量中,然后用这些变量组成DATABASE_URL.

So, you can first extract the required secret values into environment variables, and then compose the DATABASE_URL with those variables.

...

containers:
  env:
  - name: DB_URL_HOSTNAME               // part 1
    valueFrom:
      secretKeyRef:
        name: my-database-credentials
        key: hostname

  - name: DB_URL_PORT                   // part 2
    valueFrom:
      secretKeyRef:
        name: my-database-credentials
        key: port

  - name: DB_URL_DBNAME                 // part 3
    valueFrom:
      secretKeyRef:
        name: my-database-credentials
        key: database

  - name: DATABASE_URL                  // combine
    value: jdbc:postgresql:$(DB_URL_HOSTNAME):$(DB_URL_PORT)/$(DB_URL_DBNAME)

...

请注意用于变量扩展的圆括号$(...).

Note the round brackets $(...) used for variable expansion.

这篇关于将多个k8s秘密组合到一个env变量中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆