在Kubernetes Init容器中为Kubernetes主容器创建环境变量 [英] Create environment variables for Kubernetes main container in Kubernetes Init container

问题描述

我使用Kubernetes Init容器来配置应用程序的数据库.完成此操作后，我想通过环境变量将数据库的凭据提供给主容器.

I use an Kubernetes Init container to provision the application's database. After this is done I want to provide the DB's credentials to the main container via environment variables.

如何存档?

我不想在Init容器中创建Kubernetes Secret，因为我不想在其中保存凭据！

I don't want to create a Kubernetes Secret inside the Init container, since I don't want to save the credentials there!

推荐答案

我看到几种实现所需目标的方法:

I see several ways to achieve what you want:

1. 从我的角度来看，最好的方法是使用Kubernetes Secret. @Nebril已经在评论中提供了这个想法.您可以通过Init Container生成它，并通过

1. From my perspective, the best way is to use Kubernetes Secret. @Nebril has already provided that idea in the comments. You can generate it by Init Container and remove it by PreStop hook, for example. But, you don't want to go that way.

您可以使用一个共享卷，该共享卷将由InitConatainer和您的主Pod使用. InitContainer将在您可以装入的卷中生成环境变量文件db_cred.env，例如，该文件可以安装到/env路径.之后，您可以通过在Pod规范中修改容器的command并在将启动应用程序的主脚本之前添加命令source /env/db_cred.env来加载它. @ user2612030已经给您这个想法.

You can use a shared volume which will be used by InitConatainer and your main pod. InitContainer will generate the environment variables file db_cred.env in the volume which you can mount, for example, to /env path. After that, you can load it by modifying a command of your container in the Pod spec and add the command source /env/db_cred.env before the main script which will start your application. @user2612030 already gave you that idea.

另一种替代方法可以是Hashicorp的 Vault ，您可以将其用作所有存储的工具凭据.

Another alternative way can be Vault by Hashicorp, you can use it as storage of all your credentials.

您可以使用一些自定义解决方案从Kubernetes应用程序直接读写Etcd.这是一个库示例- k8s-kv .

You can use some custom solution to write and read directly to Etcd from Kubernetes apps. Here is a library example - k8s-kv.

但是无论如何，在Kubernetes中存储凭证的最佳和最适当的方法是Secrets.它比几乎其他任何方式都更安全，更容易.

But anyway, the best and the most proper way to store credentials in Kubernetes is Secrets. It is more secure and easier than almost any other way.

这篇关于在Kubernetes Init容器中为Kubernetes主容器创建环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！