使用yaml config自动为机密生成字符串 [英] Automatically generated strings for secrets using yaml config

问题描述

我有一个应用程序的部署配置，它(除其他外)为mysql数据库创建了一个秘密:

I have a deployment config for an app, that (among other things) creates a secret for a mysql database:

---
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
data:
  MYSQL_USER: my_user
  MYSQL_PASSWORD: my_random_secret
  MYSQL_DATABASE: my_db
  MYSQL_ROOT_PASSWORD: my_random_secret
---
etc...

部署文件受源代码控制，因此我不想在其中放置秘密.

The deployment file is under source control, so I don't want to place the secrets there.

有人知道我如何告诉Kubernetes为每个以my_random_secret作为值的变量生成随机字符串吗?最好是可以使用yaml文件进行配置的东西，而无需调用任何额外的命令.

Does anyone know how I can tell Kubernetes to generate random strings for each variable which has my_random_secret as a value in my example? Preferably something that can be configured using the yaml file, without needing to invoke any extra commands.

推荐答案

据我了解，您不希望将机密信息保存在本地.这样一来，您在创建该机密时就需要生成它们.

As far I have understood that you do not want to keep your secret information locally. So that you need to generate them when you are creating that secret.

我认为有一种使用go-template创建Kubernetes资源的方法.找不到足够的信息.我不能这样帮你.

I think there is a way to create Kubernetes resource using go-template. Didn't find enough information for that. I can't help you in this way.

但是您也可以使用脚本创建秘密.而且您的秘密也不会暴露.

But you can also create secret using script. And your secret will not be exposed.

在这种情况下，以下脚本可以为您提供帮助.这将为您生成随机密码，并为此创建秘密.

Following script can help you in that case. This will generate random password for you and will create secret with that.

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
data:
  MYSQL_PASSWORD: $(head -c 24 /dev/random | base64)
  MYSQL_ROOT_PASSWORD: $(head -c 24 /dev/random | base64)
stringData:
  MYSQL_USER: my_user
  MYSQL_DATABASE: my_db
EOF

运行此脚本.

希望它会为您服务

这篇关于使用yaml config自动为机密生成字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！