从Kubernetes Secret将数据导入配置映射 [英] Import data to config map from kubernetes secret

问题描述

我正在使用一个kubernetes ConfigMap，其中包含一个应用程序的数据库配置，并且有一个包含数据库密码的秘密. 我需要在ConfigMap中使用此密钥，因此当我尝试在ConfigMap中添加环境变量并从密钥中指定pod部署中的值时，由于ConfigMap中的值占用了密码，因此我无法使用密码连接到mysql变量的确切字符串.

I'm using a kubernetes ConfigMap that contains database configurations for an app and there is a secret that has the database password. I need to use this secret in the ConfigMap so when I try to add environment variable in the ConfigMap and specify the value in the pod deployment from the secret I'm not able to connect to mysql with password as the values in the ConfigMap took the exact string of the variable.

apiVersion: v1
kind: ConfigMap
metadata:
  name: config
data:
  APP_CONFIG: |
    port: 8080
    databases:
      default:
        connector: mysql
        host: "mysql"
        port: "3306"
        user: "root"
        password: "$DB_PASSWORD"

和deployment.yaml

and the deployment.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: app
  labels:
    app: backend
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: backend
    spec:
      containers:
      - name: app
        image: simple-app-image
        ports:
          - name: "8080"
            containerPort: 8080
        env:
          - name: APP_CONFIG
            valueFrom:
              configMapKeyRef:
                name: config
                key: APP_CONFIG
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: "mysql-secret"
                key: "mysql-root-password"

注意:秘密存在，我能够获取"mysql-root-password"值并用于登录数据库

Note: the secret exist and I'm able to get "mysql-root-password" value and use to login to the database

推荐答案

Kubernetes不能代替您，您应该在容器的入口点使用shell进行替换.

Kubernetes can't make that substitution for you, you should do it with shell in the entrypoint of the container.

这是一个有效的示例.我修改默认入口点以创建具有该替换的新变量.此命令后，您应该添加所需的入口点.

This is a working example. I modify the default entrypoint to create a new variable with that substitution. After this command you should add the desired entrypoint.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: app
  labels:
    app: backend
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: backend
    spec:
      containers:
      - name: app
        image: simple-app-image
        command:
          - /bin/bash
          - -c
        args:
          - "NEW_APP_CONFIG=$(echo $APP_CONFIG | envsubst) && echo $NEW_APP_CONFIG && <INSERT IMAGE ENTRYPOINT HERE>"
        ports:
          - name: "app"
            containerPort: 8080
        env:
          - name: APP_CONFIG
            valueFrom:
              configMapKeyRef:
                name: config
                key: APP_CONFIG
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: "mysql-secret"
                key: "mysql-root-password"

这篇关于从Kubernetes Secret将数据导入配置映射的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！