如何在掌舵图中引用kubernetes的秘密? [英] How to reference kubernetes secrets in helm chart?

问题描述

我想使用头盔图在kubernetes中进行一些部署.这是我使用的示例覆盖值Yaml:

I want to make some deployments in kubernetes using helm charts. Here is a sample override-values yaml that I use:

imageRepository: ""

ocbb:
    imagePullPolicy: IfNotPresent
    TZ: UTC
    logDir: /oms_logs
    tnsAdmin: /oms/ora_k8
    LOG_LEVEL: 3
    wallet:
        client: 
        server: 
        root:
    db:
        deployment:
            imageName: init_db
            imageTag:
        host: 192.168.88.80
        port:
        service:
        alias:
        schemauser: pincloud
        schemapass:
        schematablespace: pincloud
        indextablespace: pincloudx
        nls_lang: AMERICAN_AMERICA.AL32UTF8
        charset: AL32UTF8
        pipelineschemauser: ifwcloud
        pipelineschemapass:
        pipelineschematablespace: ifwcloud
        pipelineindextablespace: ifwcloudx
        pipelinealias:
        queuename:

在此文件中，我必须设置一些涉及凭证的值，例如schemapass，pipelineschemapass ... 文档说明，我必须生成kubernetes机密才能执行此操作，并将此密钥添加到具有相同路径层次结构的yaml文件中.

In this file I have to set some values involving credentials, for example schemapass, pipelineschemapass... Documentation states I have to generate kubernetes secrets to do this and add this key to my yaml file with the same path hierarchy.

我生成了一些kubernetes机密，例如:

I generated some kubernetes secrets, for example:

kubectl create secret generic schemapass --from-literal=password='pincloud'

现在，我不知道如何在yaml文件中引用这个新生成的秘密.关于如何在Yaml图表中设置schemapass字段以引用kubernetes机密的任何技巧?

Now I don't know how to reference this newly generated secret in my yaml file. Any tip about how to set schemapass field in yaml chart to reference kubernetes secret?

推荐答案

您不能在values.yaml中使用Kubernetes机密.在values.yaml中，您仅指定舵图"的输入参数，因此它可以是秘密名称，但不能是秘密本身(或它所解析的任何内容).

You cannot use Kubernetes secret in your values.yaml. In values.yaml you only specify the input parameters for the Helm Chart, so it could be the secret name, but not the secret itself (or anything that it resolved).

如果要在容器中使用机密，则可以将其作为环境变量插入:

If you want to use the secret in your container, then you can insert it as an environment variable:

env:
- name: SECRET_VALUE_ENV
  valueFrom:
    secretKeyRef:
      name: schemapass
      key: password

您可以在 Hazelcast Enterprise Helm Chart 中查看更多信息. .我们正是这样做的.您在values.yaml中指定密钥名称，然后使用环境变量将密钥注入到容器中.

You can check more in the Hazelcast Enterprise Helm Chart. We do exactly that. You specify the secret name in values.yaml and then the secret is injected into the container using environment variable.

这篇关于如何在掌舵图中引用kubernetes的秘密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！