如何使用 Helm 图表提取环境变量 [英] How to pull environment variables with Helm charts

问题描述

我在 Helm 图表的模板目录中有我的 deployment.yaml 文件，其中包含我将使用 Helm 运行的容器的几个环境变量.

I have my deployment.yaml file within the templates directory of Helm charts with several environment variables for the container I will be running using Helm.

现在我希望能够从运行 helm 的任何机器本地提取环境变量，以便我可以通过这种方式隐藏秘密.

Now I want to be able to pull the environment variables locally from whatever machine the helm is ran so I can hide the secrets that way.

当我使用 Helm 运行应用程序时，如何传入并让 helm 在本地获取环境变量?

How do I pass this in and have helm grab the environment variables locally when I use Helm to run the application?

这是我的 deployment.yaml 文件的一部分

Here is some part of my deployment.yaml file

...
...
    spec:
      restartPolicy: Always
      containers:
        - name: sample-app
          image: "sample-app:latest"
          imagePullPolicy: Always
          env:          
            - name: "USERNAME"
              value: "app-username"
            - name: "PASSWORD"
              value: "28sin47dsk9ik"
...
...

如何在运行 helm 时从本地环境变量中提取 USERNAME 和 PASSWORD 的值?

How can I pull the value of USERNAME and PASSWORD from local environment variables when I run helm?

这可能吗?如果是，那我该怎么做?

Is this possible? If yes, then how do I do this?

推荐答案

您可以导出变量并在运行helm install时使用它.

You can export the variable and use it while running helm install.

在此之前，您必须修改图表，以便在安装时可以set 的值.

Before that, you have to modify your chart so that the value can be set while installation.

跳过这一部分，如果您已经知道如何设置模板字段.

Skip this part, if you already know, how to setup template fields.

由于您不想公开数据，因此最好将其保存为 kubernetes 中的机密.

As you don't want to expose the data, so it's better to have it saved as secret in kubernetes.

首先，在你的Values文件中加入这两行，这样这两个值就可以从外部设置了.

First of all, add this two lines in your Values file, so that these two values can be set from outside.

username: root
password: password

现在，在您的 template 文件夹中添加一个 secret.yaml 文件.然后，将此代码片段复制到该文件中.

Now, add a secret.yaml file inside your template folder. and, copy this code snippet into that file.

apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}-auth
data:
  password: {{ .Values.password | b64enc }}
  username: {{ .Values.username | b64enc }}

现在调整您的部署 yaml 模板并在 env 部分进行更改，如下所示

Now tweak your deployment yaml template and make changes in env section, like this

...
...
    spec:
      restartPolicy: Always
      containers:
        - name: sample-app
          image: "sample-app:latest"
          imagePullPolicy: Always
          env:          
          - name: "USERNAME"
            valueFrom:
              secretKeyRef:
                key:  username
                name: {{ .Release.Name }}-auth
          - name: "PASSWORD"
            valueFrom:
              secretKeyRef:
                key:  password
                name: {{ .Release.Name }}-auth
...
...

<小时>

如果您为 --set 标志正确修改了模板，您可以使用环境变量进行设置.

---

If you have modified your template correctly for --set flag, you can set this using environment variable.

$ export USERNAME=root-user

现在在运行 helm install 时使用这个变量，

Now use this variable while running helm install,

$ helm install --set username=$USERNAME ./mychart

如果您在 dry-run 模式下运行此 helm install，您可以验证更改，

If you run this helm install in dry-run mode, you can verify the changes,

$ helm install --dry-run --set username=$USERNAME --debug ./mychart
[debug] Created tunnel using local port: '44937'

[debug] SERVER: "127.0.0.1:44937"

[debug] Original chart version: ""
[debug] CHART PATH: /home/maruf/go/src/github.com/the-redback/kubernetes-yaml-drafts/helm-charts/mychart

NAME:   irreverant-meerkat
REVISION: 1
RELEASED: Fri Apr 20 03:29:11 2018
CHART: mychart-0.1.0
USER-SUPPLIED VALUES:
username: root-user

COMPUTED VALUES:
password: password
username: root-user

HOOKS:
MANIFEST:

---
# Source: mychart/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: irreverant-meerkat-auth
data:
  password: password
  username: root-user
---
# Source: mychart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: irreverant-meerkat
  labels:
    app: irreverant-meerkat
spec:
  replicas: 1
  template:
    metadata:
      name: irreverant-meerkat
      labels:
        app: irreverant-meerkat
    spec:
      containers:
      - name: irreverant-meerkat
        image: alpine
        env:
        - name: "USERNAME"
          valueFrom:
            secretKeyRef:
              key:  username
              name: irreverant-meerkat-auth
        - name: "PASSWORD"
          valueFrom:
            secretKeyRef:
              key:  password
              name: irreverant-meerkat-auth

        imagePullPolicy: IfNotPresent
      restartPolicy: Always
  selector:
    matchLabels:
      app: irreverant-meerkat

可以看到secret中username的数据变成了root-user.

You can see that the data of username in secret has changed to root-user.

我添加了这个例子 进入 github 仓库.

I have added this example into github repo.

kubernetes/helm 存储库中也有一些关于此的讨论.您可以查看这个问题以了解使用环境变量的所有其他方式.

There is also some discussion in kubernetes/helm repo regarding this. You can see this issue to know about all other ways to use environment variables.

这篇关于如何使用 Helm 图表提取环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！