在 Kubernetes Init 容器中为 Kubernetes 主容器创建环境变量 [英] Create environment variables for Kubernetes main container in Kubernetes Init container

问题描述

我使用 Kubernetes Init 容器来配置应用程序的数据库.完成此操作后，我想通过环境变量将数据库的凭据提供给主容器.

I use an Kubernetes Init container to provision the application's database. After this is done I want to provide the DB's credentials to the main container via environment variables.

如何存档?

我不想在 Init 容器中创建 Kubernetes Secret，因为我不想在那里保存凭据！

I don't want to create a Kubernetes Secret inside the Init container, since I don't want to save the credentials there!

推荐答案

我看到了几种实现你想要的方法:

I see several ways to achieve what you want:

1. 在我看来，最好的方法是使用 Kubernetes Secret.@Nebril 已经在评论中提供了这个想法.您可以通过 Init Container 生成它并通过 PreStop 挂钩，例如.但是，你不想走那条路.

1. From my perspective, the best way is to use Kubernetes Secret. @Nebril has already provided that idea in the comments. You can generate it by Init Container and remove it by PreStop hook, for example. But, you don't want to go that way.

您可以使用 InitConatainer 和您的主 pod 使用的共享卷.InitContainer 会在你可以挂载的卷中生成环境变量文件db_cred.env，例如/env 路径.之后，您可以通过在 Pod 规范中修改容器的 command 来加载它，并在将启动的主脚本之前添加命令 source/env/db_cred.env你的申请.@user2612030 已经给了你这个想法.

You can use a shared volume which will be used by InitConatainer and your main pod. InitContainer will generate the environment variables file db_cred.env in the volume which you can mount, for example, to /env path. After that, you can load it by modifying a command of your container in the Pod spec and add the command source /env/db_cred.env before the main script which will start your application. @user2612030 already gave you that idea.

另一种方法是 Hashicorp 的 Vault，您可以将其用作所有凭据.

Another alternative way can be Vault by Hashicorp, you can use it as storage of all your credentials.

您可以使用一些自定义解决方案从 Kubernetes 应用程序直接写入和读取 Etcd.这是一个库示例 - k8s-kv.

You can use some custom solution to write and read directly to Etcd from Kubernetes apps. Here is a library example - k8s-kv.

但无论如何，在 Kubernetes 中存储凭据的最佳和最合适的方法是 Secrets.它比几乎任何其他方式都更安全、更容易.

But anyway, the best and the most proper way to store credentials in Kubernetes is Secrets. It is more secure and easier than almost any other way.

这篇关于在 Kubernetes Init 容器中为 Kubernetes 主容器创建环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！