12

我想使用 helm 图表在 kubernetes 中进行一些部署。这是我使用的示例覆盖值 yaml:

imageRepository: ""

ocbb:
    imagePullPolicy: IfNotPresent
    TZ: UTC
    logDir: /oms_logs
    tnsAdmin: /oms/ora_k8
    LOG_LEVEL: 3
    wallet:
        client: 
        server: 
        root:
    db:
        deployment:
            imageName: init_db
            imageTag:
        host: 192.168.88.80
        port:
        service:
        alias:
        schemauser: pincloud
        schemapass:
        schematablespace: pincloud
        indextablespace: pincloudx
        nls_lang: AMERICAN_AMERICA.AL32UTF8
        charset: AL32UTF8
        pipelineschemauser: ifwcloud
        pipelineschemapass:
        pipelineschematablespace: ifwcloud
        pipelineindextablespace: ifwcloudx
        pipelinealias:
        queuename:

在这个文件中,我必须设置一些涉及凭据的值,例如 schemapass、pipelineschemapass... 文档状态我必须生成 kubernetes 机密来执行此操作并将此密钥添加到具有相同路径层次结构的 yaml 文件中。

我生成了一些 Kubernetes 机密,例如:

kubectl create secret generic schemapass --from-literal=password='pincloud'

现在我不知道如何在我的 yaml 文件中引用这个新生成的秘密。关于如何在 yaml 图表中设置 schemapass 字段以引用 kubernetes 机密的任何提示?

4

2 回答 2

20

You cannot use Kubernetes secret in your values.yaml. In values.yaml you only specify the input parameters for the Helm Chart, so it could be the secret name, but not the secret itself (or anything that it resolved).

If you want to use the secret in your container, then you can insert it as an environment variable:

env:
- name: SECRET_VALUE_ENV
  valueFrom:
    secretKeyRef:
      name: schemapass
      key: password

You can check more in the Hazelcast Enterprise Helm Chart. We do exactly that. You specify the secret name in values.yaml and then the secret is injected into the container using environment variable.

于 2019-10-21T08:48:41.077 回答
0

您可以通过在容器中将 K8S 值指定为环境变量来引用 Helm 中的 K8S 值(无论是否机密)。

让您的部署成为 mongo.yml

--
kind: Deployment
   --
      --
      containers:
        --
        env:
        - name: DB_URL
          valueFrom:
            configMapKeyRef:
              name: mongo-config
              key: mongo-url
        - name: MONGO_INITDB_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mongo-secret
              key: mongo-password

mongo-secret 在哪里

apiVersion: v1
kind: Secret
metadata:
  name: mongo-secret
type: Opaque
data:
  mongo-user: bW9uZ291c2Vy
  mongo-password: bW9uZ29wYXNzd29yZA==

和 mongo-config 是

apiVersion: v1
kind: ConfigMap
metadata:
  name: mongo-config
data:
  mongo-url: mongo-service
于 2021-12-22T18:50:34.757 回答