Kubernetes Kustomize:替换补丁文件中的变量
Kubernetes Kustomize: replace variable in patch file
给定以下 kustomize 补丁:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: some-name
args:
- --some-key=some-value
...
- --git-url=https://user:${PASSWORD}@domain.de
我想使用 kubectl apply -k 并以某种方式传递 ${PASSWORD} 的值,我可以从我的构建脚本中设置该值。
到目前为止,我唯一的解决方案是用 sed 替换 ${PASSWORD},但我更喜欢 kustomize 解决方案。
正如@Jonas 已经建议的那样,您应该考虑使用 Secret。 this 文章对此进行了很好的描述。
I want to use kubectl apply -k and somehow pass a value for
${PASSWORD} which I can set from my build script.
我想您的脚本可以将生成的密码存储为变量或将其保存到某个文件中。您可以轻松地创建一个 Secret,如下所示:
$ kustomize edit add secret sl-demo-app --from-literal=db-password=$PASSWORD
或来自文件:
$ kustomize edit add secret sl-demo-app --from-file=file/path
正如您在提到的文章中所读:
These commands will modify your kustomization.yaml and add a
SecretGenerator inside it.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
patchesStrategicMerge:
- custom-env.yaml
- replica-and-rollout-strategy.yaml
secretGenerator:
- literals:
- db-password=12345
name: sl-demo-app
type: Opaque
kustomize build 运行 在您的项目目录中将创建以下 Secret:
apiVersion: v1
data:
db-password: MTIzNDU=
kind: Secret
metadata:
name: sl-demo-app-6ft88t2625
type: Opaque
...
更多细节你可以在article.
中细化
If we want to use this secret from our deployment, we just have, like
before, to add a new layer definition which uses the secret.
For example, this file will mount the db-password value as
environement variables
apiVersion: apps/v1
kind: Deployment
metadata:
name: sl-demo-app
spec:
template:
spec:
containers:
- name: app
env:
- name: "DB_PASSWORD"
valueFrom:
secretKeyRef:
name: sl-demo-app
key: db.password
在您的 Deployment 定义文件中,它可能看起来类似于:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: some-name
env:
- name: "PASSWORD"
valueFrom:
secretKeyRef:
name: git-secret
key: git.password
args:
- --some-key=some-value
...
- --git-url=https://user:${PASSWORD}@domain.de
给定以下 kustomize 补丁:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: some-name
args:
- --some-key=some-value
...
- --git-url=https://user:${PASSWORD}@domain.de
我想使用 kubectl apply -k 并以某种方式传递 ${PASSWORD} 的值,我可以从我的构建脚本中设置该值。
到目前为止,我唯一的解决方案是用 sed 替换 ${PASSWORD},但我更喜欢 kustomize 解决方案。
正如@Jonas 已经建议的那样,您应该考虑使用 Secret。 this 文章对此进行了很好的描述。
I want to use kubectl apply -k and somehow pass a value for ${PASSWORD} which I can set from my build script.
我想您的脚本可以将生成的密码存储为变量或将其保存到某个文件中。您可以轻松地创建一个 Secret,如下所示:
$ kustomize edit add secret sl-demo-app --from-literal=db-password=$PASSWORD
或来自文件:
$ kustomize edit add secret sl-demo-app --from-file=file/path
正如您在提到的文章中所读:
These commands will modify your
kustomization.yamland add aSecretGeneratorinside it.apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization bases: - ../../base patchesStrategicMerge: - custom-env.yaml - replica-and-rollout-strategy.yaml secretGenerator: - literals: - db-password=12345 name: sl-demo-app type: Opaque
kustomize build 运行 在您的项目目录中将创建以下 Secret:
apiVersion: v1
data:
db-password: MTIzNDU=
kind: Secret
metadata:
name: sl-demo-app-6ft88t2625
type: Opaque
...
更多细节你可以在article.
中细化If we want to use this secret from our deployment, we just have, like before, to add a new layer definition which uses the secret.
For example, this file will mount the db-password value as environement variables
apiVersion: apps/v1 kind: Deployment metadata: name: sl-demo-app spec: template: spec: containers: - name: app env: - name: "DB_PASSWORD" valueFrom: secretKeyRef: name: sl-demo-app key: db.password
在您的 Deployment 定义文件中,它可能看起来类似于:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: some-name
env:
- name: "PASSWORD"
valueFrom:
secretKeyRef:
name: git-secret
key: git.password
args:
- --some-key=some-value
...
- --git-url=https://user:${PASSWORD}@domain.de