传递 Docker 参数环境以使用 helm 在 k8s 中部署
Pass Docker argument environment to deploy in k8s using helm
我需要一个信息,我整天都在尝试没有帮助,非常感谢任何帮助。
这是我的 Dockerfile
FROM amazonlinux:2.0.20181114
RUN yum install -y java-1.8.0-openjdk-headless
# Add jar file to container. JAR_FILE also provided as argument
ARG JAR_FILE='**/*.jar'
ADD ${JAR_FILE} document_service.jar
RUN echo -e ' \n export DATABASENAME=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/databasename --query SecretString --output text` \n echo $DATABASENAME' >> /opt/entrypoint.sh
RUN echo -e ' \n export DATABASEUSER=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/username --query SecretString --output text` \n echo $DATABASEUSER' >> /opt/entrypoint.sh
RUN echo -e ' \n export AWSBUCKETNAME=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/awss3/bucketname --query SecretString --output text` \n echo $AWSBUCKETNAME' >> /opt/entrypoint.sh
RUN echo -e ' \n export AWSACCESSKEY=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/awss3/accesskey --query SecretString --output text` \n echo $AWSACCESSKEY' >> /opt/entrypoint.sh
RUN echo -e ' \n export AWSSECRETKEY=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/awss3/secretkey --query SecretString --output text` \n echo $AWSSECRETKEY' >> /opt/entrypoint.sh
RUN echo -e ' \n export DATABASEPASS=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/password --query SecretString --output text` \n echo $DATABASEPASS \n cd \n java -jar /document_service.jar' >> /opt/entrypoint.sh
ARG env_name
# Run the generated shell script.
ENTRYPOINT ["/opt/entrypoint.sh"]
这是我的 values.yml 文件
replicaCount: 1
#pass repository and targetPort values during runtime
image:
repository:
tag: "latest"
pullPolicy: Always
service:
type: ClusterIP
port: 80
targetPort:
profile: "aws"
cmd:
ArgA: dev
这是我的 deployment.yml 文件
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
#args: [
#"--ArgA={{ .Values.cmd.ArgA }}" ]```
我的 helm 安装命令是
helm upgrade --install $(servicename) -f values_dev.yaml
我的docker构建文件
- download: 'current'
- task: Bash@3
inputs:
targetType: 'inline'
script: |
cd $(Build.SourcesDirectory)/../drop
ls -lrt
ls -lrt target
pwd
echo $MYATHLONTRUST
docker build --no-cache --pull -t ${{ parameters.servicename }}:latest .
docker image ls | head -2
displayName: 'Building Docker Image'
error message and output:
/usr/bin/bash /var/build/Ubuntu0205/_work/_temp/ebf1fa80-e5c1-4b35-9368-75166c468b69.sh
total 48
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 $HOME
drwxr-xr-x 4 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 src
drwxr-xr-x 7 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 target
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 5864 Mar 10 11:55 azure-pipelines.yml
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 248 Mar 10 11:55 Dockerfile.old
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 440 Mar 10 11:55 Dockerfile
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 1072 Mar 10 11:55 entrypoint.sh
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 9547 Mar 10 11:55 pom.xml
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 915 Mar 10 11:55 README.md
total 149932
drwxr-xr-x 2 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 maven-archiver
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 sonar
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 maven-status
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 classes
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 generated-sources
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 90036 Mar 10 11:55 myathlon-restapi-document-service-0.0.1-SNAPSHOT.jar.original
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 153417052 Mar 10 11:56 myathlon-restapi-document-service-0.0.1-SNAPSHOT.jar
/var/build/Ubuntu0205/_work/34/drop
Dependency Updated:
elfutils-libelf.x86_64 0:0.176-2.amzn2 libblkid.x86_64 0:2.30.2-2.amzn2.0.5
libmount.x86_64 0:2.30.2-2.amzn2.0.5 libuuid.x86_64 0:2.30.2-2.amzn2.0.5
Complete!
Error removing intermediate container 46b80034bc4a: No such container: 46b80034bc4ae08bc76c6c75bc081f051c1a0a0494d63c4ec2e1c9cff6ba39cb
---> 68085751f7cd
Step 3/8 : WORKDIR /app # avoid / container root directory
---> Running in 8b75df62cfcf
Error removing intermediate container 46b80034bc4a: No such container: 46b80034bc4ae08bc76c6c75bc081f051c1a0a0494d63c4ec2e1c9cff6ba39cb
---> 536ee4f4ebf6
Step 4/8 : ARG JAR_FILE='**/*.jar'
---> Running in de5054ea9f5b
Error removing intermediate container 46b80034bc4a: No such container: 46b80034bc4ae08bc76c6c75bc081f051c1a0a0494d63c4ec2e1c9cff6ba39cb
---> 8e206092f7c9
Step 5/8 : COPY ${JAR_FILE} document_service.jar # prefer COPY to ADD
COPY failed: file not found in build context or excluded by .dockerignore: stat document_service.jar: file does not exist
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 8e206092f7c9 2 minutes ago 660MB
Finishing: Building Docker Image
我想要实现的是在部署期间,docker 文件变量 env_name 应该替换为环境 dev 或 test 或 acc 。(这应该发生在 docker部署阶段不在构建阶段,因为我计划使用相同的图像进行开发和测试。
所以为了测试,如果我部署为开发构建的相同图像,那么在部署时,它应该获取用于测试的 aws 机密,而不是开发
我尽我所能,但无法弄清楚,1 美元没有被开发价值取代。
非常感谢任何帮助。
谢谢
有两种方法可以在 Dockerfile 中设置环境变量。 ARG values are only visible in RUN instructions, and can't be changed after the image has been built. ENV 值在容器为 运行 时可见(在 ENTRYPOINT/CMD 中)并且在容器为 运行 时可以更改,但不能在构建时直接设置。
由于这是您在容器 运行ning 时尝试设置的值,因此您需要 ENV 而不是 ARG。在您的 Kubernetes 清单中,您可以使用 Pod 规范的 env: setting. (Also Compose environment: 或 docker run -e 选项更改它。)
更具体地说,在 Helm 上下文中,我建议将“环境名称”设为可配置的值,而不是传入 command-line 个参数或环境值的无差别列表。
# values.yaml
# environmentName specifies the environment name used to look up
# secrets in AWS Secrets Manager.
environmentName: dev
然后在部署规范中嵌入的 Pod 规范中,将其添加到 env: 块中。
# charts/myathlon/templates/deployment.yaml
spec:
template:
spec:
containers:
- name: {{ .Chart.Name }}
env:
- name: env_name
value: {{ .Values.environmentName }}
作为清理,我还建议将入口点脚本分解到它自己的脚本文件中,而不是尝试在 Dockerfile 中一次构建一行。这将更易于阅读和维护。
#!/bin/sh
# entrypoint.sh
# Check: $env_name must be set
if [ -z "$env_name" ]; then
echo '$env_name is not set; stopping' >&2
exit 1
fi
# Retrieve secrets from Secrets Manager
export DATABASENAME=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/databasename --query SecretString --output text`
...
export DATABASEPASS=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/password --query SecretString --output text`
# Run the main container CMD
exec "$@"
因为 $env_name 没有默认值,所以不需要在 Dockerfile 中声明任何内容。我在提取的入口点包装器脚本的顶部包含了一个检查,如果它在容器启动时未设置,它将退出。将 Dockerfile 减少为:
FROM amazonlinux:2.0.20181114
RUN yum install -y java-1.8.0-openjdk-headless
WORKDIR /app # avoid / container root directory
ARG JAR_FILE='**/*.jar'
COPY ${JAR_FILE} document_service.jar # prefer COPY to ADD
COPY entrypoint.sh . # also COPY in entrypoint script
ENTRYPOINT ["/app/entrypoint.sh"] # split ENTRYPOINT wrapper from
CMD ["java", "-jar", "/app/document_service.jar"] # main CMD
我需要一个信息,我整天都在尝试没有帮助,非常感谢任何帮助。
这是我的 Dockerfile
FROM amazonlinux:2.0.20181114
RUN yum install -y java-1.8.0-openjdk-headless
# Add jar file to container. JAR_FILE also provided as argument
ARG JAR_FILE='**/*.jar'
ADD ${JAR_FILE} document_service.jar
RUN echo -e ' \n export DATABASENAME=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/databasename --query SecretString --output text` \n echo $DATABASENAME' >> /opt/entrypoint.sh
RUN echo -e ' \n export DATABASEUSER=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/username --query SecretString --output text` \n echo $DATABASEUSER' >> /opt/entrypoint.sh
RUN echo -e ' \n export AWSBUCKETNAME=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/awss3/bucketname --query SecretString --output text` \n echo $AWSBUCKETNAME' >> /opt/entrypoint.sh
RUN echo -e ' \n export AWSACCESSKEY=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/awss3/accesskey --query SecretString --output text` \n echo $AWSACCESSKEY' >> /opt/entrypoint.sh
RUN echo -e ' \n export AWSSECRETKEY=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/awss3/secretkey --query SecretString --output text` \n echo $AWSSECRETKEY' >> /opt/entrypoint.sh
RUN echo -e ' \n export DATABASEPASS=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/password --query SecretString --output text` \n echo $DATABASEPASS \n cd \n java -jar /document_service.jar' >> /opt/entrypoint.sh
ARG env_name
# Run the generated shell script.
ENTRYPOINT ["/opt/entrypoint.sh"]
这是我的 values.yml 文件
replicaCount: 1
#pass repository and targetPort values during runtime
image:
repository:
tag: "latest"
pullPolicy: Always
service:
type: ClusterIP
port: 80
targetPort:
profile: "aws"
cmd:
ArgA: dev
这是我的 deployment.yml 文件
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
#args: [
#"--ArgA={{ .Values.cmd.ArgA }}" ]```
我的 helm 安装命令是
helm upgrade --install $(servicename) -f values_dev.yaml
我的docker构建文件
- download: 'current'
- task: Bash@3
inputs:
targetType: 'inline'
script: |
cd $(Build.SourcesDirectory)/../drop
ls -lrt
ls -lrt target
pwd
echo $MYATHLONTRUST
docker build --no-cache --pull -t ${{ parameters.servicename }}:latest .
docker image ls | head -2
displayName: 'Building Docker Image'
error message and output:
/usr/bin/bash /var/build/Ubuntu0205/_work/_temp/ebf1fa80-e5c1-4b35-9368-75166c468b69.sh
total 48
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 $HOME
drwxr-xr-x 4 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 src
drwxr-xr-x 7 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 target
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 5864 Mar 10 11:55 azure-pipelines.yml
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 248 Mar 10 11:55 Dockerfile.old
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 440 Mar 10 11:55 Dockerfile
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 1072 Mar 10 11:55 entrypoint.sh
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 9547 Mar 10 11:55 pom.xml
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 915 Mar 10 11:55 README.md
total 149932
drwxr-xr-x 2 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 maven-archiver
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 sonar
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 maven-status
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 classes
drwxr-xr-x 3 srv-vstsagent srv-vstsagent 4096 Mar 10 11:19 generated-sources
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 90036 Mar 10 11:55 myathlon-restapi-document-service-0.0.1-SNAPSHOT.jar.original
-rw-r--r-- 1 srv-vstsagent srv-vstsagent 153417052 Mar 10 11:56 myathlon-restapi-document-service-0.0.1-SNAPSHOT.jar
/var/build/Ubuntu0205/_work/34/drop
Dependency Updated:
elfutils-libelf.x86_64 0:0.176-2.amzn2 libblkid.x86_64 0:2.30.2-2.amzn2.0.5
libmount.x86_64 0:2.30.2-2.amzn2.0.5 libuuid.x86_64 0:2.30.2-2.amzn2.0.5
Complete!
Error removing intermediate container 46b80034bc4a: No such container: 46b80034bc4ae08bc76c6c75bc081f051c1a0a0494d63c4ec2e1c9cff6ba39cb
---> 68085751f7cd
Step 3/8 : WORKDIR /app # avoid / container root directory
---> Running in 8b75df62cfcf
Error removing intermediate container 46b80034bc4a: No such container: 46b80034bc4ae08bc76c6c75bc081f051c1a0a0494d63c4ec2e1c9cff6ba39cb
---> 536ee4f4ebf6
Step 4/8 : ARG JAR_FILE='**/*.jar'
---> Running in de5054ea9f5b
Error removing intermediate container 46b80034bc4a: No such container: 46b80034bc4ae08bc76c6c75bc081f051c1a0a0494d63c4ec2e1c9cff6ba39cb
---> 8e206092f7c9
Step 5/8 : COPY ${JAR_FILE} document_service.jar # prefer COPY to ADD
COPY failed: file not found in build context or excluded by .dockerignore: stat document_service.jar: file does not exist
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 8e206092f7c9 2 minutes ago 660MB
Finishing: Building Docker Image
我想要实现的是在部署期间,docker 文件变量 env_name 应该替换为环境 dev 或 test 或 acc 。(这应该发生在 docker部署阶段不在构建阶段,因为我计划使用相同的图像进行开发和测试。
所以为了测试,如果我部署为开发构建的相同图像,那么在部署时,它应该获取用于测试的 aws 机密,而不是开发
我尽我所能,但无法弄清楚,1 美元没有被开发价值取代。
非常感谢任何帮助。
谢谢
有两种方法可以在 Dockerfile 中设置环境变量。 ARG values are only visible in RUN instructions, and can't be changed after the image has been built. ENV 值在容器为 运行 时可见(在 ENTRYPOINT/CMD 中)并且在容器为 运行 时可以更改,但不能在构建时直接设置。
由于这是您在容器 运行ning 时尝试设置的值,因此您需要 ENV 而不是 ARG。在您的 Kubernetes 清单中,您可以使用 Pod 规范的 env: setting. (Also Compose environment: 或 docker run -e 选项更改它。)
更具体地说,在 Helm 上下文中,我建议将“环境名称”设为可配置的值,而不是传入 command-line 个参数或环境值的无差别列表。
# values.yaml
# environmentName specifies the environment name used to look up
# secrets in AWS Secrets Manager.
environmentName: dev
然后在部署规范中嵌入的 Pod 规范中,将其添加到 env: 块中。
# charts/myathlon/templates/deployment.yaml
spec:
template:
spec:
containers:
- name: {{ .Chart.Name }}
env:
- name: env_name
value: {{ .Values.environmentName }}
作为清理,我还建议将入口点脚本分解到它自己的脚本文件中,而不是尝试在 Dockerfile 中一次构建一行。这将更易于阅读和维护。
#!/bin/sh
# entrypoint.sh
# Check: $env_name must be set
if [ -z "$env_name" ]; then
echo '$env_name is not set; stopping' >&2
exit 1
fi
# Retrieve secrets from Secrets Manager
export DATABASENAME=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/databasename --query SecretString --output text`
...
export DATABASEPASS=`aws secretsmanager get-secret-value --secret-id myathlon/$env_name/nldwh/password --query SecretString --output text`
# Run the main container CMD
exec "$@"
因为 $env_name 没有默认值,所以不需要在 Dockerfile 中声明任何内容。我在提取的入口点包装器脚本的顶部包含了一个检查,如果它在容器启动时未设置,它将退出。将 Dockerfile 减少为:
FROM amazonlinux:2.0.20181114
RUN yum install -y java-1.8.0-openjdk-headless
WORKDIR /app # avoid / container root directory
ARG JAR_FILE='**/*.jar'
COPY ${JAR_FILE} document_service.jar # prefer COPY to ADD
COPY entrypoint.sh . # also COPY in entrypoint script
ENTRYPOINT ["/app/entrypoint.sh"] # split ENTRYPOINT wrapper from
CMD ["java", "-jar", "/app/document_service.jar"] # main CMD