如何将 kubernetes 机密设置为 json 对象

How to set kubernetes secrets to json object

我目前正在为 Firebase Admin SDK 构建 API,我想将 Admin SDK 凭据文件作为秘密存储在 Kubernetes 中。

这是 google 中关于如何使用凭据文件的示例:

var admin = require("firebase-admin");

var serviceAccount = require("path/to/serviceAccountKey.json");

admin.initializeApp({
  credential: admin.credential.cert(serviceAccount),
  databaseURL: "https://test.firebaseio.com"
});

凭据在 serviceAccountKey.json.

文件内容如下所示:

{
  "type": "service_account",
  "project_id": "test",
  "private_key_id": "3455dj555599993n5d425j878999339393po6",
  "private_key": "-----BEGIN PRIVATE KEY-----\lkjsfdjlsjfsjflksjfklsjkljklfsjfksjkdjskljflk;sjflskjfklsjdljhijshdkjfhsjfhjsb2223b3==\n-----END PRIVATE KEY-----\n",
  "client_email": "firebase-adminsdk@test.iam.gserviceaccount.com",
  "client_id": "123334444555556665478884",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk%40test.iam.gserviceaccount.com"
}

我已经有这个文件用于我的其他秘密:

apiVersion: v1
kind: Secret
metadata:
  name: paisecret
type: Opaque
stringData:
    MONGODB_PASSWORD: "sjldkjsjdfklsl"
    MONGODB_USERNAME: "prod_user"
    MONGODB_HOST: "test.azure.mongodb.net"

我想将 serviceAccountKey.json 或其内容添加到上面的秘密文件中,如果可能的话,我想在 API 中访问它,如下所示:process.env.FIREBASE_ADMIN

如果问题只是如何将其作为字符串包含在 Secret 中,您可以简单地将其添加为多行字符串。

apiVersion: v1
kind: Secret
metadata:
  name: paisecret
type: Opaque
stringData:
    MONGODB_PASSWORD: "sjldkjsjdfklsl"
    MONGODB_USERNAME: "prod_user"
    MONGODB_HOST: "test.azure.mongodb.net"
    FIREBASE_ADMIN: >
      {
        "type": "service_account",
        "project_id": "test",
        "private_key_id": "3455dj555599993n5d425j878999339393po6",
        "private_key": "-----BEGIN PRIVATE KEY-----\lkjsfdjlsjfsjflksjfklsjkljklfsjfksjkdjskljflk;sjflskjfklsjdljhijshdkjfhsjfhjsb2223b3==\n-----END PRIVATE KEY-----\n",
        "client_email": "firebase-adminsdk@test.iam.gserviceaccount.com",
        "client_id": "123334444555556665478884",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk%40test.iam.gserviceaccount.com"
      }