如何将 kubernetes 机密设置为 json 对象
How to set kubernetes secrets to json object
我目前正在为 Firebase Admin SDK 构建 API,我想将 Admin SDK 凭据文件作为秘密存储在 Kubernetes 中。
这是 google 中关于如何使用凭据文件的示例:
var admin = require("firebase-admin");
var serviceAccount = require("path/to/serviceAccountKey.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: "https://test.firebaseio.com"
});
凭据在 serviceAccountKey.json.
文件内容如下所示:
{
"type": "service_account",
"project_id": "test",
"private_key_id": "3455dj555599993n5d425j878999339393po6",
"private_key": "-----BEGIN PRIVATE KEY-----\lkjsfdjlsjfsjflksjfklsjkljklfsjfksjkdjskljflk;sjflskjfklsjdljhijshdkjfhsjfhjsb2223b3==\n-----END PRIVATE KEY-----\n",
"client_email": "firebase-adminsdk@test.iam.gserviceaccount.com",
"client_id": "123334444555556665478884",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk%40test.iam.gserviceaccount.com"
}
我已经有这个文件用于我的其他秘密:
apiVersion: v1
kind: Secret
metadata:
name: paisecret
type: Opaque
stringData:
MONGODB_PASSWORD: "sjldkjsjdfklsl"
MONGODB_USERNAME: "prod_user"
MONGODB_HOST: "test.azure.mongodb.net"
我想将 serviceAccountKey.json 或其内容添加到上面的秘密文件中,如果可能的话,我想在 API 中访问它,如下所示:process.env.FIREBASE_ADMIN
如果问题只是如何将其作为字符串包含在 Secret 中,您可以简单地将其添加为多行字符串。
apiVersion: v1
kind: Secret
metadata:
name: paisecret
type: Opaque
stringData:
MONGODB_PASSWORD: "sjldkjsjdfklsl"
MONGODB_USERNAME: "prod_user"
MONGODB_HOST: "test.azure.mongodb.net"
FIREBASE_ADMIN: >
{
"type": "service_account",
"project_id": "test",
"private_key_id": "3455dj555599993n5d425j878999339393po6",
"private_key": "-----BEGIN PRIVATE KEY-----\lkjsfdjlsjfsjflksjfklsjkljklfsjfksjkdjskljflk;sjflskjfklsjdljhijshdkjfhsjfhjsb2223b3==\n-----END PRIVATE KEY-----\n",
"client_email": "firebase-adminsdk@test.iam.gserviceaccount.com",
"client_id": "123334444555556665478884",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk%40test.iam.gserviceaccount.com"
}
我目前正在为 Firebase Admin SDK 构建 API,我想将 Admin SDK 凭据文件作为秘密存储在 Kubernetes 中。
这是 google 中关于如何使用凭据文件的示例:
var admin = require("firebase-admin");
var serviceAccount = require("path/to/serviceAccountKey.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: "https://test.firebaseio.com"
});
凭据在 serviceAccountKey.json.
文件内容如下所示:
{
"type": "service_account",
"project_id": "test",
"private_key_id": "3455dj555599993n5d425j878999339393po6",
"private_key": "-----BEGIN PRIVATE KEY-----\lkjsfdjlsjfsjflksjfklsjkljklfsjfksjkdjskljflk;sjflskjfklsjdljhijshdkjfhsjfhjsb2223b3==\n-----END PRIVATE KEY-----\n",
"client_email": "firebase-adminsdk@test.iam.gserviceaccount.com",
"client_id": "123334444555556665478884",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk%40test.iam.gserviceaccount.com"
}
我已经有这个文件用于我的其他秘密:
apiVersion: v1
kind: Secret
metadata:
name: paisecret
type: Opaque
stringData:
MONGODB_PASSWORD: "sjldkjsjdfklsl"
MONGODB_USERNAME: "prod_user"
MONGODB_HOST: "test.azure.mongodb.net"
我想将 serviceAccountKey.json 或其内容添加到上面的秘密文件中,如果可能的话,我想在 API 中访问它,如下所示:process.env.FIREBASE_ADMIN
如果问题只是如何将其作为字符串包含在 Secret 中,您可以简单地将其添加为多行字符串。
apiVersion: v1
kind: Secret
metadata:
name: paisecret
type: Opaque
stringData:
MONGODB_PASSWORD: "sjldkjsjdfklsl"
MONGODB_USERNAME: "prod_user"
MONGODB_HOST: "test.azure.mongodb.net"
FIREBASE_ADMIN: >
{
"type": "service_account",
"project_id": "test",
"private_key_id": "3455dj555599993n5d425j878999339393po6",
"private_key": "-----BEGIN PRIVATE KEY-----\lkjsfdjlsjfsjflksjfklsjkljklfsjfksjkdjskljflk;sjflskjfklsjdljhijshdkjfhsjfhjsb2223b3==\n-----END PRIVATE KEY-----\n",
"client_email": "firebase-adminsdk@test.iam.gserviceaccount.com",
"client_id": "123334444555556665478884",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk%40test.iam.gserviceaccount.com"
}