如何通过声明式管道将 k8s 密钥值传递给 Jenkins
How to pass k8s secret key value into Jenkins via Declarative pipeline
我想使用声明式管道在 Jenkins 作业中传递 Kubernetes 密钥和值。
我正在尝试使用 pod 模板读取 k8s 秘密值。
配置了 k8s 插件,镜像设置了环境变量。我需要用 k8s secret 覆盖环境值。
K8S-秘密:
spec:
containers:
- env:
- name: K8S-SECRET
valueFrom:
secretKeyRef:
key: USERNAME
name: PASSWORD
詹金斯管道:
pipeline {
agent {
kubernetes {
label 'docker'
envVars: [containersecretEnvVar(key: 'USERNAME', value:'PASSWORD')]
}
}
environment {
BRANCH = 'origin/master'
PROJECT_NAME = 'k8s'
}
stages{
stage('print k8s secret'){
steps {
echo "k8s_secret_name: ${env.k8s_secret_name}"
echo "k8s_secret_valie: ${env.k8s_secret_value}"
}
}
}
}
为澄清起见,我发布了来自评论部分的社区维基答案。
为解决该问题,发帖人创建了以下代码:
podTemplate(inheritFrom: 'docker', containers: [
containerTemplate( name: "jnlp", image: "<image_name>",
envVars: [
envVar(key: "NAME", value: "custom_env"),
secretEnvVar(key: "SECRET_ENV", secretName: "K8S-SECRET", secretKey: "USERNAME")
]) ] ){
node(POD_LABEL) {
step {
sh 'echo ${TOKEN}'
...
}
}
在此解决方案中使用了 PodTemplates。在 this documentation 中可以找到更多相关信息:
Pod templates are used to create agents. They can be either configured via the user interface, or in a pipeline, using the podTemplate step.
在这里您可以找到如何define a podTemplate to use in the kubernetes plugin。
另请参阅描述 podTemplate 的 this documentation。
Controllers for workload resources create Pods from a pod template and manage those Pods on your behalf.
PodTemplates are specifications for creating Pods, and are included in workload resources such as Deployments, Jobs, and DaemonSets.
Each controller for a workload resource uses the PodTemplate inside the workload object to make actual Pods. The PodTemplate is part of the desired state of whatever workload resource you used to run your app.
我想使用声明式管道在 Jenkins 作业中传递 Kubernetes 密钥和值。
我正在尝试使用 pod 模板读取 k8s 秘密值。 配置了 k8s 插件,镜像设置了环境变量。我需要用 k8s secret 覆盖环境值。
K8S-秘密:
spec:
containers:
- env:
- name: K8S-SECRET
valueFrom:
secretKeyRef:
key: USERNAME
name: PASSWORD
詹金斯管道:
pipeline {
agent {
kubernetes {
label 'docker'
envVars: [containersecretEnvVar(key: 'USERNAME', value:'PASSWORD')]
}
}
environment {
BRANCH = 'origin/master'
PROJECT_NAME = 'k8s'
}
stages{
stage('print k8s secret'){
steps {
echo "k8s_secret_name: ${env.k8s_secret_name}"
echo "k8s_secret_valie: ${env.k8s_secret_value}"
}
}
}
}
为澄清起见,我发布了来自评论部分的社区维基答案。
为解决该问题,发帖人创建了以下代码:
podTemplate(inheritFrom: 'docker', containers: [
containerTemplate( name: "jnlp", image: "<image_name>",
envVars: [
envVar(key: "NAME", value: "custom_env"),
secretEnvVar(key: "SECRET_ENV", secretName: "K8S-SECRET", secretKey: "USERNAME")
]) ] ){
node(POD_LABEL) {
step {
sh 'echo ${TOKEN}'
...
}
}
在此解决方案中使用了 PodTemplates。在 this documentation 中可以找到更多相关信息:
Pod templates are used to create agents. They can be either configured via the user interface, or in a pipeline, using the
podTemplatestep.
在这里您可以找到如何define a podTemplate to use in the kubernetes plugin。
另请参阅描述 podTemplate 的 this documentation。
Controllers for workload resources create Pods from a pod template and manage those Pods on your behalf.
PodTemplates are specifications for creating Pods, and are included in workload resources such as Deployments, Jobs, and DaemonSets.
Each controller for a workload resource uses the
PodTemplateinside the workload object to make actual Pods. ThePodTemplateis part of the desired state of whatever workload resource you used to run your app.