我正在尝试部署一个mariadb部署,我有GCP Secret Manager中的root密码,并存储在一个卷挂载中。我需要一种方法来给予env var提供该文件中的值,请检查第38行。我在网上找不到,有Secret和ConfigMap,但这些对我来说不是一个选择。
6ju8rftf1#
有一种方法可以创建一个secret或configmap,使用一个可以在Kubernetes上创建和更新资源的Job。我想你可以将它修改为一个init容器。服务帐户、角色和角色绑定:
apiVersion: v1 kind: ServiceAccount metadata: name: secret-creator --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: secret-creator rules: - apiGroups: [""] resources: ["secrets"] verbs: ["create", "update", "get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: secret-creator subjects: - kind: User name: system:serviceaccount:default:secret-creator apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: secret-creator apiGroup: rbac.authorization.k8s.io
职务:
apiVersion: batch/v1 kind: Job metadata: name: secret-creator spec: template: metadata: spec: volumes: - name: cert-volume persistentVolumeClaim: claimName: my-existent-pvc serviceAccountName: secret-creator serviceAccount: secret-creator containers: - image: bitnami/kubectl name: secret-creator command: - /bin/bash - -c args: - kubectl create secret generic app-x-secret --from-file=/etc/sec/key.pem resources: {} volumeMounts: - name: cert-volume mountPath: /etc/sec/key.pem subPath: key.pem restartPolicy: Never
部署:
apiVersion: apps/v1 kind: Deployment metadata: labels: app: app name: app spec: replicas: 1 selector: matchLabels: app: app template: metadata: labels: app: app spec: containers: - image: bitnami/bitnami-shell name: app command: - /bin/bash - -c args: - sleep 360 env: - name: APP_PASSWORD valueFrom: secretKeyRef: name: app-x-secret key: key.pem
给定值:https://github.com/marcosrosse/k8s-secret-from-volume
1条答案
按热度按时间6ju8rftf1#
有一种方法可以创建一个secret或configmap,使用一个可以在Kubernetes上创建和更新资源的Job。我想你可以将它修改为一个init容器。
服务帐户、角色和角色绑定:
职务:
部署:
给定值:https://github.com/marcosrosse/k8s-secret-from-volume