我目前有一个Jenkins管道构建一个应用程序,但是我遇到了一个问题,将服务器密钥(cert)注入到YAML文件中。服务器密钥已经添加到Jenkins上的凭据管理器中,我正在通过一个变量(withCredentials)拉取它。拉取它不是问题,简单地注入它,这样它就可以被服务器读取了。
作为参考,YAML文件如下所示:
edge:
[...]
certificates:
ingress:
name: certs
key: |
------BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
[...]
而证书看起来像(是的,一个里面有很多):
-----BEGIN CERTIFICATE-----
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
-----END CERTIFICATE-----
我的Python脚本
import yaml
import os
with open("file.yaml") as f:
y = yaml.load(f)
y["edge"]["certificates"]["ingress"]["key"] = os.getenv("KEY_CERT")
with open("file.yaml", "w") as f:
yaml.dump(y, f)
我通过shell执行它,如下所示:
python -c 'exec """\nimport yaml\nimport os\n\nwith open("file.yaml") as f:\n y = yaml.load(f)\n y["edge"]["certificates"]["ingress"]["key"] = os.getenv("KEY_CERT")\n\nwith open("file.yaml", "w") as f:\n yaml.dump(y, f)\n"""'
服务器记录:边缘:10808:无法从/etc/proxy/tls/sidecar/ca. crt加载可信CA证书
它在服务器上的外观:
-----BEGIN CERTIFICATE----- TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT
TEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXTTEXT -----END CERTIFICATE-----
所以这真的有关系吗?我该怎么去解决它...
(or如果还有其他方法可以将证书注入到YAML文件中,那就太好了!)
最初,它都是硬编码的,但当然出于安全考虑,在生产环境中不能硬编码。
我访问过一些其他的StackOverflow响应,但是没有一个提到注入遵循常规YAML文件中所示的传统格式的证书。
我希望服务器能够接收证书。
2条答案
按热度按时间3bygqnnd1#
不幸的是,我不知道这个问题的解决方案,一个解决方案是简单地运行一些shell命令来生成证书并通过该方法注入它们。
不能真正扩展其他细节,因为它是特定于整个项目(它如何与RH和其他组件交互)。
vnzz0bqm2#
没有证书不需要缩进。它们只需要从YAML文档中加载,加载的程序可以使用它们。如果必须是多行字符串的形式,你可以选择在YAML中使用带引号的标量。它可以把所有东西放在一条线上(其中
\n
用于换行。另一个选项是使用文字标量(仅在块样式中可用),如示例所示,这样的标量需要缩进。如果您只需要一个标量(字符串)作为文本样式标量,我建议您使用ruamel.yaml和它的
LiteralScalarString
来设置值,然后转储。