Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/visual-studio-2010/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kubernetes 将秘密值/环境变量传递给flexvol选项_Kubernetes_Azure Keyvault_Azure Aks - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Kubernetes 将秘密值/环境变量传递给flexvol选项

Kubernetes 将秘密值/环境变量传递给flexvol选项

kubernetes

Kubernetes 将秘密值/环境变量传递给flexvol选项,kubernetes,azure-keyvault,azure-aks,Kubernetes,Azure Keyvault,Azure Aks,我试图使用k8s机密或使用本地环境中的环境变量来设置flexvol选项值,这可能吗 我可以看到秘密成功挂载,但flexvol无法成功挂载。如果有秘密以外的其他解决方案,请谅解 部署.yaml apiVersion: apps/v1 kind: Deployment metadata: name: my-deployment namespace: default labels: app: my-deployment spec: replicas: 1 selector:

我试图使用k8s机密或使用本地环境中的环境变量来设置flexvol选项值,这可能吗

我可以看到秘密成功挂载,但flexvol无法成功挂载。如果有秘密以外的其他解决方案,请谅解

部署.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
  namespace: default
  labels:
    app: my-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-deployment
  template:
    metadata:
      labels:
        app: my-deployment
    spec:
      containers:
      - image: traefik:1.7.7-alpine
        name: traefik
        livenessProbe:
          tcpSocket:
            port: 80
          failureThreshold: 3
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        volumeMounts:
        - name: certs 
          mountPath: /certs
        ports:
        - name: http
          containerPort: 80
          protocol: TCP
        env:
        - name: KV_NAME
          valueFrom:
            secretKeyRef:
              name: flexvol-var-secret
              key: keyvaultname
        - name: KV_OBJ_NAME
          valueFrom:
            secretKeyRef:
              name: flexvol-var-secret
              key: keyvaultobjectname
        - name: TENANT_ID
          valueFrom:
            secretKeyRef:
              name: flexvol-var-secret
              key: tenantid
        - name: RESOURCE_GROUP
          valueFrom:
            secretKeyRef:
              name: flexvol-var-secret
              key: resourcegroup
        - name: SUB_ID
          valueFrom:
            secretKeyRef:
              name: flexvol-var-secret
              key: subscriptionid
      volumes:
      - name: certs
        flexVolume:
          driver: "azure/kv"
          secretRef:
            name: kvcreds
          options:
            keyvaultname: ${KV_NAME}
            keyvaultobjectname: ${KV_OBJ_NAME}
            keyvaultobjecttype: "secret"
            tenantid: ${TENANT_ID}
            resourcegroup: ${RESOURCE_GROUP}
            subscriptionid: ${SUB_ID}
亚马尔的秘密

kind: Secret
apiVersion: v1
metadata:
  name: flexvol-var-secret
  labels:
    name: flexvol-var-secret
  annotations:
    description: Template for flexVolume variables values
stringData:
  keyvaultname: "###"
  keyvaultobjectname: "###"
  tenantid: ""###"
  resourcegroup: "###"
  subscriptionid: "###"
我一直在研究同样的事情,如果没有外部工具,这是不可能的

问题是flexvolume只从secret获取凭据,而rest被视为配置,需要传入。这里需要做的基本上是变量替换,kubernetes不支持,也不会支持:

好的一面是,您可以使用任何工具将这些值替换为来自env变量、bash/ps脚本以及合适的kubernetes部署解决方案(如helm)的变量

KV flexvolume是开源的,因此也可以修改以处理此用例

我在flexvol repo中发现了一个公开的问题,该问题是关于将keyvault中的秘密作为环境变量装入容器中,而不是使用kubernetes secret装入keyvault:):)如果您发现我的答案有用,请不要忘记向上投票并接受