如何在docker运行期间将环境变量从k8s提供给python应用程序
我有一个docker文件,我现在正在其中硬编码env变量,因为它在构建过程中被注入到应用程序中。现在,当应用程序在k8s pod中运行时,我想在运行时注入这些。我试过了,但没用。下面是我的docker文件。这是我第一次使用严肃的python,我不知道如何修复它如何在docker运行期间将环境变量从k8s提供给python应用程序,python,docker,kubernetes,Python,Docker,Kubernetes,我有一个docker文件,我现在正在其中硬编码env变量,因为它在构建过程中被注入到应用程序中。现在,当应用程序在k8s pod中运行时,我想在运行时注入这些。我试过了,但没用。下面是我的docker文件。这是我第一次使用严肃的python,我不知道如何修复它 FROM python:3.7-slim AS build WORKDIR /app COPY . . RUN python3 setup.py bdist_wheel #ENV USE_DB="True" \
FROM python:3.7-slim AS build
WORKDIR /app
COPY . .
RUN python3 setup.py bdist_wheel
#ENV USE_DB="True" \
# DB_USERNAME= \
# DB_HOST= \
# DB_PASSWORD= \
# DB_DB=sth
RUN pip3 install dist/app_search*.whl && \
semanticsearch-preprocess
FROM python:3.7-slim
WORKDIR /opt/srv
COPY --from=build /app/dist/app_search*.whl /opt/srv/
COPY --from=build /tmp/projects* /opt/srv/
# set environment variables to /opt/srv
ENV DICT_FILE="/opt/srv/projects.dict" \
MODEL_FILE="/opt/srv/projects.model.cpickle" \
INDEX_FILE="/opt/srv/projects.index" \
EXTERNAL_INDEX_FILE="/opt/srv/projects.mm.metadata.cpickle"
RUN pip3 install waitress && \
pip3 install app_search*.whl
EXPOSE 5000
ENTRYPOINT [ "waitress-serve" ]
CMD [ "--call", "app_search.app:main" ]
首先在集群中创建k8s configmap或k8s secret(更适合敏感数据)。 然后将k8s部署yaml中的这些值作为pod的环境变量读取 官方文件: 创建秘密yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: "abc-user"
password: "pwd-here"
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
您可以通过pod spec字段将env变量传递给k8s pod:
envapiVersion: v1
kind: Pod
metadata:
name: envar-demo
labels:
purpose: demonstrate-envars
spec:
containers:
- name: envar-demo-container
image: gcr.io/google-samples/node-hello:1.0
env:
- name: DEMO_GREETING
value: "Hello from the environment"
- name: DEMO_FAREWELL
value: "Such a sweet sorrow"