问题描述
在布莱恩(Bryan)的一生中,我该怎么做?
For the life of Bryan, how do I do this?
Terraform
用于在GCP中创建SQL Server实例.根密码和用户密码是随机生成的,然后放入Google Secret Manager中.数据库的IP通过私有DNS区域公开.
Terraform
is used to create an SQL Server instance in GCP.Root password and user passwords are randomly generated, then put into the Google Secret Manager.The DB's IP is exposed via private DNS zone.
我现在如何获取用户名和密码来访问数据库到我的K8s集群中?在此处运行Spring Boot应用.
How can I now get the username and password to access the DB into my K8s cluster? Running a Spring Boot app here.
这是我想到的一种选择:
This was one option I thought of:
在我的部署中,我添加一个 initContainer
:
In my deployment I add an initContainer
:
- name: secrets
image: gcr.io/google.com/cloudsdktool/cloud-sdk
args:
- echo "DB_PASSWORD=$(gcloud secrets versions access latest --secret=\"$NAME_OF_SECRET\")" >> super_secret.env
好的,现在怎么办?如何从这里将其放入我的应用程序容器?
Okay, what now? How do I get it into my application container from here?
还有其他选项,例如 bitnami/sealed-secrets
,我不喜欢这些选项,因为安装程序已经在使用 Terraform
并将秘密保存在GCP中.使用 sealed-secrets
时,我可以跳过使用机密管理器.与 Vault
IMO相同.
There are also options like bitnami/sealed-secrets
, which I don't like since the setup is using Terraform
already and saving the secrets in GCP. When using sealed-secrets
I could skip using the secrets manager. Same with Vault
IMO.
推荐答案
您可以使用 spring-cloud-gcp-starter-secretmanager
从Spring应用程序本身加载机密.
You can use spring-cloud-gcp-starter-secretmanager
to load secrets from Spring application itself.
文档- https://cloud.spring.io/spring-cloud-gcp/reference/html/#secret-manager
这篇关于如何使用Spring Boot将Google Secret Manager中的机密作为环境变量注入Kubernetes Pod中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!