问题描述

我在Helm图表的模板目录中有我的deployment.yaml文件，其中包含几个将要使用Helm运行的容器的环境变量.

I have my deployment.yaml file within the templates directory of Helm charts with several environment variables for the container I will be running using Helm.

现在，我希望能够从运行头盔的任何计算机上本地提取环境变量，这样我就可以以这种方式隐藏秘密.

Now I want to be able to pull the environment variables locally from whatever machine the helm is ran so I can hide the secrets that way.

当我使用Helm运行应用程序时，该如何传递并让Helm在本地获取环境变量?

How do I pass this in and have helm grab the environment variables locally when I use Helm to run the application?

这是我的deployment.yaml文件的一部分

Here is some part of my deployment.yaml file

...
...
    spec:
      restartPolicy: Always
      containers:
        - name: sample-app
          image: "sample-app:latest"
          imagePullPolicy: Always
          env:
            - name: "USERNAME"
              value: "app-username"
            - name: "PASSWORD"
              value: "28sin47dsk9ik"
...
...

运行头盔时，如何从本地环境变量中提取USERNAME和PASSWORD的值?

How can I pull the value of USERNAME and PASSWORD from local environment variables when I run helm?

这可能吗?如果是，那我该怎么办?

Is this possible? If yes, then how do I do this?

推荐答案

您可以export变量并在运行helm install时使用它.

You can export the variable and use it while running helm install.

在此之前，您必须修改图表，以便安装时该值可以为set.

Before that, you have to modify your chart so that the value can be set while installation.

跳过这一部分(如果您已经知道的话)如何设置模板字段.

Skip this part, if you already know, how to setup template fields.

由于您不想公开数据，因此最好将其另存为kubernetes中的秘密.

As you don't want to expose the data, so it's better to have it saved as secret in kubernetes.

首先，在您的Values文件中添加这两行，以便可以从外部设置这两个值.

First of all, add this two lines in your Values file, so that these two values can be set from outside.

username: root
password: password

现在，在template文件夹中添加一个secret.yaml文件.然后，将此代码段复制到该文件中.

Now, add a secret.yaml file inside your template folder. and, copy this code snippet into that file.

apiVersion: v1
kind: Secret
metadata:
  name: {{ .Release.Name }}-auth
data:
  password: {{ .Values.password | b64enc }}
  username: {{ .Values.username | b64enc }}

现在调整您的部署yaml模板，并在env部分进行更改，就像这样

Now tweak your deployment yaml template and make changes in env section, like this

...
...
    spec:
      restartPolicy: Always
      containers:
        - name: sample-app
          image: "sample-app:latest"
          imagePullPolicy: Always
          env:
          - name: "USERNAME"
            valueFrom:
              secretKeyRef:
                key:  username
                name: {{ .Release.Name }}-auth
          - name: "PASSWORD"
            valueFrom:
              secretKeyRef:
                key:  password
                name: {{ .Release.Name }}-auth
...
...

如果您已正确修改模板的--set标志，您可以使用环境变量进行设置.

If you have modified your template correctly for --set flag,you can set this using environment variable.

$ export USERNAME=root-user

现在在运行helm install时使用此变量，

Now use this variable while running helm install,

$ helm install --set username=$USERNAME ./mychart

如果在dry-run模式下运行此helm install，则可以验证更改，

If you run this helm install in dry-run mode, you can verify the changes,

$ helm install --dry-run --set username=$USERNAME --debug ./mychart
[debug] Created tunnel using local port: '44937'

[debug] SERVER: "127.0.0.1:44937"

[debug] Original chart version: ""
[debug] CHART PATH: /home/maruf/go/src/github.com/the-redback/kubernetes-yaml-drafts/helm-charts/mychart

NAME:   irreverant-meerkat
REVISION: 1
RELEASED: Fri Apr 20 03:29:11 2018
CHART: mychart-0.1.0
USER-SUPPLIED VALUES:
username: root-user

COMPUTED VALUES:
password: password
username: root-user

HOOKS:
MANIFEST:

---
# Source: mychart/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: irreverant-meerkat-auth
data:
  password: password
  username: root-user
---
# Source: mychart/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: irreverant-meerkat
  labels:
    app: irreverant-meerkat
spec:
  replicas: 1
  template:
    metadata:
      name: irreverant-meerkat
      labels:
        app: irreverant-meerkat
    spec:
      containers:
      - name: irreverant-meerkat
        image: alpine
        env:
        - name: "USERNAME"
          valueFrom:
            secretKeyRef:
              key:  username
              name: irreverant-meerkat-auth
        - name: "PASSWORD"
          valueFrom:
            secretKeyRef:
              key:  password
              name: irreverant-meerkat-auth

        imagePullPolicy: IfNotPresent
      restartPolicy: Always
  selector:
    matchLabels:
      app: irreverant-meerkat

您可以看到秘密用户名的数据已更改为root-user.

You can see that the data of username in secret has changed to root-user.

我添加了此示例进入github存储库.

I have added this example into github repo.

kubernetes/helm 回购中也对此进行了一些讨论.您可以看到此问题，以了解使用环境变量的所有其他方式.

There is also some discussion in kubernetes/helm repo regarding this. You can see this issue to know about all other ways to use environment variables.

这篇关于如何使用Helm图表提取环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！