python项目中通过环境变量的方式使用secret密钥参数(1)
- UID
- 1066743
|
python项目中通过环境变量的方式使用secret密钥参数(1)
创建私密参数secret
方式一 直接设置密钥参数
kubectl create secret generic my-secret --from-literal=mongohost=192.168.30.11 --from-literal=mongoport=27017
方式二 通过yaml创建
需要注意的是通过yaml创建时参数的值需要为base64编码
使用转换方法如下:
$ echo -n "192.168.30.11" | base64
MTkyLjE2OC4zMC4xMQ==
$ echo -n "27017" | base64
MjcwMTc=
$ echo -n "mypassword" | base64
Mjdsdaffdd=
$ echo -n "5600" | base64
NTYwMA==
则创建的secret.yml文件内容如下:
apiVersion: v1
kind: Secret
metadata:
name: test-mgap-module-secret
data:
mongohost: MTkyLjE2OC4zMC4xMQ==
mongoport: MjcwMTc=
mongousername: Mjdsdaffdd=
mongopassword: Mjdsdaffdd=
mysqlhost: MTkyLjE2OC4zMC4xMQ==
mysqlport: NTYwMA==
mysqlusername: Mjdsdaffdd=
mysqlpassword: Mjdsdaffdd=
使用yml文件创建命令如下:
kubectl create -f secret.yml
1
查看密钥
kubectl get secret my-secret -o yaml
1
解码密码字段:
$ echo "MTkyLjE2OC4zMC4xMQ==" | base64 --decode
192.168.30.11
1
2
argo yml中引用secret的密钥
注意my-secret是secret的名称,以及字段的对应
关键配置如下:
env:
- name: MONGO_HOST
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mongohost
- name: MONGO_PORT
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mongoport
完整yml内容参考
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: mgap-module-name-
spec:
entrypoint: diamond
# activeDeadlineSeconds: 300
arguments:
parameters:
- name: chip-id
value: chip_id
- name: chip-version
value: v2_1 # v1.0 v2.0 v2.1
- name: env
value: beta # test beta prod
templates:
- name: diamond
dag:
tasks:
- name: module-step
template: module
arguments:
parameters:
- name: chip-id
value: "{{workflow.parameters.chip-id}}"
- name: chip-version
value: "{{workflow.parameters.chip-version}}"
- name: env
value: "{{workflow.parameters.env}}"
- name: module
retryStrategy:
limit: 20
inputs:
parameters:
- name: chip-id
- name: chip-version
- name: env
container:
image: mydocker/module/module:beta
command: [sh, -c]
args: ["date;cd /root;ls;start;sleep 10m;date"]
env:
- name: MONGO_HOST
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mongohost
- name: MONGO_PORT
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mongoport
- name: MONGO_USERNAME
valueFrom:
secretKeyRef:
name:my-secret # name of an existing k8s secret
key: mongousername
- name: MONGO_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mongopassword
- name: MYSQL_HOST
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mysqlhost
- name: MYSQL_PORT
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mysqlport
- name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mysqlusername
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: my-secret # name of an existing k8s secret
key: mysqlpassword |
|
|
|
|
|