我有一个主图表,可以在 _helpers.ptl 中生成随机密码。这个随机密码需要被多个子chart(db和app)使用。
在主图表的_helpers.ptl中:
{{/* Generate db credentials */}}
{{- define "test.dbCredentials" -}}
dbUser: {{ randAlphaNum 16 | quote }}
dbPass: {{ randAlphaNum 32 | quote }}
{{- end }}
主图表的configmap.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
data:
{{- include "test.dbCredentials" . | nindent 2 }}
子图的configmap.yml:
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-configmap
data:
{{- include "test.dbCredentials" . | nindent 2 }}
当我调试这个时,主图和子图的凭据是不同的。有没有办法在主图中生成随机值,并将精确值传递给多个子图?
我设法通过将生成的随机字符串存储在
.Release
对象中找到了解决方案。与 .Values
不同,主图表和子图表似乎保持不变。另外,在我的例子中,是子图生成了密码,但它认为它应该以任何方式工作:
{{- define "generate_static_password" -}}
{{- /* Create "tmp_vars" dict inside ".Release" to store various stuff. */ -}}
{{- if not (index .Release "tmp_vars") -}}
{{- $_ := set .Release "tmp_vars" dict -}}
{{- end -}}
{{- /* Some random ID of this password, in case there will be other random values alongside this instance. */ -}}
{{- $key := printf "%s_%s" .Release.Name "password" -}}
{{- /* If $key does not yet exist in .Release.tmp_vars, then... */ -}}
{{- if not (index .Release.tmp_vars $key) -}}
{{- /* ... store random password under the $key */ -}}
{{- $_ := set .Release.tmp_vars $key (randAlphaNum 20) -}}
{{- end -}}
{{- /* Retrieve previously generated value. */ -}}
{{- index .Release.tmp_vars $key -}}
{{- end -}}
我需要做一些非常类似的事情:生成一个随机密码,然后将其存储为秘密,但同时使用 bcrypt 对其进行哈希处理以进行部署本身。在尝试了一切之后,包括here和here描述的所有解决方案,我发现完成这项工作的唯一方法是使用单个文件。就我而言,我必须在同一个图表中创建密码、哈希、秘密和部署。这是我如何做到这一点的示例摘录:
{{- $adminPassword := randAlphaNum 42 -}}
# This secret is used to store the user credentials generated.
apiVersion: v1
kind: Secret
metadata:
name: "{{ include "app.fullname" . }}-passwords"
labels:
{{- include "app.labels" . | nindent 4 }}
type: Opaque
data:
adminpassword: {{ $adminPassword | b64enc | quote }}
---
# Main Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ include "app.fullname" . }}"
spec:
replicas: 1
template:
spec:
containers:
- name: "{{ include "app.fullname" . }}-instance"
image: "{{ .Values.image.name }}"
env:
# Full admin user.
- name: USERS_ADMIN_USERNAME
value: {{ .Values.authentication.users.adminUsername | quote}}
- name: USERS_ADMIN_PASSWORD
value: {{(htpasswd "BCRYPT" $adminPassword ) | quote }}
我找到了一个答案,它创建true随机数据并且对于每次升级都是一致的。您可以使用
lookup
功能:
{{- $secretName := printf "%s-%s" (include "mychart.fullname" .) "random" -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
labels:
app: {{ template "mychart.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
data:
{{- if (lookup "v1" "Secret" .Release.Namespace $secretName).data }}
token: {{ (lookup "v1" "Secret" .Release.Namespace $secretName).data.token }}
{{ else }}
token: {{ randAlphaNum 16 | b64enc }}
{{ end }}
它检查 Secret 是否已经存在,如果不存在,它会生成一个随机字符串。
注意: 这不适用于空运行或 helm 模板命令,因为它需要访问集群。您还需要有权读取和修改机密。