有没有办法让 Helm 子图中的 randAlphaNum 值保持一致?

问题描述 投票:0回答:3

我有一个主图表,可以在 _helpers.ptl 中生成随机密码。这个随机密码需要被多个子chart(db和app)使用。

在主图表的_helpers.ptl中:

{{/* Generate db credentials */}}
{{- define "test.dbCredentials" -}}
dbUser: {{ randAlphaNum 16 | quote }}
dbPass: {{ randAlphaNum 32 | quote }}
{{- end }}

主图表的configmap.yml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Release.Name }}-configmap
data:
  {{- include "test.dbCredentials" . | nindent 2 }}

子图的configmap.yml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Release.Name }}-configmap
data:
  {{- include "test.dbCredentials" . | nindent 2 }}

当我调试这个时,主图和子图的凭据是不同的。有没有办法在主图中生成随机值,并将精确值传递给多个子图?

kubernetes-helm
3个回答
1
投票

我设法通过将生成的随机字符串存储在 

.Release
对象中找到了解决方案。与 
.Values
不同,主图表和子图表似乎保持不变。另外,在我的例子中,是子图生成了密码,但它认为它应该以任何方式工作:

{{- define "generate_static_password" -}}
{{- /* Create "tmp_vars" dict inside ".Release" to store various stuff. */ -}}
{{- if not (index .Release "tmp_vars") -}}
{{-   $_ := set .Release "tmp_vars" dict -}}
{{- end -}}
{{- /* Some random ID of this password, in case there will be other random values alongside this instance. */ -}}
{{- $key := printf "%s_%s" .Release.Name "password" -}}
{{- /* If $key does not yet exist in .Release.tmp_vars, then... */ -}}
{{- if not (index .Release.tmp_vars $key) -}}
{{- /* ... store random password under the $key */ -}}
{{-   $_ := set .Release.tmp_vars $key (randAlphaNum 20) -}}
{{- end -}}
{{- /* Retrieve previously generated value. */ -}}
{{- index .Release.tmp_vars $key -}}
{{- end -}}
0
投票

我需要做一些非常类似的事情:生成一个随机密码,然后将其存储为秘密,但同时使用 bcrypt 对其进行哈希处理以进行部署本身。在尝试了一切之后,包括herehere描述的所有解决方案,我发现完成这项工作的唯一方法是使用单个文件。就我而言,我必须在同一个图表中创建密码、哈希、秘密和部署。这是我如何做到这一点的示例摘录:

{{- $adminPassword := randAlphaNum 42 -}}

# This secret is used to store the user credentials generated.
apiVersion: v1
kind: Secret
metadata:
    name: "{{ include "app.fullname" . }}-passwords"
    labels:
    {{- include "app.labels" . | nindent 4 }}
type: Opaque
data:
    adminpassword: {{ $adminPassword | b64enc | quote }}

---

# Main Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
    name: "{{ include "app.fullname" . }}"
spec:
    replicas: 1
    template:
        spec:
            containers:
                - name: "{{ include "app.fullname" . }}-instance"
                  image: "{{ .Values.image.name }}"
                  env:
                      # Full admin user.  
                      - name: USERS_ADMIN_USERNAME
                        value: {{ .Values.authentication.users.adminUsername  | quote}}
                      - name: USERS_ADMIN_PASSWORD
                        value: {{(htpasswd "BCRYPT" $adminPassword )  | quote }}
0
投票

我找到了一个答案,它创建true随机数据并且对于每次升级都是一致的。您可以使用

lookup
功能:

{{- $secretName := printf "%s-%s" (include "mychart.fullname" .) "random" -}}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $secretName }}
  labels:
    app: {{ template "mychart.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
data:
  {{- if (lookup "v1" "Secret" .Release.Namespace $secretName).data }}
  token: {{ (lookup "v1" "Secret" .Release.Namespace $secretName).data.token }}
  {{ else }}
  token: {{ randAlphaNum 16 | b64enc }}
  {{ end }}

它检查 Secret 是否已经存在,如果不存在,它会生成一个随机字符串。

注意: 这不适用于空运行或 helm 模板命令,因为它需要访问集群。您还需要有权读取和修改机密。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.