时间戳

首页 > 解决方案 > 如何在 nodejs 应用程序中使用 kubernetes 机密?

node.js - 如何在 nodejs 应用程序中使用 kubernetes 机密?

问题描述

我在gcp上有一个kubernetes 集群,运行我的expressnode.js应用程序,使用.CRUDMongoDB

我创建了一个秘密,包含usernamepassword,与我的文件中mongoDB指定的秘密连接。现在我的问题是“如何在节点 js 应用程序中访问该用户名和密码以连接 mongoDB ”。environmentkubernetes yml

我试过了process.env.SECRET_USERNAMEprocess.env.SECRET_PASSWORDNode.JS应用程序中,它正在抛出undefined.

任何想法都会受到赞赏。

秘密.yaml

 apiVersion: v1

  data:

     password: pppppppppppp==

     username: uuuuuuuuuuuu==

kind: Secret

metadata:

 creationTimestamp: 2018-07-11T11:43:25Z

 name: test-mongodb-secret

 namespace: default

 resourceVersion: "00999"

 selfLink: /api-path-to/secrets/test-mongodb-secret

 uid: 0900909-9090saiaa00-9dasd0aisa-as0a0s-

 type: Opaque

Kubernetes.yaml

 apiVersion: extensions/v1beta1
 
kind: Deployment

metadata:

annotations:deployment.kubernetes.io/

revision: "4"

creationTimestamp: 2018-07-11T11:09:45Z

generation: 5

labels:
    name: test
 name: test
 namespace: default
 resourceVersion: "90909"
 selfLink: /api-path-to/default/deployments/test
 uid: htff50d-8gfhfa-11egfg-9gf1-42010gffgh0002a
spec:
  replicas: 1
   selector:
   matchLabels:
   name: test
 strategy:
    rollingUpdate:
     maxSurge: 1
     maxUnavailable: 1
    type: RollingUpdate
  template:
     metadata:
      creationTimestamp: null
  labels:
    name: test
  spec:
    containers:
  - env:
    - name: SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          key: username
          name: test-mongodb-secret
    - name: SECRET_PASSWORD
      valueFrom:
        secretKeyRef:
          key: password
          name: test-mongodb-secret
    image: gcr-image/env-test_node:latest
    imagePullPolicy: Always
    name: env-test-node
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
  dnsPolicy: ClusterFirst
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  terminationGracePeriodSeconds: 30
 
  status:
   availableReplicas: 1
   conditions:
  - lastTransitionTime: 2018-07-11T11:10:18Z
     lastUpdateTime: 2018-07-11T11:10:18Z
    message: Deployment has minimum availability.
     reason: MinimumReplicasAvailable
    status: "True"
     type: Available
     observedGeneration: 5
      readyReplicas: 1
      replicas: 1
      updatedReplicas: 1

标签: node.jsmongodbexpresskubernetes

解决方案

您的kubernetes.yaml文件指定要存储您的秘密的环境变量,以便该名称空间中的应用程序可以访问它。

使用kubectl secrets cli 界面,您可以上传您的秘密。

kubectl create secret generic -n node-app test-mongodb-secret --from-literal=username=a-username --from-literal=password=a-secret-password

(命名空间 arg-n node-app是可选的,否则它将上传到默认命名空间)

运行此命令后,您可以检查您的 kube 仪表板以查看密钥已保存

然后从您的节点应用程序访问环境变量process.env.SECRET_PASSWORD

也许在您的情况下,秘密是在错误的名称空间中创建的,因此为什么undefined在您的应用程序中。

编辑 1

你的缩进container.env似乎是错误的

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never

推荐阅读