时间戳

首页 > 解决方案 > 为 docker 注册表创建 kubernetes 机密 - Terraform

kubernetes - 为 docker 注册表创建 kubernetes 机密 - Terraform

问题描述

使用kubectl我们可以创建docker registry authentication secret如下

kubectl create secret docker-registry regsecret \
--docker-server=docker.example.com \
--docker-username=kube \
--docker-password=PW_STRING \
--docker-email=my@email.com \

我如何secret使用创建这个terraform,我看到了这个链接,它有,在创建实例data的流程中terraform,我从那里获得所需的数据,我创建了类似下面的东西kubernetesazure

resource "kubernetes_secret" "docker-registry" {
  metadata {
    name = "registry-credentials"
  }

  data = {
    docker-server = data.azurerm_container_registry.docker_registry_data.login_server
    docker-username = data.azurerm_container_registry.docker_registry_data.admin_username
    docker-password = data.azurerm_container_registry.docker_registry_data.admin_password
  }


}

似乎这是错误的,因为图像没有被拉出。我在这里想念什么。

标签: kubernetesterraformazure-aksterraform-provider-azure

解决方案

如果您运行以下命令

kubectl create secret docker-registry regsecret \
--docker-server=docker.example.com \
--docker-username=kube \
--docker-password=PW_STRING \
--docker-email=my@email.com

它将创建一个秘密,如下所示

$ kubectl get secrets regsecret -o yaml
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuZXhhbXBsZS5jb20iOnsidXNlcm5hbWUiOiJrdWJlIiwicGFzc3dvcmQiOiJQV19TVFJJTkciLCJlbWFpbCI6Im15QGVtYWlsLmNvbSIsImF1dGgiOiJhM1ZpWlRwUVYxOVRWRkpKVGtjPSJ9fX0=
kind: Secret
metadata:
  creationTimestamp: "2020-06-01T18:31:07Z"
  name: regsecret
  namespace: default
  resourceVersion: "42304"
  selfLink: /api/v1/namespaces/default/secrets/regsecret
  uid: 59054483-2789-4dd2-9321-74d911eef610
type: kubernetes.io/dockerconfigjson

如果我们解码.dockerconfigjson,我们将得到

{"auths":{"docker.example.com":{"username":"kube","password":"PW_STRING","email":"my@email.com","auth":"a3ViZTpQV19TVFJJTkc="}}}

那么,我们如何使用 terraform 做到这一点?

我创建了一个config.json包含以下数据的文件

{"auths":{"${docker-server}":{"username":"${docker-username}","password":"${docker-password}","email":"${docker-email}","auth":"${auth}"}}}

然后在main.tf文件中

resource "kubernetes_secret" "docker-registry" {
  metadata {
    name = "regsecret"
  }

  data = {
    ".dockerconfigjson" = "${data.template_file.docker_config_script.rendered}"
  }

  type = "kubernetes.io/dockerconfigjson"
}


data "template_file" "docker_config_script" {
  template = "${file("${path.module}/config.json")}"
  vars = {
    docker-username           = "${var.docker-username}"
    docker-password           = "${var.docker-password}"
    docker-server             = "${var.docker-server}"
    docker-email              = "${var.docker-email}"
    auth                      = base64encode("${var.docker-username}:${var.docker-password}")
  }
}

然后运行

$ terraform apply

这将产生相同的秘密。希望它会有所帮助

推荐阅读