我有一个大的yaml文件,我想把它作为秘密存储在我的kubernetes集群中。以下命令成功:
k create secret generic values --from-file=my-values.yaml
但在我的代码中,我想使用k8s python客户端。所以我想做这样的事情:
def make_k8s_client(kubeconig):
....
def create_secret(name, data, client_api):
secret = client.V1Secret(
api_version="v1",
kind="Secret",
metadata=client.V1ObjectMeta(name=name),
data=data,
)
client_api.create_namespaced_secret(namespace="default",
body=secret)
k8s_api = make_k8s_client("path-to-kubeconfig")
with open("path-to/my-values.yaml") as f:
values = yaml.load(f)
如果我像这样通过yaml:
create_secret("mysecret", values, k8s_api)
我得到这个错误:
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Secret in version "v1" cannot be handled as a Secret: v1.Secret.Data: decode base64: illegal base64 data at input byte 0, error found in #10 byte of ...|pe": "abc", "def|..., bigger context ...|{"apiVersion": "v1", "data": {"k8sType": "abc", "secret": "mysecret", "type": "mytype","reason":"BadRequest","code":400}
如果我这样传递秘密:
create_secret("mysecret", base64.urlsafe_b64encode(json.dumps(values).encode()).decode(), k8s_api)
我得到这个错误:
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Secret in version "v1" cannot be handled as a Secret: v1.Secret.Data: ReadMapCB: expect { or n, but found ", error found in #10 byte of ...| "data": "eyJrOHNUeX|..., bigger context ...|{"apiVersion": "v1", "data": "eyJrOHNUeXBlIjogImF3cyIsICJnYXJkZW5lclNlY3JldCI6IC|...","reason":"BadRequest","code":400}
我必须如何对json文件进行编码才能将其传递给python k8s客户端?
Data包含机密数据。每个键必须由字母数字字符"-"、"_"或"."组成。秘密数据的序列化形式是一个base64编码的字符串,表示这里的任意(可能是非字符串(数据值(1(。
V1Secret(
api_version="v1",
kind="Secret",
metadata=client.V1ObjectMeta(name=name),
data={
'my-values.yaml': base64.b64encode(json.dumps(values).encode()).decode("utf-8")
},
如何创建和使用秘密