我正试图使用kubernetes
ConfigMap和Secret设置mongo的两个env
变量,即MONGO_INITDB_ROOT_USERNAME
和MONGO_INITDB_ROOT_PASSWORD
,如下所示:
当我不使用配置映射和密码时,也就是说,我硬编码用户名和密码,它是有效的,但当我试图用配置映射和机密替换它时,它说
"身份验证失败。">
我的用户名和密码相同,是admin
这是yaml
对这些obects的定义,有人能帮我怎么了吗?
apiVersion: v1
kind: ConfigMap
metadata:
name: mongodb-username
data:
username: admin
---
apiVersion: v1
kind: Secret
metadata:
name: mongodb-password
data:
password: YWRtaW4K
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodbtest
spec:
# serviceName: mongodbtest
replicas: 1
selector:
matchLabels:
app: mongodbtest
template:
metadata:
labels:
app: mongodbtest
selector: mongodbtest
spec:
containers:
- name: mongodbtest
image: mongo:3
# env:
# - name: MONGO_INITDB_ROOT_USERNAME
# value: admin
# - name: MONGO_INITDB_ROOT_PASSWORD
# value: admin
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
configMapKeyRef:
name: mongodb-username
key: username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-password
key: password
几个小时后,我终于找到了解决方案,这不是我在kubernetes方面做的事情,而是我在base64
编码时做的。
正确的编码方式是使用以下命令:
echo -n 'admin' | base64
这就是我的问题。
您的部署yaml很好,只需将spec.containers[0].env
更改为spec.containers[0].envFrom
:
spec:
containers:
- name: mongodbtest
image: mongo:3
envFrom:
- configMapRef:
name: mongodb-username
- secretRef:
name: mongodb-password
这将把secret和configmap的所有密钥作为环境变量放入部署中。
apiVersion: v1
data:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD : password
kind: ConfigMap
metadata:
name: mongo-cred
namespace: default
像一样将其注入部署
envFrom:
- configMapRef:
name: mongo-cred
部署将类似
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodbtest
spec:
# serviceName: mongodbtest
replicas: 1
selector:
matchLabels:
app: mongodbtest
template:
metadata:
labels:
app: mongodbtest
selector: mongodbtest
spec:
containers:
- name: mongodbtest
image: mongo:3
envFrom:
- configMapRef:
name: mongo-cred
如果您想秘密保存数据,那么秘密是使用加密base64和敏感数据存储数据的最佳做法。
envFrom:
- secretRef:
name: mongo-cred
你可以用创建秘密
apiVersion: v1
data:
MONGO_INITDB_ROOT_USERNAME: YWRtaW4K #base 64 encoded
MONGO_INITDB_ROOT_PASSWORD : YWRtaW4K
kind: secret
type: Opaque
metadata:
name: mongo-cred
namespace: default