[英]Openshift/Kubernetes: Use token from Service account in yaml file
I currently have the following problem. 我目前有以下问题。 I am creating a Template in which I specify a ServiceAccount adn a RoleBinding. 我正在创建一个模板,在其中指定ServiceAccount和RoleBinding。 Openshift Creates a Token on its own and stores it in a secret with the name [service-account-name]-[az,1-9{5}]. Openshift会自己创建一个令牌,并将其存储在名称为[service-account-name]-[az,1-9 {5}]的秘密中。 Now I want to pass that secret on to an env Variable (as it will be consumed by another config in that container that can process env variables) 现在,我想将该秘密传递给环境变量(因为它将由该容器中可以处理环境变量的另一个配置使用)
Now you can easily use env variables like 现在,您可以轻松使用env变量,例如
env:
- name: something
valueFrom:
secretKeyRef:
name: someKey
key: someValue
But now I've got the problem, that there is a secret, but I don't know the exact name as part of it is random. 但是现在我有了一个问题,那就是有一个秘密,但是我不知道确切的名称是随机的。 Now my question is 现在我的问题是
Is there a way to use the contents of a secret of a serviceaccount in a template? 有没有办法在模板中使用服务帐户的机密内容?
You can check your secrets by running kubectl get secret
and then view more by running kubectl describe secret mysecret
You will need to decode it to view it (I do not have experience with OpenShift). 您可以通过运行kubectl get secret
来检查您的秘密,然后通过运行kubectl describe secret mysecret
查看更多kubectl describe secret mysecret
您将需要对其进行解码才能查看(我没有使用OpenShift的经验)。 You can also use them as Environment Variables as explained here . 你也可以用它们作为环境变量作为解释在这里 。
As for ServiceAccount and the token you can use it inside a container as specified in the OpenShift documentation 至于ServiceAccount和令牌,您可以在OpenShift 文档中指定的容器内使用它
A file containing an API token for a pod's service account is automatically mounted at /var/run/secrets/kubernetes.io/serviceaccount/token. 包含pod服务帐户的API令牌的文件会自动挂载在/var/run/secrets/kubernetes.io/serviceaccount/token中。
I think you could add commands from the documentation to the Pod Template into command:
section similar to this example . 我认为您可以将文档中的命令添加到Pod模板到command:
部分中,类似于本示例 。 Also you can find more about using secrets here . 您也可以在这里找到更多有关使用机密的信息 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.