堆栈内存溢出
  简体   繁体   English

Openshift / Kubernetes:使用Yaml文件中的服务帐户中的令牌

[英]Openshift/Kubernetes: Use token from Service account in yaml file

 原文  2019-02-08 15:52:58       templates/ kubernetes/ yaml/ openshift/ environment

问题描述

I currently have the following problem. 我目前有以下问题。 I am creating a Template in which I specify a ServiceAccount adn a RoleBinding. 我正在创建一个模板,在其中指定ServiceAccount和RoleBinding。 Openshift Creates a Token on its own and stores it in a secret with the name [service-account-name]-[az,1-9{5}]. Openshift会自己创建一个令牌,并将其存储在名称为[service-account-name]-[az,1-9 {5}]的秘密中。 Now I want to pass that secret on to an env Variable (as it will be consumed by another config in that container that can process env variables) 现在,我想将该秘密传递给环境变量(因为它将由该容器中可以处理环境变量的另一个配置使用)

Now you can easily use env variables like 现在,您可以轻松使用env变量,例如 

env:
- name: something
  valueFrom:
    secretKeyRef:
      name: someKey
      key: someValue

But now I've got the problem, that there is a secret, but I don't know the exact name as part of it is random. 但是现在我有了一个问题,那就是有一个秘密,但是我不知道确切的名称是随机的。 Now my question is 现在我的问题是

Is there a way to use the contents of a secret of a serviceaccount in a template? 有没有办法在模板中使用服务帐户的机密内容?

1 个解决方案

解决方案1
 0  2019-02-11 15:29:23

You can check your secrets by running kubectl get secret and then view more by running kubectl describe secret mysecret You will need to decode it to view it (I do not have experience with OpenShift). 您可以通过运行kubectl get secret来检查您的秘密,然后通过运行kubectl describe secret mysecret查看更多kubectl describe secret mysecret您将需要对其进行解码才能查看(我没有使用OpenShift的经验)。 You can also use them as Environment Variables as explained here . 你也可以用它们作为环境变量作为解释在这里
As for ServiceAccount and the token you can use it inside a container as specified in the OpenShift documentation 至于ServiceAccount和令牌,您可以在OpenShift 文档中指定的容器内使用它

A file containing an API token for a pod's service account is automatically mounted at /var/run/secrets/kubernetes.io/serviceaccount/token. 包含pod服务帐户的API令牌的文件会自动挂载在/var/run/secrets/kubernetes.io/serviceaccount/token中。

I think you could add commands from the documentation to the Pod Template into command: section similar to this example . 我认为您可以将文档中的命令添加到Pod模板到command:部分中,类似于本示例 Also you can find more about using secrets here . 您也可以在这里找到更多有关使用机密的信息

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 Kubernetes yaml 文件设置动态值 - How to set dynamic values with Kubernetes yaml file 从 YAML 管道到模板文件的 Azure Pipeline 动态参数 - Azure Pipeline dynamic parameters to template file from YAML pipeline 如何在 Kubernetes yaml 文件中动态设置包含 URL(带斜杠)的值并防止:替换命令中的错误标志 - How to dynamically set values containing URLs (with slashes) in Kubernetes yaml files & prevent: bad flag in substitute command 需要使用 For 循环而不是 Azure 管道模板 yaml 中的每个循环 - Need to use For loop not for each loop in Azure Pipeline Template yaml Gradle 复制任务展开 yaml 文件转义整个字符串 - Gradle copy task expand yaml file escape whole string 我们可以从 Nuget 包中引用 YAML 模板吗? - Can we reference a YAML template from a Nuget package? helm 模板从嵌套的 yaml 中获取值不起作用 - helm template to fetch a value from nested yaml doesnt work 从 yaml 管道传递的 Helm Concat 模板参数 - Helm Concat tamplate parameter which passed from yaml pipeline 如何使用Java从文件中编辑模板文档(表单字母)? - How to use Java to edit a template document (form letter) from a file? 在Woocommerce我的帐户页面中包含自定义模板文件问题 - Include custom template file issue in Woocommerce my account page
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM