从 node.js 应用程序访问 Kubernetes“秘密”环境变量
[英]Accessing Kubernetes "secret" environment variables from a node.js app
问题描述
I have a node.js application which is accessing environment variables like so:
我有一个 node.js 应用程序,它正在访问这样的环境变量:
const pool = mysql.createPool({
host: process.env.MYSQL_HOST,
user: process.env.MYSQL_USER,
port: process.env.MYSQL_PORT,
password: process.env.MYSQL_PASSWORD,
database: process.env.MYSQL_DB
});
The deployment is done via Kubernetes.部署是通过 Kubernetes 完成的。 Some of the environment variables, such as MYSQL_HOST, MYSQL_DB are set in plain form, the MYSQL_PASSWORD, however, is set via a secret.一些环境变量,如 MYSQL_HOST、MYSQL_DB 以普通形式设置,而 MYSQL_PASSWORD 则通过秘密设置。 And the problem is that the regular environment variables are read by my node.js application just fine while the MYSQL_PASSWORD is not.问题是我的 node.js 应用程序可以正常读取常规环境变量,而 MYSQL_PASSWORD 则不能。 But the problem is that when I try to see the value of MYSQL_PASSWORD in the list of the environment variables in the container - it shows the correct value.但问题是,当我尝试在容器的环境变量列表中查看 MYSQL_PASSWORD 的值时 - 它显示了正确的值。
Here's how the environment variable in question is set in the deployment yaml:以下是在部署 yaml 中设置相关环境变量的方式:
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_PASSWORD
name: config-secret
And again - the value is visible when I run the env command in the container, but for some reason the node.js application doesn't pick it up.再次 - 当我在容器中运行env命令时,该值是可见的,但由于某种原因,node.js 应用程序没有选择它。
Does anybody have any clue why my app would read the regular environment variables without issues but fails to read the ones set as secrets?有没有人知道为什么我的应用程序可以毫无问题地读取常规环境变量,但无法读取设置为机密的变量?
Thanks.谢谢。
3 个解决方案
解决方案1
2 2020-10-26 11:51:29
I have a node.js application which is accessing environment variables like so:我有一个 node.js 应用程序,它正在访问这样的环境变量:
const pool = mysql.createPool({
host: process.env.MYSQL_HOST,
user: process.env.MYSQL_USER,
port: process.env.MYSQL_PORT,
password: process.env.MYSQL_PASSWORD,
database: process.env.MYSQL_DB
});
The deployment is done via Kubernetes.部署是通过 Kubernetes 完成的。 Some of the environment variables, such as MYSQL_HOST, MYSQL_DB are set in plain form, the MYSQL_PASSWORD, however, is set via a secret.一些环境变量,如 MYSQL_HOST、MYSQL_DB 以普通形式设置,而 MYSQL_PASSWORD 则通过秘密设置。 And the problem is that the regular environment variables are read by my node.js application just fine while the MYSQL_PASSWORD is not.问题是我的node.js应用程序可以正常读取常规环境变量,而MYSQL_PASSWORD不能。 But the problem is that when I try to see the value of MYSQL_PASSWORD in the list of the environment variables in the container - it shows the correct value.但问题是,当我尝试在容器的环境变量列表中查看 MYSQL_PASSWORD 的值时 - 它显示了正确的值。
Here's how the environment variable in question is set in the deployment yaml:以下是在部署 yaml 中设置相关环境变量的方式:
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_PASSWORD
name: config-secret
And again - the value is visible when I run the env command in the container, but for some reason the node.js application doesn't pick it up.再次 - 当我在容器中运行env命令时,该值是可见的,但由于某种原因,node.js 应用程序没有选择它。
Does anybody have any clue why my app would read the regular environment variables without issues but fails to read the ones set as secrets?有没有人知道为什么我的应用程序可以毫无问题地读取常规环境变量,但无法读取设置为机密的变量?
Thanks.谢谢。
解决方案2
0 2020-10-27 12:24:36
I have a node.js application which is accessing environment variables like so:我有一个 node.js 应用程序,它正在访问这样的环境变量:
const pool = mysql.createPool({
host: process.env.MYSQL_HOST,
user: process.env.MYSQL_USER,
port: process.env.MYSQL_PORT,
password: process.env.MYSQL_PASSWORD,
database: process.env.MYSQL_DB
});
The deployment is done via Kubernetes.部署是通过 Kubernetes 完成的。 Some of the environment variables, such as MYSQL_HOST, MYSQL_DB are set in plain form, the MYSQL_PASSWORD, however, is set via a secret.一些环境变量,如 MYSQL_HOST、MYSQL_DB 以普通形式设置,而 MYSQL_PASSWORD 则通过秘密设置。 And the problem is that the regular environment variables are read by my node.js application just fine while the MYSQL_PASSWORD is not.问题是我的node.js应用程序可以正常读取常规环境变量,而MYSQL_PASSWORD不能。 But the problem is that when I try to see the value of MYSQL_PASSWORD in the list of the environment variables in the container - it shows the correct value.但问题是,当我尝试在容器的环境变量列表中查看 MYSQL_PASSWORD 的值时 - 它显示了正确的值。
Here's how the environment variable in question is set in the deployment yaml:以下是在部署 yaml 中设置相关环境变量的方式:
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_PASSWORD
name: config-secret
And again - the value is visible when I run the env command in the container, but for some reason the node.js application doesn't pick it up.再次 - 当我在容器中运行env命令时,该值是可见的,但由于某种原因,node.js 应用程序没有选择它。
Does anybody have any clue why my app would read the regular environment variables without issues but fails to read the ones set as secrets?有没有人知道为什么我的应用程序可以毫无问题地读取常规环境变量,但无法读取设置为机密的变量?
Thanks.谢谢。
解决方案3
0 2021-10-22 07:58:04
您的 base 64 编码可能存在一些问题,特别是在填充字符“=”中,请参阅为什么 base64 编码的字符串末尾有一个 = 符号作为示例,字符串“QUJDREVGRw==”和“QUJDREVGRw”都是在“ABCDEFG”中解码,但 kubernetes 容易受到影响:第一个是正确的,后者会导致错误!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.