简体   繁体   English

将现有的 azure 文件共享挂载为持久卷而不使用机密

[英]Mount existing azure file share as a persistent volume without using secret

The way to mount azure file as a PV is shown in tutorials as below:将azure文件挂载为PV的方法如下教程所示:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: azurefile
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  azureFile:
    secretName: azure-secret
    shareName: aksshare
    readOnly: false
  mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - uid=1000
  - gid=1000
  - mfsymlinks
  - nobrl

Currently I need to create a secret with the storage account key to get the pv working.目前我需要使用存储帐户密钥创建一个秘密以使 pv 正常工作。 Is there a way to mount the file share without creating a secret, preferably using environment variables?有没有办法在不创建秘密的情况下挂载文件共享,最好使用环境变量? For example, putting the account key in environment variables or using service principal credentials.例如,将帐户密钥放在环境变量中或使用服务主体凭据。

I also attempted to use kustomise secretGenerator to create the secret from env variables, but the secret name is different each time and I can't use it in the pv yaml file.我还尝试使用 kustomise secretGenerator 从环境变量创建秘密,但秘密名称每次都不同,我不能在 pv yaml 文件中使用它。

Kubernetes is secret or configmap is one way of injecting secret only to deployments. Kubernetes 是机密configmap是仅将机密注入部署的一种方式。

If you are storing something in secret that means you can access it as an environment variable.如果您要秘密存储某些内容,这意味着您可以将其作为环境变量进行访问。

You can create a storage class and use it something like:您可以创建一个存储 class 并使用它:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: azurefile
provisioner: kubernetes.io/azure-file
mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - uid=0
  - gid=0
  - mfsymlinks
  - cache=strict
  - actimeo=30
parameters:
  skuName: Standard_LRS

With this only you can add the secret so you don't have to add it multiple time.只有这样,您才能添加秘密,因此您不必多次添加。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 docker-compose 将 Azure 文件共享挂载为容器组的卷? - How to mount Azure File Share as Volume for Container Group using docker-compose? Azure 容器实例 - 如何通过 Azure 门户从 Azure 文件共享挂载卷? - Azure Container Instances - how to mount volume from Azure File Share through the Azure Portal? 如何在Azure(容器Web应用程序)上将卷(Azure文件共享)安装到基于Bitnami的Docker映像? - How to mount a volume (Azure File Share) to a bitnami-based docker image on Azure (Web App for Container)? 无法使用 Azure 文件配置器将卷安装到 Kubernetes 中的 pod - Cannot mount volume to pod in Kubernetes using Azure file provisioner 无法从 ACI 容器中的 azure 文件共享卷挂载查看文件 - Unable to view files from azure file share volume mount in ACI container 使用cifs-utils和SAS令牌挂载Azure文件共享 - Mount Azure File share using cifs-utils and SAS Token Azure 云初始化上的文件共享挂载脚本 - Azure file share mount script on cloud init 无法在 azure 容器实例中将 azure 文件共享挂载为 mongodb 卷 - Unable to mount azure file shares as mongodb volume in azure container instances 如何使用REST API将文件存储卷安装到azure容器实例 - How to mount a File Storage volume to an azure container instance using REST api Azure kube.netes - 将 Azure blob 安装为一个卷并使用 python 写入? - Azure kubernetes - mount Azure blob as a volume and write using python?
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM