[英]Use Key File with Application Running on Kubernetes Cluster
I'm trying to use a key file in my Kubernetes application and I can't seem to find an example of this anywhere.我试图在我的 Kubernetes 应用程序中使用一个密钥文件,但我似乎在任何地方都找不到这样的例子。 I want to use Firebase authentication in my NodeJS backend.
我想在我的 NodeJS 后端使用 Firebase 身份验证。 When running my application locally I was using the following
在本地运行我的应用程序时,我使用的是以下内容
admin.initializeApp({
credential: admin.credential.cert(SERVICE_ACCOUNT_KEY_PATH),
});
My initial thought was to create a secret
from a key file like我最初的想法是从一个密钥文件中创建一个
secret
,比如
$ gcloud container clusters get-credentials my-cluster --zone us-central1-c --project my-project
$ kubectl create secret generic service-account-key \
--from-file=${SERVICE_ACCOUNT_KEY_PATH}
However, since I am creating a secret
there is not a path for me to set my SERVICE_ACCOUNT_KEY_PATH
to when running my application in a Kubernetes container.但是,由于我正在创建一个
secret
,因此在 Kubernetes 容器中运行我的应用程序时,我没有设置我的SERVICE_ACCOUNT_KEY_PATH
的路径。 What is the correct method for doing this in Kubernetes?在 Kubernetes 中执行此操作的正确方法是什么?
you can save the serviceaccount file inside the secret and mount the secret into the deployment volume.您可以将serviceaccount文件保存在secret中,并将 secret 挂载到部署卷中。
so the secret will be accessible to deployment's volume and your pod can access it.因此部署的卷可以访问密钥,并且您的 pod 可以访问它。
for example:例如:
apiVersion: v1
kind: Deployment
metadata:
name: mypod
spec:
containers:
- name: mypod
image: nginx
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
you can check out the:您可以查看:
https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys
another example: https://kubernetes.io/docs/concepts/configuration/secret/#use-case-dotfiles-in-a-secret-volume另一个例子: https://kubernetes.io/docs/concepts/configuration/secret/#use-case-dotfiles-in-a-secret-volume
so basic idea is to mount the secret into the volume of the deployment and it will be used by the code.所以基本的想法是将秘密挂载到部署的卷中,它将被代码使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.