[英]Google cloud build with pack and secrets manager not accessing environment variables
I'm using a standard gcr.io/k8s-skaffold/pack
build
function to build my app for google cloud run using google cloud build.我正在使用标准的
gcr.io/k8s-skaffold/pack
build
function 来构建我的应用程序,以便使用 google cloud build 运行 google cloud。
In my cloudbuild.yaml
I load 2 secrets from google secrets manager and pass it to the build function.在我的
cloudbuild.yaml
,我从 google 机密管理器中加载了 2 个机密并将其传递给构建 function。 The google cloud build has access to those secrets, otherwise I would get an error message for this (I got this kind of error at the beginning when setting up the build, now it seems to have access).谷歌云构建可以访问这些秘密,否则我会收到一条错误消息(我在开始设置构建时遇到了这种错误,现在它似乎可以访问)。
However, it seems like the environment variables don't get set.但是,似乎没有设置环境变量。
I think that it might be a syntactical problem of how I try to pass the variables.我认为这可能是我如何尝试传递变量的语法问题。
This is the stripped down cloudbuild.yaml这是精简后的 cloudbuild.yaml
steps:
- name: gcr.io/k8s-skaffold/pack
args:
- build
- '$_GCR_HOSTNAME/$PROJECT_ID/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA'
- '--builder=gcr.io/buildpacks/builder:v1'
- '--network=cloudbuild'
- '--path=.'
- '--env=SEC_A=$$SEC_A'
- '--env=SEC_B=$$SEC_B'
secretEnv: ['SEC_A', 'SEC_B']
id: Buildpack
entrypoint: pack
availableSecrets:
secretManager:
- versionName: projects/<pid>/secrets/SEC_A/versions/latest
env: SEC_A
- versionName: projects/<pid>/secrets/SEC_B/versions/latest
env: SEC_B
An Error message that I hacked into the build for checking shows me that the env var is empty during this build step.我侵入构建以进行检查的错误消息显示,在此构建步骤中 env var 为空。
I tried using $, $$ (as seen above), &&, ${...}, for substitution.我尝试使用 $、$$(如上所示)、&&、${...} 进行替换。 But maybe the problem lies somewhere else.
但也许问题出在其他地方。
Yes, it's a common issue and a trap on Cloud Build.是的,这是 Cloud Build 的常见问题和陷阱。 In fact, your secrets can't be read if you use the args[] arrays to pass argument.
事实上,如果你使用 args[] arrays 来传递参数,你的秘密就无法被读取。 you have to use the script mode, like that
你必须使用脚本模式,就像那样
steps:
- name: gcr.io/k8s-skaffold/pack
entrypoint: bash
args:
- -c
- |
pack build $_GCR_HOSTNAME/$PROJECT_ID/$REPO_NAME/$_SERVICE_NAME:$COMMIT_SHA --builder=gcr.io/buildpacks/builder:v1 --network=cloudbuild --path=. --env=SEC_A=$$SEC_A --env=SEC_B=$$SEC_B
secretEnv: ['SEC_A', 'SEC_B']
id: Buildpack
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.