[英]How to use kubernetes secrets in nodejs application?
我在gcp上有一个kubernetes 集群,运行我的express和node.js应用程序,使用MongoDB操作CRUD操作。
我创建了一个秘密,包含username和password ,连接到mongoDB指定的秘密作为我的kubernetes yml文件中的environment 。 现在我的问题是“如何在用于连接 mongoDB 的节点 js 应用程序中访问该用户名和密码”。
我在Node.JS应用程序中尝试了process.env.SECRET_USERNAME和process.env.SECRET_PASSWORD ,它抛出undefined 。
任何想法将不胜感激。
隐藏文件
apiVersion: v1
data:
password: pppppppppppp==
username: uuuuuuuuuuuu==
kind: Secret
metadata:
creationTimestamp: 2018-07-11T11:43:25Z
name: test-mongodb-secret
namespace: default
resourceVersion: "00999"
selfLink: /api-path-to/secrets/test-mongodb-secret
uid: 0900909-9090saiaa00-9dasd0aisa-as0a0s-
type: Opaque
kubernetes.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:deployment.kubernetes.io/
revision: "4"
creationTimestamp: 2018-07-11T11:09:45Z
generation: 5
labels:
name: test
name: test
namespace: default
resourceVersion: "90909"
selfLink: /api-path-to/default/deployments/test
uid: htff50d-8gfhfa-11egfg-9gf1-42010gffgh0002a
spec:
replicas: 1
selector:
matchLabels:
name: test
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
name: test
spec:
containers:
- env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
key: username
name: test-mongodb-secret
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: test-mongodb-secret
image: gcr-image/env-test_node:latest
imagePullPolicy: Always
name: env-test-node
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
status:
availableReplicas: 1
conditions:
- lastTransitionTime: 2018-07-11T11:10:18Z
lastUpdateTime: 2018-07-11T11:10:18Z
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
observedGeneration: 5
readyReplicas: 1
replicas: 1
updatedReplicas: 1
您的kubernetes.yaml文件指定了存储您的机密的环境变量,以便该命名空间中的应用程序可以访问它。
使用kubectl secrets cli 界面,您可以上传您的秘密。
kubectl create secret generic -n node-app test-mongodb-secret --from-literal=username=a-username --from-literal=password=a-secret-password
(命名空间 arg -n node-app是可选的,否则它将上传到默认命名空间)
运行此命令后,您可以检查您的 kube 仪表板以查看机密已保存
然后从您的节点应用程序访问环境变量process.env.SECRET_PASSWORD
也许在您的情况下,秘密是在错误的命名空间中创建的,因此为什么在您的应用程序中undefined 。
编辑 1
您对container.env缩进似乎是错误的
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
如何在 NODEjs 应用程序上安全地存储 JWT 机密/私钥?
[英]How to securely store JWT secrets/private keys on a NODEjs application?
如何测试在kubernetes集群上部署为pod的nodejs应用程序?
[英]how to test nodejs application which is deployed as a pod on kubernetes cluster?
如何在 Kubernetes 的 nodejs 多实例应用程序中创建临界区?
[英]How to create critical section in nodejs multi-instance application in Kubernetes?
如何在Heroku的nodejs应用程序中使用“下划线”模块?
[英]How to use “underscore” module in a nodejs application on Heroku?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.