tawagar game da yadda ake samar da sirrin Helm ta atomatik lokacin ɗaukakawa. Mai zuwa shine rubutu daga marubucin labarin - darektan fasaha na Intoware, kamfanin da ke haɓaka mafita na SaaS.
Kwantena masu sanyi. Da farko na kasance anti-container (Ina jin kunyar shigar da shi), amma yanzu na goyi bayan amfani da wannan fasaha sosai. Idan kuna karanta wannan, da fatan kun sami nasarar zagaya tekunan Docker, kun gane fa'idodin Kubernetes, kuma kun sauƙaƙa rayuwar ku tare da Helm.
Duk da haka, wasu abubuwa sun fi wuya a fili fiye da yadda suke bukata.
Yadda ake samar da sirri ta atomatik lokacin ɗaukakawa?
Sirrin Kubernetes hanya ce da ta ƙunshi maɓalli/ƙimar nau'i-nau'i waɗanda kuke son amfani da su a lambar ku. Waɗannan na iya zama igiyoyin haɗin bayanai, kalmomin shiga imel, da sauransu. Ta amfani da sirri, kuna ƙirƙirar bayyanannen rabuwa tsakanin lamba da saituna, yana sauƙaƙa keɓance abubuwan aiki daban-daban ba tare da canza lambar lambar ba.
Halin gama gari shine lokacin da kayayyaki biyu dole ne su sadarwa ta amfani da maɓalli na gama gari. Babu wanda ke wajen gungu ya kamata ya san wannan maɓalli, tunda an yi shi ne don sadarwa ɗaya zuwa ɗaya a cikin gungu.
Yin sirri
Yawanci, don ƙirƙirar sirri a Helm kuna buƙatar:
- bayyana sirrin a cikin fayil ɗin dabi'u;
- sake fasalin shi a lokacin turawa;
- mayar da shi a cikin turawa / kwasfa;
- ... riba!
Yawanci yana kama da wani abu kamar haka:
apiVersion: v1
kind: Secret
metadata:
name: my-super-awesome-api-key
type: Opaque
stringData:
apiKey: {{ .Values.MyApiKeySecret | quote }}
Sirrin Kubernetes mai sauƙi ta amfani da ƙima daga ƙimar.yml
Amma bari mu ce ba kwa son bayyana sirrin ku a cikin fayil ɗin ƙimar.
Akwai zaɓuɓɓuka da yawa lokacin turawa yana buƙatar maɓallin raba, wanda dole ne a samar dashi yayin shigarwa.
A cikin misalin sadarwa-zuwa-module na sama, ba a so a raba sirrin a wajen turawa. Don haka, yana da matuƙar kyawawa cewa Helm yana da hanyoyin samar da sirri ta atomatik ba tare da fayyace shi kai tsaye ba.
Kugiya
Hooks suna ba ku damar gudanar da lamba a takamaiman wurare yayin aikin shigarwa. Ana iya samun aikin daidaitawa wanda ke buƙatar gudana bayan shigarwa na farko, ko watakila ana buƙatar tsaftacewa kafin yin kowane sabuntawa.
Don magance matsalar mu na ƙara maɓallin da aka samar yayin shigarwa, ƙugiya da aka riga aka shigar sun dace. Amma akwai kama: ba za ku iya samar da sirri ta atomatik sau ɗaya akan sabuntawa ba. Hooks zai yi aiki akan kowane sabuntawa.
Idan kun ƙirƙiri sirrin ku kuma shigarwa na farko bai faru ba tukuna sannan ku daina karantawa, ƙugiya da aka riga aka shigar zata yi muku kyau.
Amma idan sirrin wani bangare ne na sabuntawa (watakila sabon fasalin da ba a wurin lokacin shigarwa), to abin kunya ne cewa ba za ku iya ƙirƙirar ƙugiya da aka riga aka shigar ba wanda ke aiki sau ɗaya kawai.
Ayyuka
Ayyukan Helm suna ba ku damar ƙara abubuwa daban-daban na rubutun zuwa rubutun turawa.
apiVersion: v1
kind: Secret
metadata:
name: my-super-awesome-api-key
type: Opaque
stringData:
apiKey: {{ uuidv4 | quote }} #Generate a new UUID and quote it
Wannan misalin yana nuna ƙimar sirrin apiKey zai zama sabon UUID da aka samar yayin shigarwa.
Helm ya haɗa da babban ɗakin karatu na fasali da gaske wanda ke ba da fa'ida mai ban mamaki fasali na GO da ɗakin karatu na fasalin Sprig don ƙirƙirar kayan aiki na al'ada.
Ayyukan dubawa
An ƙara a cikin Helm 3.1 , wanda ke ba ku damar buƙatar turawa da ke akwai kuma:
- duba kasancewar albarkatun;
- mayar da darajar albarkatun da ke akwai don amfani daga baya.
Yin amfani da waɗannan damar guda biyu, za mu iya ƙirƙirar sirrin lokaci ɗaya, mai ƙarfi da aka samar!
# 1. Запросить существование секрета и вернуть в переменной $secret
{{- $secret := (lookup "v1" "Secret" .Release.Namespace "some-awesome-secret" -}}
apiVersion: v1
kind: Secret
metadata:
name: some-awesome-secret
type: Opaque
# 2. Если секрет существует, взять его значение как apiKey (секрет использует кодирование Base64, так что используйте ключ "data")
{{ if $secret -}}
data:
apiKey: {{ $secret.data.apiKey }}
# 3. Если секрет не существует — создать его (в этот раз используйте "stringData", так как будет обычное значение)!
{{ else -}}
stringData:
apiKey: {{ uuidv4 | quote }}
{{ end }}
A duk lokacin da aka yi amfani da sabon sabuntawa ga uwar garken, Helm ko dai zai haifar da sabon ƙimar sirri (idan babu wani sirri tukuna) ko kuma sake amfani da ƙimar data kasance.
Nasara!
Me kuma za a karanta a kan batun:
- .
- .
- .
source: www.habr.com