helm secret
徐学潞
1.安装插件
brew install sops
helm plugin install https://github.com/jkroepke/helm-secrets
2.项目根目录下创建.sop.yaml
creation_rules:
- kms: "arn:aws:kms:us-west-*******:key/2******-85ba-********"
3.创建secret.yaml,加密数据库数据
rds:
mysql:
url: ENC[AES256_GCM,data:voTa2QS9QSf5H+bk9XCilt5MNFOx0r0facqlHb7F5ioGEQ2jB2rX9NKsBu56Stfrp2aPqfVV6d/pAubD4vpeF9I7JxYuTBFn2zx3JM3/qrnIrLlTln/E4mwVmA==,iv:w8wYn1gbB1aRx66mKSCWQ89NGQYGY3i9QMQ9KcRKij4=,tag:0NwEmOwu5USxIA1jmIsFkQ==,type:str]
user: ENC[AES256_GCM,data:OzWBf1uC,iv:+D8sJV0aXpPbvg2LBf9M0Nrje/qhC2vHYcRVoGWb67Y=,tag:FjUoxKFQo/7+rHWxiZ9oAw==,type:str]
password: ENC[AES256_GCM,data:61RlVK2gj6TD,iv:lzQX/zDwGAJ7/Z//1ES1kcWTFi+zLgz/5TucYLP7azc=,tag:CtYs8BbR0mQWFDisweN7CA==,type:str]
4.加解密命令
加密helm secrets enc helm/helm_vars/test/secret.yaml
解密helm secrets dec helm/helm_vars/test/secret.yaml
5.deployment.yaml的containers标签下加上环境env变量
env:
- name: RDS_DB_URL
value: {{ .Values.rds.mysql.url }}
- name: RDS_DB_USER
value: {{ .Values.rds.mysql.user }}
- name: RDS_DB_PASSWORD
value: {{ .Values.rds.mysql.password }}
6.更新helm 注意secrets
helm secrets upgrade --install backend-ab-test kika/backend-ab-test -f helm/helm_vars/test/secret.yaml
类似资料: