转载请注明出处：python项目中通过环境变量的方式使用secret密钥参数

secret是k8s的一个密钥管理工具

更多参考secret详情可参考

Kubernetes–secret的简介和使用

创建私密参数secret

方式一 直接设置密钥参数

kubectl create secret generic my-secret --from-literal=mongohost=192.168.30.11 --from-literal=mongoport=27017

方式二 通过yaml创建

需要注意的是通过yaml创建时参数的值需要为base64编码

使用转换方法如下：

$ echo -n "192.168.30.11" | base64

MTkyLjE2OC4zMC4xMQ==

$ echo -n "27017" | base64

MjcwMTc=

$ echo -n "mypassword" | base64

Mjdsdaffdd=

$ echo -n "5600" | base64

NTYwMA==

则创建的secret.yml文件内容如下：

apiVersion: v1

kind: Secret

metadata:

name: test-mgap-module-secret

data:

mongohost: MTkyLjE2OC4zMC4xMQ==

mongoport: MjcwMTc=

mongousername: Mjdsdaffdd=

mongopassword: Mjdsdaffdd=

mysqlhost: MTkyLjE2OC4zMC4xMQ==

mysqlport: NTYwMA==

mysqlusername: Mjdsdaffdd=

mysqlpassword: Mjdsdaffdd=

使用yml文件创建命令如下：

kubectl create -f secret.yml

查看密钥

kubectl get secret my-secret -o yaml

解码密码字段：

$ echo "MTkyLjE2OC4zMC4xMQ==" | base64 --decode

192.168.30.11

argo yml中引用secret的密钥

注意my-secret是secret的名称，以及字段的对应

关键配置如下：

env:

- name: MONGO_HOST

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mongohost

- name: MONGO_PORT

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mongoport

完整yml内容参考

apiVersion: argoproj.io/v1alpha1

kind: Workflow

metadata:

generateName: mgap-module-name-

spec:

entrypoint: diamond

# activeDeadlineSeconds: 300

arguments:

parameters:

- name: chip-id

value: chip_id

- name: chip-version

value: v2_1 # v1.0 v2.0 v2.1

- name: env

value: beta # test beta prod

templates:

- name: diamond

dag:

tasks:

- name: module-step

template: module

arguments:

parameters:

- name: chip-id

value: "{{workflow.parameters.chip-id}}"

- name: chip-version

value: "{{workflow.parameters.chip-version}}"

- name: env

value: "{{workflow.parameters.env}}"

- name: module

retryStrategy:

limit: 20

inputs:

parameters:

- name: chip-id

- name: chip-version

- name: env

container:

image: mydocker/module/module:beta

command: [sh, -c]

args: ["date;cd /root;ls;start;sleep 10m;date"]

env:

- name: MONGO_HOST

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mongohost

- name: MONGO_PORT

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mongoport

- name: MONGO_USERNAME

valueFrom:

secretKeyRef:

name:my-secret # name of an existing k8s secret

key: mongousername

- name: MONGO_PASSWORD

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mongopassword

- name: MYSQL_HOST

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mysqlhost

- name: MYSQL_PORT

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mysqlport

- name: MYSQL_USERNAME

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mysqlusername

- name: MYSQL_PASSWORD

valueFrom:

secretKeyRef:

name: my-secret # name of an existing k8s secret

key: mysqlpassword

在python项目中引用环境变量

参考python项目实现多环境配置，需要写settings文件以及引用pyhocon库。

default.conf中引用环境变量如下：

mongodb {

host = ${MONGO_HOST}

port = ${MONGO_PORT}

username = ${MONGO_USERNAME}

password = ${MONGO_PASSWORD}

}

mysql {

host = ${MYSQL_HOST}

port = ${MYSQL_PORT}

username = ${MYSQL_USERNAME}

password = ${MYSQL_PASSWORD}

}

则可在py文件中使用如下

def print_mongodb_detail():

host = config['mongodb.host']

port = config['mongodb.port']

username = config['mongodb.username']

password = config['mongodb.password']

print("mongodb"+" "+host+" "+port+" "+username+" "+password)

logger.info('The mongodb config is (%s,%s,%s,%s) ' %

(host, port, username, password))

def print_mysql_detail():

host = config['mysql.host']

port = config['mysql.port']

username = config['mysql.username']

password = config['mysql.password']

print("mysql"+" "+host + " " + port + " " + username + " " + password)

logger.info('The mysql config is (%s,%s,%s,%s) ' %

(host, port, username, password))

增加annotations注释说明

apiVersion: v1

kind: Secret

metadata:

name: mongodb-factory

annotations:

description: "factory mongodb(host 192.168.20.166 port 27017) username and password"

type: Opaque

data:

username: YW3343=

password: SW4243223

转载请注明出处：python项目中通过环境变量的方式使用secret密钥参数