4

我正在尝试为我们的产品编写 Helm Charts。图像存储在 GCR 私人仓库中。所有组件的图表都已准备就绪,但我正在尝试在 imagePullSecrets 的图表中编写 YAML 文件。我从这里阅读了图表提示,

我也知道如何创建 imagePullSecret:

kubectl create secret docker-registry mydockercfg \
        --docker-server "https://eu.gcr.io" \
        --docker-username _json_key \
        --docker-email not@val.id \
        --docker-password=$(cat your_service_account.json)

但我不知道如何将“your_service_account.json”的内容填充到该图表的 values.yaml 的密码中。最好我可以更改名称“your_service_account.json”以更新 values.yaml 的密码。

目前,我的实现如下:

$ cat values.yaml
secretName: gcr-json-key-test
imageCredentials:
  registry: us.gcr.io/xxxxx
  username: _json_key
  password:

secrets.yaml 的内容:

$ cat templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Values.secretName }}
    labels:
    app: {{ template "fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
type: kubernetes.io/dockercfg
data:
  .dockerconfigjson: {{ template "imagePullSecret" . }}

_helpers.tpl 的内容:

$ cat templates/_helpers.tpl
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited 
to this (by the DNS naming spec).
 */}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}

然后使用

$ helm install ./secrets --set imageCredentials.password "$(cat ./my_service_account.json)"

会导致错误:

错误:此命令需要 1 个参数:图表名称

我怎么解决这个问题?

4

1 回答 1

7

可以使用以下步骤创建和部署它:

脚步:

  1. 使用您的 docker_username 和 docker_password 创建 base64 编码字符串

    $ echo -n "docker_username:docker_password" | base64
ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk

  2. 步骤 1中获得的编码字符串作为auth key 的值放入以下 ​​Json 中,并填写所需的详细信息。

    {
  "https://eu.gcr.io":
   { 
     "username":"docker_user",
     "password":"docker_password",
     "email":"docker@gamil.com",
     "auth":"ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk",
   }
 }

  3. 将此json缩减为用单引号括起来的字符串:

    '{"https://eu.gcr.io":{"username":"docker_user","password":"docker_password","email":"docker@gamil.com","auth":"ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk"}}'

  4. 为上述 Json 字符串创建 base64 编码字符串,如下所示:

    $ echo -n '{"https://eu.gcr.io":{"username":"docker_user","password":"docker_password","email":"docker@gamil.com","auth":"ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk"}}' | base64 
eyJodHRwczovL2V1Lmdjci5pbyI6eyJ1c2VybmFtZSI6ImRva2Nlcl91c2VyIiwicGFzc3dvcmQiOiJkb2NrZXJfcGFzc3dvcmQiLCJlbWFpbCI6ImRvY2tlckBnYW1pbC5jb20iLCJhdXRoIjoiWkc5clkyVnlYM1Z6WlhJNlpHOWphMlZ5WDNCaGMzTjNiM0prIn19

  5. 按照以下格式创建 secret.yml:

    $ cat templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
   name: {{ .Values.secretName }}
   labels:
     app: {{ template "fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
type: kubernetes.io/dockercfg
data:
  .dockercfg: {{ .Values.dockercfg }}

  6. 将第4步得到的编码字符串放在value.yaml中:

    $ cat values.yaml
secretName: gcr-json-key-test
dockercfg:

  7. 使用以下命令安装图表:

    $ helm install ./secrets -n release_name --set dockecfg="eyJodHRwczovL2V1Lmdjci5pbyI6eyJ1c2VybmFtZSI6ImRva2Nlcl91c2VyIiwicGFzc3dvcmQiOiJkb2NrZXJfcGFzc3dvcmQiLCJlbWFpbCI6ImRvY2tlckBnYW1pbC5jb20iLCJhdXRoIjoiWkc5clkyVnlYM1Z6WlhJNlpHOWphMlZ5WDNCaGMzTjNiM0prIn19" --debug

    或将其存储在文件( .dockercfg )中并使用以下命令

    $ helm install ./secrets -n release_name --set dockecfg="$(cat ./.dockercfg )"

希望这将是有用的......!:)

于 2017-11-24T17:55:13.460 回答