1

尝试创建一些Airflow连接并执行文件中的命令,该entrypoint.sh文件作为dockerfile. 由于这些数据库凭据非常敏感,我们是否有可能将它们安全地存储在或基于 的kubernetes任何其他位置,或者我们将它们填充到?GCPlocalstagingproductionentrypoint.sh

4

1 回答 1

2

You can store them as kubernetes secret and mount them as an environment variable that will be accessible by entrypoint.sh

Remember kubernetes secret just encode secret as base64 otherwise you can use sealed secrets.

apiVersion: v1
kind: Pod
metadata:
  name: secret-env-pod
spec:
  containers:
  - name: mycontainer
    image: redis
    env:
      - name: SECRET_USERNAME
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: username
      - name: SECRET_PASSWORD
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: password
  restartPolicy: Never

于 2019-09-26T03:48:00.187 回答