我尝试使用 K8S 密码作为密码连接到 SQL 服务器,但无论使用什么语法或方法,我想使用的密码始终为空。如果我对密码进行硬编码,一切都会正常。
我还可以使用此命令打印 POD 中的秘密,并且它还会返回存储在秘密中的密码,以便 POD 可以实际访问该秘密。
kubectl exec -it podname -- printenv MSSQL_SA_PASSWORD我正在尝试进行这个小小的健康检查。
start-sql.sh: |
#!/bin/bash
# Start SQL Server in the background
/opt/mssql/bin/sqlservr &
echo "The password being used is: $MSSQL_SA_PASSWORD"
echo "Waiting for SQL Server to start..."
for i in {1..120}; do
/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P "$MSSQL_SA_PASSWORD" -Q "SELECT 1"
if [ $? -eq 0 ]; then
echo "SQL Server is up and running."
break
else
echo -n "."
sleep 1
fi
done
这是我的初始化容器
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ${LOWERASSET}
labels:
app: ${ASSET}
spec:
replicas: 1
serviceName: ${LOWERASSET}
selector:
matchLabels:
app: ${ASSET}
template:
metadata:
labels:
app: ${ASSET}
spec:
securityContext:
fsGroup: 10001
initContainers:
- name: init-sql
image: ${IMAGE}
resources:
requests:
cpu: "200m"
memory: "2Gi"
limits:
cpu: "500m"
memory: "4Gi"
command: ["/bin/bash", "/mnt/init/start-sql.sh"]
env:
- name: MSSQL_PID
value: Developer
- name: ACCEPT_EULA
value: "Y"
- name: MSSQL_ENABLE_HADR
value: "1"
- name: MSSQL_AGENT_ENABLED
value: "1"
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: sql-server
key: pwd
volumeMounts:
- name: init-script
mountPath: /mnt/init
- name: ${LOWERASSET}
mountPath: /var/opt/mssql
containers:
- name: sqlserver
image: ${IMAGE}
resources:
requests:
cpu: "200m"
memory: "2Gi"
limits:
cpu: "500m"
memory: "4Gi"
ports:
- containerPort: 1433
name: tcpsql
env:
- name: MSSQL_PID
value: Developer
- name: ACCEPT_EULA
value: "Y"
- name: MSSQL_ENABLE_HADR
value: "1"
- name: MSSQL_AGENT_ENABLED
value: "1"
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: sql-server
key: pwd
volumeMounts:
- name: ${LOWERASSET}
mountPath: /var/opt/mssql
volumes:
- name: init-script
configMap:
name: sql-init-script
volumeClaimTemplates:
- metadata:
name: ${LOWERASSET}
labels:
app: ${ASSET}
backup: "${BACKUP}"
spec:
storageClassName: encrypted-standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
---
kind: Service
apiVersion: v1
metadata:
name: ${LOWERASSET}
labels:
app: ${ASSET}
spec:
type: ClusterIP
selector:
app: ${ASSET}
ports:
- name: tcpsql
protocol: TCP
port: 1433
在sqlcmd中使用secret的正确方法应该是什么??
您可以使用环境变量
SQLCMDPASSWORD-PSQLCMDPASSWORD 环境变量允许您为当前会话设置默认密码。因此,密码不必硬编码到批处理文件中。
因此,基于 Kubernetes docs,我可以将 env 变量作为“args”传递,这样我就可以在我的 bash 命令中使用它
command: ["/bin/bash", "/mnt/init/start-sql.sh"]
args:
- "$(MSSQL_SA_PASSWORD)"
env:
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: sql-server
key: pwd
我现在可以检索环境变量并在日志中查看它。
echo "The password being used is: $1"