我想读取 init 容器中的 EKS 秘密和配置映射值,如何操作以及是否可能?
目前,如果通过下面的 java 代码缺少密钥或 cm 值,我们会导致容器失败
public class StartupHealthProbe implements HealthIndicator {
private static final List<String> MANDATORY_ENV_VARIABLES = List.of(
"A",
"B",
"C",
"D"
);
private final Environment environment;
public StartupHealthProbe(Environment environment) {
this.environment = environment;
}
@Override
public Health health() {
if (!isMandatoryEnvVariablesSet()) {
return Health.down().build();
}
return Health.up().build();
}
boolean isMandatoryEnvVariablesSet() {
final List<String> missingEnvVariables =
MANDATORY_ENV_VARIABLES.stream()
.filter(envVar -> !environment.containsProperty(envVar))
.collect(Collectors.toList());
if (!missingEnvVariables.isEmpty()) {
log.error(
"[CONFIGURATION ERROR] Missing mandatory environment variables: {}", missingEnvVariables);
return false;
}
return missingEnvVariables.isEmpty();
}
}
使用 init 容器可以实现相同的功能吗,请注意我的一些值来自 EKS 秘密,一些值来自 configmaps
您可以像使用常规容器一样访问 init 容器中的机密和 ConfigMap:
initContainers:
- name: ...
image: ...
restartPolicy: Always
volumeMounts:
- name: config-map
mountPath: /usr/share/file.yml
subPath: file.yml
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: secret
key: password
上面展示了如何通过将其挂载为卷来访问 ConfigMap,以及如何将机密作为环境变量来访问。