I'm new to Kubernetes and I have a use case where I want to read data from another deployment.
In the following file, the the RabbitmqCluster creates a default user. I want to extract the credentials of that user into a secret for use in other services that need to publish or subscribe to that broker:
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: broker
---
apiVersion: v1
kind: Secret
metadata:
name: broker-credentials-secret
type: Opaque
stringData:
username: $BROKER_USER # Available at $(kubectl get secret broker-default-user -o jsonpath='{.data.username}' | base64 --decode)
password: $BROKER_PASSWORD # Available at $(kubectl get secret broker-default-user -o jsonpath='{.data.password}' | base64 --decode)
My first thought was to separate into two different files, I could wait for the cluster to be ready and then sed
the BROKER_PASSWORD
and BROKER_USER
variables into the second config that then deploys the secret.
My question is; is there a proper way to handle this scenario? Should I just separate these two into two different files and write documentation about their intended order of deployment? Or is there a better way of doing this?
CodePudding user response:
Your thinking and approach is correct, this way (splitting into two files) seems to be the best option in this case - there is no way to dynamically set values in Kubernetes YAML from the other running Kubernetes resource. Keep in mind that for a secret definition you don't have to use the stringData
and base64 --decode
command in kubectl
. It does not make any sense to decode values when they will be encoded again - better just read values in base64
string and use data
instead of stringData
- check this. Finally all should look like:
file-1.yaml:
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: broker
file-2.yaml:
apiVersion: v1
kind: Secret
metadata:
name: broker-credentials-secret
type: Opaque
data:
username: BROKER_USER
password: BROKER_PASSWORD
Then you can run this one-liner (with sed
commands using pipes . I also deleted $
signs in second yaml so sed
commands work properly):
kubectl apply -f file-1.yaml && sed -e "s/BROKER_USER/$(kubectl get secret broker-default-user -o jsonpath='{.data.username}')/g" -e "s/BROKER_PASSWORD/$(kubectl get secret broker-default-user -o jsonpath='{.data.password}')/g" file-2.yaml | kubectl apply -f -