英文:
How to read values of a key from a json file in a helm template
问题
我正在创建一个 GitHub Actions 步骤:
.
.
.
steps:
name: export-secrets
run: |
echo '${{ toJSON(secrets) }}' >> gh-secrets.json
.
.
.
假设 gh-secrets.json 文件如下所示:
# gh-secrets.json
{"A": "a1", "B": "b1", "C": "c1"}
然后,我将拉取 Helm Charts 并解压它们,然后将 gh-secrets.json 移动到解压目录中。我这样做的原因是根据 Helm 文档,"无法访问 Helm 应用子图之外的文件,包括父级文件"。
假设我在解压目录中有以下文件:
# values.yaml
secrets:
- A
- B
还有 templates/secrets.yaml 文件:
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-secret
data:
{{- range .Values.secrets }}
{{ . }}: {{ $.Files.Get "gh-secrets.json" | toJson }}
{{- end }}
这是结果:
# Source: mktplc-catalog/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: release-name-secret
data:
A: "'{\"A\": \"a1\", \"B\": \"b1\", \"C\": \"c1\"}'"
B: "'{\"A\": \"a1\", \"B\": \"b1\", \"C\": \"c1\"}'"
但我希望它是这样的:
# Source: mktplc-catalog/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: release-name-secret
data:
A: "a1"
B: "b1"
我该如何实现这个目标?
英文:
I am creating a github actions step
.
.
.
steps:
name: export-secrets
run: |
echo '${{ toJSON(secrets) }}' >> gh-secrets.json
.
.
.
suppose the gh-secrets.json file is as below:
# gh-secrets.json
{"A": "a1", "B": "b1", "C": "c1"}
Then I am going to pull the helm charts and untar them and then move gh-secrets.json into the untar directory. The reason I am doing this is according to helm docs, "Files outside of a helm application subchart, including those of the parent, cannot be accessed"
suppose I have these files in the untar directory
# values.yaml
secrets:
- A
- B
and I have templates/secrets.yaml:
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-secret
data:
{{- range .Values.secrtes }}
{{ . }}: {{ $.Files.Get "gh-secrets.json" | toJson }}
{{- end }}
this is the result:
# Source: mktplc-catalog/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: release-name-secret
data:
A: "'{\"A\": \"a1\", \"B\": \"b1\", \"C\": \"c1\"}'"
B: "'{\"A\": \"a1\", \"B\": \"b1\", \"C\": \"c1\"}'"
but I want it to be
# Source: mktplc-catalog/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: release-name-secret
data:
A: "a1"
B: "b1"
How can I achieve this?
答案1
得分: 1
Helm包含一个fromJson函数;实际上,它的文档与你的更新设置非常相似。因此,你可以使用它来读取文件、解析文件,然后选择其中的特定键。
data:
{{- $secrets := .Files.Get "gh-secrets.json" | fromJson -}}
{{- range .Values.secrets }}
{{ . }}: {{ index $secrets . }}
{{- end }}
在这里,你似乎对输入结构有一定的控制权。如果你可以将密钥值包装在某个顶层键中:
echo '{"secretValues": ${{ toJSON(secrets) }}}' > gh-secrets.json
然后,你可以将其作为额外的值文件提供给Helm(有效的JSON文件也是有效的YAML文件):
helm install -f gh-secrets.json ...
这个文件不需要在chart目录中。现在,Helm将为你解析它,并且它将作为.Values.secretValues可用,与注入的键匹配。(请记住,range循环会重置.的值,所以你需要在循环外保存它的值。)
如果这种技术对你有用,可能可以直接使用它来注入密钥值,而不需要间接的层级;可以使用类似以下的内容:
data:
{{ .Values.secretValues | toYaml | indent 2 }}
英文:
Helm includes a fromJson function; in fact, its documentation fairly closely matches your updated setup. So you can use this to read in the file, parse it, and then select the specific key out of it.
data:
{{- $secrets := .Files.Get "gh-secrets.json" | fromJson -}}
{{- range .Values.secrets }}
{{ . }}: {{ index $secrets . }}
{{- end }}
You appear to have some control over the input structure here. If you can wrap the secret values in some top-level key
echo '{"secretValues": ${{ toJSON(secrets) }}}' > gh-secrets.json
then you can provide this as an extra values file to Helm (valid JSON files are also valid YAML)
helm install -f gh-secrets.json ...
This file doesn't need to be in the chart directory. Now Helm will parse it for you, and it will be available as .Values.secretValues matching the injected key. (Remember that the range loop resets the value of ., so you will need to save its value outside the loop.)
If this technique works for you, it might be possible to use it to directly inject the secret values without the layer of indirection; use something like
data:
{{ .Values.secretValues | toYaml | indent 2 }}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论