kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-05-18 09:22:03 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
537ff024ddadf946a615afd602a8fe9b78ef498f
kustomize/docs/zh/guides/plugins/gopluginguidedexample/index.html
Syam Sundar K 3e5989ae18 docs/ build
2020-08-26 18:11:27 +05:30

663 lines
31 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="zh" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="generator" content="Hugo 0.74.3" />
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<link rel="shortcut icon" href="/favicons/favicon.ico" >
<link rel="apple-touch-icon" href="/kustomize/favicons/apple-touch-icon-180x180.png" sizes="180x180">
<link rel="icon" type="image/png" href="/kustomize/favicons/favicon-16x16.png" sizes="16x16">
<link rel="icon" type="image/png" href="/kustomize/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/kustomize/favicons/android-36x36.png" sizes="36x36">
<link rel="icon" type="image/png" href="/kustomize/favicons/android-48x48.png" sizes="48x48">
<link rel="icon" type="image/png" href="/kustomize/favicons/android-72x72.png" sizes="72x72">
<link rel="icon" type="image/png" href="/kustomize/favicons/android-96x96.png" sizes="96x96">
<link rel="icon" type="image/png" href="/kustomize/favicons/android-144x144.png" sizes="144x144">
<link rel="icon" type="image/png" href="/kustomize/favicons/android-192x192.png" sizes="192x192">
<title>Go 插件示例 | Kustomize</title><meta property="og:title" content="Go 插件示例" />
<meta property="og:description" content="Go 插件示例
" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://kubernetes-sigs.github.io/kustomize/zh/guides/plugins/gopluginguidedexample/" />
<meta property="article:modified_time" content="2020-07-16T12:57:18-07:00" /><meta property="og:site_name" content="Kustomize" />
<meta itemprop="name" content="Go 插件示例">
<meta itemprop="description" content="Go 插件示例
">
<meta itemprop="dateModified" content="2020-07-16T12:57:18-07:00" />
<meta itemprop="wordCount" content="429">
<meta itemprop="keywords" content="" />
<meta name="twitter:card" content="summary"/>
<meta name="twitter:title" content="Go 插件示例"/>
<meta name="twitter:description" content="Go 插件示例
"/>
<link rel="preload" href="/kustomize/scss/main.min.818a933df0186c907f1faea6730835dd5fa01c3b53af36bb68396dc80a2d3c45.css" as="style">
<link href="/kustomize/scss/main.min.818a933df0186c907f1faea6730835dd5fa01c3b53af36bb68396dc80a2d3c45.css" rel="stylesheet" integrity="">
<script
src="https://code.jquery.com/jquery-3.3.1.min.js"
integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="
crossorigin="anonymous"></script>
<link rel="stylesheet" type="text/css" href="https://kubernetes-sigs.github.io/kustomize//css/asciinema-player.css" />
<title>Go 插件示例 | Kustomize</title>
</head>
<body class="td-page">
<header>
<nav class="js-navbar-scroll navbar navbar-expand navbar-dark flex-column flex-md-row td-navbar">
<a class="navbar-brand" href="/kustomize/zh/">
<span class="navbar-logo"></span><span class="text-uppercase font-weight-bold">Kustomize</span>
</a>
<div class="td-navbar-nav-scroll ml-md-auto" id="main_navbar">
<ul class="navbar-nav mt-2 mt-lg-0">
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link" href="/kustomize/zh/installation/" ><span>安装</span></a>
</li>
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link active" href="/kustomize/zh/guides/" ><span class="active">指南</span></a>
</li>
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link" href="/kustomize/zh/api-reference/" ><span>API 参考</span></a>
</li>
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link" href="https://github.com/kubernetes-sigs/kustomize/tree/master/examples" target="_blank" ><span>Example</span></a>
</li>
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link" href="/kustomize/zh/faq/" ><span>FAQ</span></a>
</li>
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link" href="/kustomize/zh/blog/" ><span>博客</span></a>
</li>
<li class="nav-item mr-4 mb-2 mb-lg-0">
<a class="nav-link" href="/kustomize/zh/contributing/" ><span>贡献指南</span></a>
</li>
<li class="nav-item dropdown d-none d-lg-block">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
简体中文
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="/kustomize/guides/plugins/gopluginguidedexample/">English</a>
</div>
</li>
</ul>
</div>
<div class="navbar-nav d-none d-lg-block">
</div>
</nav>
</header>
<div class="container-fluid td-outer">
<div class="td-main">
<div class="row flex-xl-nowrap">
<div class="col-12 col-md-3 col-xl-2 td-sidebar d-print-none">
<div id="td-sidebar-menu" class="td-sidebar__inner">
<form class="td-sidebar__search d-flex align-items-center">
<button class="btn btn-link td-sidebar__toggle d-md-none p-0 ml-3 fas fa-bars" type="button" data-toggle="collapse" data-target="#td-section-nav" aria-controls="td-docs-nav" aria-expanded="false" aria-label="Toggle section navigation">
</button>
</form>
<nav class="collapse td-sidebar-nav pt-2 pl-4" id="td-section-nav">
<div class="nav-item dropdown d-block d-lg-none">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
简体中文
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="/kustomize/guides/plugins/gopluginguidedexample/">English</a>
</div>
</div>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/zh/guides/" class="align-left pl-0 pr-2 td-sidebar-link td-sidebar-link__section">指南</a>
</li>
<ul>
<li class="collapse show" id="kustomizezhguides">
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/zh/guides/bespoke/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">配置定制Bespoke configuration</a>
</li>
<ul>
<li class="collapse " id="kustomizezhguidesbespoke">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/zh/guides/offtheshelf/" class="align-left pl-0 pr-2 collapsed td-sidebar-link td-sidebar-link__section">通用配置Off-the-shelf configuration</a>
</li>
<ul>
<li class="collapse " id="kustomizezhguidesofftheshelf">
</li>
</ul>
</ul>
<ul class="td-sidebar-nav__section pr-md-3">
<li class="td-sidebar-nav__section-title">
<a href="/kustomize/zh/guides/plugins/" class="align-left pl-0 pr-2 active td-sidebar-link td-sidebar-link__section">Kustomize 插件</a>
</li>
<ul>
<li class="collapse show" id="kustomizezhguidesplugins">
<a class="td-sidebar-link td-sidebar-link__page " id="m-kustomizezhguidespluginsbuiltins" href="/kustomize/zh/guides/plugins/builtins/">内置插件</a>
<a class="td-sidebar-link td-sidebar-link__page " id="m-kustomizezhguidespluginsexecpluginguidedexample" href="/kustomize/zh/guides/plugins/execpluginguidedexample/">Exec 插件示例</a>
<a class="td-sidebar-link td-sidebar-link__page " id="m-kustomizezhguidespluginsgoplugincaveats" href="/kustomize/zh/guides/plugins/goplugincaveats/">Go 插件注意事项</a>
<a class="td-sidebar-link td-sidebar-link__page active" id="m-kustomizezhguidespluginsgopluginguidedexample" href="/kustomize/zh/guides/plugins/gopluginguidedexample/">Go 插件示例</a>
</li>
</ul>
</ul>
</li>
</ul>
</ul>
</nav>
</div>
</div>
<div class="d-none d-xl-block col-xl-2 td-toc d-print-none">
<div class="td-page-meta ml-2 pb-1 pt-2 mb-0">
<a href="https://github.com/kubernetes-sigs/kustomize/edit/master/site/content/zh/guides/plugins/goPluginGuidedExample.md" target="_blank"><i class="fa fa-edit fa-fw"></i> 编辑此页</a>
<a href="https://github.com/kubernetes-sigs/kustomize/issues/new?title=Go%20%e6%8f%92%e4%bb%b6%e7%a4%ba%e4%be%8b" target="_blank"><i class="fab fa-github fa-fw"></i> 提交文档问题</a>
<a href="https://github.com/kubernetes-sigs/kustomize/issues/new" target="_blank"><i class="fas fa-tasks fa-fw"></i> 提交项目问题</a>
</div>
<nav id="TableOfContents">
<ul>
<li>
<ul>
<li></li>
</ul>
</li>
<li><a href="#创建一个工作空间目录">创建一个工作空间/目录</a></li>
<li><a href="#安装-kustomize">安装 kustomize</a></li>
<li><a href="#为插件创建目录">为插件创建目录</a>
<ul>
<li><a href="#使用什么-apiversion-和-kind">使用什么 apiVersion 和 kind</a></li>
<li><a href="#定义插件的主目录">定义插件的主目录</a></li>
<li><a href="#下载-sopsencodedsecrets-插件">下载 SopsEncodedSecrets 插件</a></li>
<li><a href="#尝试测试插件">尝试测试插件</a></li>
</ul>
</li>
<li><a href="#编写-kustomization">编写 kustomization</a>
<ul>
<li><a href="#确保您已安装加密工具">确保您已安装加密工具</a></li>
<li><a href="#安装-sops">安装 <code>sops</code></a></li>
<li><a href="#用你的私钥创建加密数据">用你的私钥创建加密数据</a></li>
</ul>
</li>
<li><a href="#使用插件构建您的应用">使用插件构建您的应用</a></li>
</ul>
</nav>
</div>
<main class="col-12 col-md-9 col-xl-8 pl-md-5" role="main">
<nav aria-label="breadcrumb" class="d-none d-md-block d-print-none">
<ol class="breadcrumb spb-1">
<li class="breadcrumb-item" >
<a href="https://kubernetes-sigs.github.io/kustomize/zh/guides/">指南</a>
</li>
<li class="breadcrumb-item" >
<a href="https://kubernetes-sigs.github.io/kustomize/zh/guides/plugins/">Kustomize 插件</a>
</li>
<li class="breadcrumb-item active" aria-current="page">
<a href="https://kubernetes-sigs.github.io/kustomize/zh/guides/plugins/gopluginguidedexample/">Go 插件示例</a>
</li>
</ol>
</nav >
<div class="td-content">
<h1>Go 插件示例</h1>
<div class="lead">Go 插件示例</div>
<p>本教程只是一个快速开始的示例,完整的插件文档请看:<a href="..">kustomize 插件</a></p>
<p>请务必阅读 <a href="../goplugincaveats">Go 插件注意事项</a></p>
<p>该示例使用 Go 插件 <code>SopsEncodedSecrets</code>,该插件位于 <a href="https://github.com/monopole/sopsencodedsecrets">sopsencodedsecrets repository</a>中。这是一个进程内的 Go 插件,而不是恰巧用 Go 编写的 exec 插件(这是 Go 作者的另一种选择)。</p>
<p>尝试本教程不会破坏你的当前设置。</p>
<h4 id="环境要求">环境要求</h4>
<ul>
<li><code>linux</code></li>
<li><code>git</code></li>
<li><code>curl</code></li>
<li><code>Go 1.13</code></li>
</ul>
<p>用于加密</p>
<ul>
<li>gpg</li>
</ul>
<p></p>
<ul>
<li>Google cloud (gcloud) 安装</li>
<li>具有 KMS 权限的 Google帐户</li>
</ul>
<h2 id="创建一个工作空间目录">创建一个工作空间/目录</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#8f5902;font-style:italic"># 将这些目录分开,以免造成 DEMO 目录的混乱。</span>
<span style="color:#000">DEMO</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>mktemp -d<span style="color:#204a87;font-weight:bold">)</span>
<span style="color:#000">tmpGoPath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span>mktemp -d<span style="color:#204a87;font-weight:bold">)</span>
</code></pre></div><h2 id="安装-kustomize">安装 kustomize</h2>
<p>需要安装 kustomize v3.0.0,并且必须对其进行 <em>编译</em>(而不是从 release 页面下载二进制文件):</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">GOPATH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$tmpGoPath</span> go install sigs.k8s.io/kustomize/kustomize
</code></pre></div><h2 id="为插件创建目录">为插件创建目录</h2>
<p>kustomize 插件完全由其配置文件和源代码确定。</p>
<p>Kustomize 插件的配置文件的格式与 kubernetes 资源对象相同,这就意味着在配置文件中 <code>apiVersion</code><code>kind</code><code>metadata</code> 都是<a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields">必须的字段</a></p>
<p>因为配置文件名出现在 kustomization 文件的 <code>generatorsor</code><code>transformers</code> 字段中kustomize 会读取配置文件,然后在以下位置找到 Go 插件的目标代码:</p>
<blockquote>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">$XDG_CONFIG_HOME</span>/kustomize/plugin/<span style="color:#000">$apiVersion</span>/<span style="color:#000">$lKind</span>/<span style="color:#000">$kind</span>.so
</code></pre></div></blockquote>
<p><code>lKind</code> 必须是小写字母的,然后将插件加载并提供其配置,插件的输出将成为整个 <code>kustomize build</code> 程序的一部分 。</p>
<p>同一插件在一个 kustomize 构建中可能会多次使用不同的配置文件。此外kustomize 可能会先自定义 config 数据,然后再发送给插件。由于这些原因,插件不能自己去读取配置文件,而需要通过 kustomize 来读取配置。</p>
<p>该示例将在如下临时目录中存放其使用的插件:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">PLUGIN_ROOT</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$DEMO</span>/kustomize/plugin
</code></pre></div><p>并在下面的命令行中临时设置 <code>XDG_CONFIG_HOME</code></p>
<h3 id="使用什么-apiversion-和-kind">使用什么 apiVersion 和 kind</h3>
<p>在 kustomize 插件的开发时,插件代码不关心也不知道配置文件中的 <code>apiVersion</code><code>kind</code></p>
<p>插件会检查这些字段,但是剩下的字段提供了实际的配置数据,在这一点上,成功解析其他字段对于插件很重要。</p>
<p>本示例使用一个名为 <em>SopsEncodedSecrets</em> 的插件,其位于 <a href="https://github.com/monopole/sopsencodedsecrets">SopsEncodedSecrets repository</a> 中。</p>
<p>我们选择安装插件到</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">apiVersion</span><span style="color:#ce5c00;font-weight:bold">=</span>mygenerators
<span style="color:#000">kind</span><span style="color:#ce5c00;font-weight:bold">=</span>SopsEncodedSecrets
</code></pre></div><h3 id="定义插件的主目录">定义插件的主目录</h3>
<p>按照惯例,存放插件代码和补充数据,测试,文档等的目录名称必须是 kind 的小写形式。</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">lKind</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#204a87">echo</span> <span style="color:#000">$kind</span> <span style="color:#000;font-weight:bold">|</span> awk <span style="color:#4e9a06">&#39;{print tolower($0)}&#39;</span><span style="color:#204a87;font-weight:bold">)</span>
</code></pre></div><h3 id="下载-sopsencodedsecrets-插件">下载 SopsEncodedSecrets 插件</h3>
<p>在这种情况下,存储库名称已经与小写字母的 kind 匹配,因此我们只需克隆存储库并自动获取正确的目录名称即可:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">mkdir -p <span style="color:#000">$PLUGIN_ROOT</span>/<span style="color:#4e9a06">${</span><span style="color:#000">apiVersion</span><span style="color:#4e9a06">}</span>
<span style="color:#204a87">cd</span> <span style="color:#000">$PLUGIN_ROOT</span>/<span style="color:#4e9a06">${</span><span style="color:#000">apiVersion</span><span style="color:#4e9a06">}</span>
git clone git@github.com:monopole/sopsencodedsecrets.git
</code></pre></div><p>记住这个目录:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">MY_PLUGIN_DIR</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$PLUGIN_ROOT</span>/<span style="color:#4e9a06">${</span><span style="color:#000">apiVersion</span><span style="color:#4e9a06">}</span>/<span style="color:#4e9a06">${</span><span style="color:#000">lKind</span><span style="color:#4e9a06">}</span>
</code></pre></div><h3 id="尝试测试插件">尝试测试插件</h3>
<p>插件可能会自己带有测试文件。因此可以通过如下方式:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">cd</span> <span style="color:#000">$MY_PLUGIN_DIR</span>
go <span style="color:#204a87">test</span> SopsEncodedSecrets_test.go
</code></pre></div><p>构建对象代码以供 kustomize 使用:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#204a87">cd</span> <span style="color:#000">$MY_PLUGIN_DIR</span>
<span style="color:#000">GOPATH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$tmpGoPath</span> go build -buildmode plugin -o <span style="color:#4e9a06">${</span><span style="color:#000">kind</span><span style="color:#4e9a06">}</span>.so <span style="color:#4e9a06">${</span><span style="color:#000">kind</span><span style="color:#4e9a06">}</span>.go
</code></pre></div><p>此步骤可能会成功,但是由于依赖关系 <a href="/docs/plugins/README.md#caveats">skew</a>kustomize 最终可能无法加载该插件。</p>
<p>在加载失败时</p>
<ul>
<li>
<p>确保使用相同版本的Go (<em>go1.13</em>),在相同的 <code>$GOOS</code>(<em>linux</em>)和 <code>$GOARCH</code>(<em>amd64</em>) 上构建插件,用于构建本演示中使用的 <a href="#%E5%AE%89%E8%A3%85-kustomize">kustomize</a></p>
</li>
<li>
<p>修改插件中的依赖文件 <code>go.mod</code> 以匹配 kustomize 使用的版本。</p>
</li>
</ul>
<p>缺乏工具和元数据来实现自动化,就不会有一个完整的 Go 插件生态。</p>
<p>Kustomize 采用了 Go 插件架构,可以轻松的接受新的生成器和转换器(只需编写一个插件),并确保本机操作(也已作为插件构建和测试)是分段的、可排序的和可重用的,而不是奇怪的插入在整体代码中。</p>
<h2 id="编写-kustomization">编写 kustomization</h2>
<p>新建一个 kustomization 目录存放你的配置:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">MYAPP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$DEMO</span>/myapp
mkdir -p <span style="color:#000">$MYAPP</span>
</code></pre></div><p>为 SopsEncodedSecrets 插件编写一个配置文件。</p>
<p>插件可以通过 <code>apiVersion</code><code>kind</code> 找到:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF &gt;$MYAPP/secGenerator.yaml
</span><span style="color:#4e9a06">apiVersion: ${apiVersion}
</span><span style="color:#4e9a06">kind: ${kind}
</span><span style="color:#4e9a06">metadata:
</span><span style="color:#4e9a06"> name: mySecretGenerator
</span><span style="color:#4e9a06">name: forbiddenValues
</span><span style="color:#4e9a06">namespace: production
</span><span style="color:#4e9a06">file: myEncryptedData.yaml
</span><span style="color:#4e9a06">keys:
</span><span style="color:#4e9a06">- ROCKET
</span><span style="color:#4e9a06">- CAR
</span><span style="color:#4e9a06">EOF</span>
</code></pre></div><p>插件可以在 <code>myEncryptedData.yaml</code> 中找到更多的数据。</p>
<p>编写一个引用插件配置的 kustomization 文件:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF &gt;$MYAPP/kustomization.yaml
</span><span style="color:#4e9a06">commonLabels:
</span><span style="color:#4e9a06"> app: hello
</span><span style="color:#4e9a06">generators:
</span><span style="color:#4e9a06">- secGenerator.yaml
</span><span style="color:#4e9a06">EOF</span>
</code></pre></div><p>接下来生成真实的加密数据。</p>
<h3 id="确保您已安装加密工具">确保您已安装加密工具</h3>
<p>我们将使用 <a href="https://github.com/mozilla/sops">sops</a> 对文件进行编码。选择 GPG 或 Google Cloud KMS 作为加密提供者以继续。</p>
<h4 id="gpg">GPG</h4>
<p>尝试这个命令:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gpg --list-keys
</code></pre></div><p>如果返回 list则您已经成功创建了密钥。如果不是请尝试从 sops 导入测试密钥。</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">curl https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc <span style="color:#000;font-weight:bold">|</span> gpg --import
<span style="color:#000">SOPS_PGP_FP</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A&#34;</span>
</code></pre></div><h4 id="google-cloude-kms">Google Cloude KMS</h4>
<p>尝试这个命令:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud kms keys list --location global --keyring sops
</code></pre></div><p>如果成功了,想必你已经创建了密钥,并将其放置在一个名为 sops 的钥匙圈中。如果没有,那就这样做:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">gcloud kms keyrings create sops --location global
gcloud kms keys create sops-key --location global <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> --keyring sops --purpose encryption
</code></pre></div><p>通过如下方法,获取你的 keyLocation</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">keyLocation</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87;font-weight:bold">$(</span><span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> gcloud kms keys list --location global --keyring sops <span style="color:#000;font-weight:bold">|</span><span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> grep GOOGLE <span style="color:#000;font-weight:bold">|</span> cut -d <span style="color:#4e9a06">&#34; &#34;</span> -f1<span style="color:#204a87;font-weight:bold">)</span>
<span style="color:#204a87">echo</span> <span style="color:#000">$keyLocation</span>
</code></pre></div><h3 id="安装-sops">安装 <code>sops</code></h3>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">GOPATH</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$tmpGoPath</span> go install go.mozilla.org/sops/cmd/sops
</code></pre></div><h3 id="用你的私钥创建加密数据">用你的私钥创建加密数据</h3>
<p>创建需要加密的原始数据:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">cat <span style="color:#4e9a06">&lt;&lt;EOF &gt;$MYAPP/myClearData.yaml
</span><span style="color:#4e9a06">VEGETABLE: carrot
</span><span style="color:#4e9a06">ROCKET: saturn-v
</span><span style="color:#4e9a06">FRUIT: apple
</span><span style="color:#4e9a06">CAR: dymaxion
</span><span style="color:#4e9a06">EOF</span>
</code></pre></div><p>将数据加密插入到插件要读取的文件中:</p>
<p>使用 PGP</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">$tmpGoPath</span>/bin/sops --encrypt <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> --pgp <span style="color:#000">$SOPS_PGP_FP</span> <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> <span style="color:#000">$MYAPP</span>/myClearData.yaml &gt;<span style="color:#000">$MYAPP</span>/myEncryptedData.yaml
</code></pre></div><p>或者使用 GCP KMS</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">$tmpGoPath</span>/bin/sops --encrypt <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> --gcp-kms <span style="color:#000">$keyLocation</span> <span style="color:#4e9a06">\
</span><span style="color:#4e9a06"></span> <span style="color:#000">$MYAPP</span>/myClearData.yaml &gt;<span style="color:#000">$MYAPP</span>/myEncryptedData.yaml
</code></pre></div><p>查看文件</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">tree <span style="color:#000">$DEMO</span>
</code></pre></div><p>结果如下:</p>
<blockquote>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell">/tmp/tmp.0kIE9VclPt
├── kustomize
│   └── plugin
│   └── mygenerators
│   └── sopsencodedsecrets
│   ├── go.mod
│   ├── go.sum
│   ├── LICENSE
│   ├── README.md
│   ├── SopsEncodedSecrets.go
│   ├── SopsEncodedSecrets.so
│   └── SopsEncodedSecrets_test.go
└── myapp
├── kustomization.yaml
├── myClearData.yaml
├── myEncryptedData.yaml
└── secGenerator.yaml
</code></pre></div></blockquote>
<h2 id="使用插件构建您的应用">使用插件构建您的应用</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-shell" data-lang="shell"><span style="color:#000">XDG_CONFIG_HOME</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$DEMO</span> <span style="color:#000">$tmpGoPath</span>/bin/kustomize build --enable_alpha_plugins <span style="color:#000">$MYAPP</span>
</code></pre></div><p>这将生成一个 kubernetes secret并对名称 <code>ROCKET</code><code>CAR</code> 的数据进行加密。</p>
<p>之前如果您已经设置了 <code>PLUGIN_ROOT=$HOME/.config/kustomize/plugin</code>,则无需在 <em>kustomize</em> 命令前使用 <code>XDG_CONFIG_HOME</code></p>
<div class="text-muted mt-5 pt-3 border-top">最后修改 2020年07月16日: <a href="https://github.com/kubernetes-sigs/kustomize/commit/f9ee578aed600136133c3232fff03029cdfc526e">Docs: Auto-fix markdownlint issues (f9ee578a)</a>
</div>
</div>
</main>
</div>
</div>
<footer class="bg-dark py-5 row d-print-none">
<div class="container-fluid mx-sm-5">
<div class="row">
<div class="col-6 col-sm-4 text-xs-center order-sm-2">
<ul class="list-inline mb-0">
<li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="User mailing list" aria-label="User mailing list">
<a class="text-white" target="_blank" href="https://groups.google.com/forum/#!forum/kubernetes-sig-cli">
<i class="fa fa-envelope"></i>
</a>
</li>
</ul>
</div>
<div class="col-6 col-sm-4 text-right text-xs-center order-sm-3">
<ul class="list-inline mb-0">
<li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="GitHub" aria-label="GitHub">
<a class="text-white" target="_blank" href="https://github.com/kubernetes-sigs/kustomize">
<i class="fab fa-github"></i>
</a>
</li>
</ul>
</div>
<div class="col-12 col-sm-4 text-center py-2 order-sm-2">
<small class="text-white">&copy; 2020 Kubernetes Authors All Rights Reserved</small>
</div>
</div>
</div>
</footer>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js" integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy" crossorigin="anonymous"></script>
<script src="/kustomize/js/main.min.35b203b3c2114e187f6e4bbf0903c511aaaac5535186321e3b5e364656b6de0c.js" integrity="sha256-NbIDs8IRThh/bku/CQPFEaqqxVNRhjIeO142Rla23gw=" crossorigin="anonymous"></script>
<script src="https://kubernetes-sigs.github.io/kustomize//js/asciinema-player.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink