如何将自定义CICD变量传递到YML文件中

发布于 2025-02-05 01:50:42 字数 1680 浏览 3 评论 0原文

我在Gitlab CICD中很新。我创建了简单的nginx部署，包括名称空间，configmap，svc，部署 ConfigMap包含带有CICD变量的简单自定义索引。HTML：

apiVersion: v1
kind: ConfigMap
metadata:
  name: index-html-configmap
  namespace: lazzio
data:
  index.html: |
    <html>
    <h1>Welcomee</h1>
    </br>
    <h1>Hi! This is a configmap Index file for test-tepl+ingress </h1>
    <h2> and this ---> $PW_TEST  <--- is a password from gitlab cicd variable</h2>
    </html>

自定义变量PW_Test在UI中的CICD/变量部分下设置了无保护分支

#pipeline :
stages:
    - build
variables:
  ENV_NAME:
    value: "int"
1st-build:
  environment: 
    name: ${ENV_NAME}
  variables:
    PW_TEST: $PW_TEST
  image: alpine
  stage: build
  before_script:
    - apk add bash
    - apk add curl
  script:
    - echo $PW_TEST
    - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
    - install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f nm.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f index.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f depl.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f svc.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f test_ingress_int.yml

，但是当我登录群集并制作一个curl时，我获得了与index.yml中定义的相同的索引文件。

我知道这是索引中的一个愚蠢的无用变量，但是我只是在测试是否将变量作为CICD中的自定义变量传递到K3S上的部署中。在另一个管道中安装，例如。任何数据库或K3S群集都可以通过可安装的密码或其他秘密，因此我想在GitLab存储库中的文件中使用CICD变量，而不是清晰的文本秘密。

感谢您的提示。

原文

I'm quite new in GitLab cicd.
I have created simple nginx deployment including namespace,configmap,svc,deployment
configmap contains simple custom index.html with cicd variable:

apiVersion: v1
kind: ConfigMap
metadata:
  name: index-html-configmap
  namespace: lazzio
data:
  index.html: |
    <html>
    <h1>Welcomee</h1>
    </br>
    <h1>Hi! This is a configmap Index file for test-tepl+ingress </h1>
    <h2> and this ---> $PW_TEST  <--- is a password from gitlab cicd variable</h2>
    </html>

custom variable PW_TEST is set under cicd/variables section in UI without protected branch

#pipeline :
stages:
    - build
variables:
  ENV_NAME:
    value: "int"
1st-build:
  environment: 
    name: ${ENV_NAME}
  variables:
    PW_TEST: $PW_TEST
  image: alpine
  stage: build
  before_script:
    - apk add bash
    - apk add curl
  script:
    - echo $PW_TEST
    - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
    - install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f nm.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f index.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f depl.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f svc.yml
    - kubectl --kubeconfig $CONF_INT_JK --insecure-skip-tls-verify apply -f test_ingress_int.yml

but when i log into the cluster and make a curl i got same index file as defined within the index.yml.

I know its a stupid useless variable in index, but I'm just testing if variable is passing stored as a custom variable in cicd into the deployments on k3s.
within another pipeline where is installing eg. any database or k3s cluster via ansible where password or other secrets are needed, so i want to use cicd variables instead of clear text secrets in a files within GitLab repository.

Thanks for any hint.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

﹏雨一样淡蓝的深情 2025-02-12 01:50:42

实际上，您有几种方法可以做到。

亲自喜欢 envsubst ，它易于实现，并且重量很小。但是您必须安装它（例如，在GitLab Runner中）以避免每次运行时下载它。
也有使用ShellScript的精美/简单解决方案，基本上只需用VAR的值替换字符串即可。不利的是，您必须自己编写Sanitychecks。
```
  sed“ s/\ $ {py_version}/$ {py_version}/g; s/\ $ {jq_version}/$ {jq_version}/g”＆gt; “ $ {file} .yaml”  
```
在复杂的动态部署（如果有大量变量）中，您可以使用Helm提取带有选项调试的变量。不利的是，您基本上在一个文件中都在一个文件中都有所有清单的声明。
```
  helm-值ci-Variables/api-variables.yaml
     -Debug模板./deployment/api-name＆gt; apply_file.yaml  
```

you have actually few ways to do it.

Personally like envsubst, it's easy to implement and has a little weight. But you have to install it (in e.g. gitlab runner) to avoid downloading it each time pipeline runs.
There is also nice/simple solution using shellscript to basically just replace string with var's value. Disadvantage here is you have to write SanityChecks on your own.
```
    sed "s/\${PY_VERSION}/${PY_VERSION}/g; s/\${JQ_VERSION}/${JQ_VERSION}/g" "${FILE}yaml.in" > "${FILE}.yaml"  
```
In complicated dynamic deployments(if you have huge amount of variables) you can use helm to extract variables with option debug. Disadvantage here is you have basically all manifest's declarations in one file in the end.
```
helm --values ci-variables/api-variables.yaml
     --debug template ./deployment/api-name > apply_file.yaml
```