侧边栏壁纸
博主头像
孔子说JAVA博主等级

成功只是一只沦落在鸡窝里的鹰,成功永远属于自信且有毅力的人!

  • 累计撰写 297 篇文章
  • 累计创建 134 个标签
  • 累计收到 4 条评论

目 录CONTENT

文章目录

Helm3入门教程-12:模板函数4-密码安全及编码解码函数

孔子说JAVA
2022-04-22 / 0 评论 / 1 点赞 / 207 阅读 / 13,667 字 / 正在检测是否收录...

Helm3入门教程全系列,26小时轻松掌握Helm

Helm 包含了很多可以在模板中利用的模板函数。包括密码安全、日期、字典、逻辑与流程控制、列表、正则表达式、字符串、类型转换、统一资源定位等17大类的模板函数,本节主要介绍密码安全函数(Cryptographic and Security)及编码解码函数(Encoding)。

1、密码与安全函数(Cryptographic and Security)

Helm提供了一些高级的加密函数。包括了adler32sum, buildCustomCert, decryptAES, derivePassword, encryptAES, genCA, genPrivateKey, genSelfSignedCert, genSignedCert, htpasswd, sha1sumsha256sum

1.1 sha1sum

sha1sum函数接收一个字符串,并计算它的SHA1摘要。

  • 语法:sha1sum .Arg1
sha1sum "Hello world!"

1.2 sha256sum

sha256sum 函数接收一个字符串,并计算它的SHA256摘要。

  • 语法:sha256sum .Arg1
sha256sum "Hello world!"

上述语句会以“ASCII包装”格式计算SHA 256 校验和,并安全打印出来。

templates/sha256sum.yaml 文件内容

sha256sum: {{ sha256sum "jicki" }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/sha256sum.yaml
---
# Source: myapp/templates/sha256sum.yaml
sha256sum: 57a4bffd5916cd9fded9ad94a76de152e56eb0bf9e34c94f5ea48f8cbd4f866a

1.3 adler32sum

adler32sum函数接收一个字符串,并计算它的Adler-32校验和。

  • 语法:adler32sum .Arg1
adler32sum "Hello world!"

1.4 htpasswd

htpasswd 函数使用username 和 password 生成一个密码的bcrypt哈希值。该结果可用于 Apache HTTP Server 的基础认证。

  • 语法:htpasswd .Arg1 .Arg2
  • 注意,将密码直接存储在模板中并不安全。
htpasswd "myUser" "myPassword"

1.5 derivePassword

derivePassword 函数可用于基于某些共享的“主密码”约束得到特定密码(生成一个指定类型的密码)。

  • 语法:derivePassword .Arg1 .Arg2 .Arg3 .Arg4
  • 注意,将这部分直接存储在模板中并不安全。
derivePassword 1 "long" "password" "user" "example.com"

templates/derivePassword.yaml 文件内容

derivePassword: {{ derivePassword 20 "medium" "123456" "jicki" "jicki.cn" }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/derivePassword.yaml
---
# Source: myapp/templates/derivePassword.yaml
derivePassword: Foy3$Xox

1.6 genPrivateKey

genPrivateKey 函数生成一个编码成PEM块的新私钥(获取 Private Key 私钥密文)。第一个参数会采用以下某个值:

  • ecdsa: 生成椭圆曲线 DSA key (P256)
  • dsa: 生成 DSA key (L2048N256)
  • rsa: 生成 RSA 4096 key

templates/genPrivateKey.yaml 文件内容

{{ $key := genPrivateKey "rsa" }}
key: {{ replace "\n" "" $key }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/genPrivateKey.yaml
---
# Source: myapp/templates/genPrivateKey.yaml
key: -----BEGIN RSA PRIVATE KEY-----MIIJKQIBAAKCAgEAlUtM9IynuPTCfl9j10ENjFligj6sLV9TyU0dMcKWMyaUBx38XQkqEDDtkjtELxHZLcGaO4NXQ8Vim/eVW8XUURM68MEG3uobgm0xNSU4QNOEjXWMLBFftXA5pjN3cp7qDJxGLafLOz85ibVBVc+vB718SKeDCDj9zaHvyTw2NakgRDNaaDcs1uvY5r2ip7yBFVXFsDAV0vBkJ+NI7ldtTwtnGw9056mggVdYH5DKLs9WasrOEHiQltxlhT2QAVbd4goMMPGZGJIAD0/WAvx184KEt7zRhphwMBINFN3h0JkxcHxSYNBbbrb3zClyehNVpnD1/yxiRIat4LStvpN6NKv3GI9dee67iPLsGZRV9Bp8GrsHfO0LmCXzn68lzq/OlcgLJzAHsA6ka3hrqQpZPW35FSZ+DWVeQ8pQOAIaYaghSJWr+/C4J70F8Fa5N/JgrcFlTNqodfl10Z9AQ0SjU91RylVsGtw9/vkqCvSzOoL3nDFAiwbxIiptAJA1NTJr+K6+H2S/2PNXsCp7EMYTvlEyPiSp553I51E7n+zRloKFVc9CBxImF5wm2M/hOD8IOi9uxx4KFhEt9aywBjyi7tbP9i6RC5Om6iBNSTZ9rmeKI/WTfJgvK8CwtSExnleohe6f0nPNfmIR/skP4n233kqK4lhdQxLZU68XVMQ29RECAwEAAQKCAgEAgVrNQtbcPBVWr8hW6Zsj8gdAozlKVcXTAwgd04+WNJuohsIkdzgJih3aumk/mskMM+kbiZUzdzT/S8QpVWsDm3veBdw558tQKqIRkMq/AuxCXY8L9OLY2oxyZt8RD+9BO8vrwoMwRBVz9S1nfsKEFWDI3urFTcqTnihBa0sQbU4s9urH2qRz5YRUWxjUZiGedq3qq83+GtbO8QCtoFWAEI0AuSGbWV5QA8F6SV9az1Q2vDEceoj8PrqX++pra72oYsHx7jZnQDLAeoPiGpREXskn1Ut0//n0urHpQ7s8fVE+1QfjGJ9vmW5PJkaDOeKmw5/8hSwfuOA4qAnkwMtnhgjoWX7J9gU2t28MEidWzhLyvCvKRJVSwzbmX5M2RbugnBAEQztQqoTfSQMg9XxIbKTXhnn/eQKBpuExLV+/P+hDenVtweTGfP2gnnoN1DXFXNUUs2U2PxAEmeqbOeQ0X2CSnnglweWRwvFiM5QK5dkwjpNSZApAWUn6Ip9/DV3DA2XHoGF9C5KWrMatDBrIq+a9E6BSe9/hRuwpeVzjoB4uuuAcT3guadmf6snkyHdhtbMH3JSGXFws2P6FmCEX9gNJebiOMvrIIlN46U8eTsfJEskV9MW37mtYX9D5n3Zm2zAfzetUHUZGuB6trtOmSMANwt9K03cCBPaF09PGjUECggEBAMCLnMeLQ/IoOnw+p5xPzitV92z5w7YA64EzcGcS02w1x2W2rP/VwF0VA06Cie7LyRZGTzONLUMxuIfw27mj1YXszQ9cOY8VACuWi/x9Ui4RlM/Qtsq+LEsRvdSt63ad9lKpOzlL+0Pdc/SyDrHC0nJuFsbpQ85kWAbeQWMdiWBtDunA6s00Jc/KBHLge8xxwFiXwU5Nq7uo5nXG/qGWd6TOCHldGS08+fTSEOrG0cgM7HE17VsYPYyy2fAYG1yY4bNySMV7w1bis3mvqgdTfasYARAyp9kXcO7crHy2//A7uKUk5y9RfUE8Tm05gvh40G+wZNYiJk0sHypRT7V9dccCggEBAMZ+u3EaCJ5ialpitcIsI0sdae4D+94kBtafn58cwFKk484F6OoQcLbtC4i4dwzYyw8Kpv8/tA0inpP9oHHPfSsP5hjZSK5+SWFC1NTy6CGIpdguxLAByK3eliOh+b7z9xcqHTxHGiJZ3lEfdLIH4JSVddEyvueY0eH5KITe6qmZfStwvBa6T5jU3nBKylF4H/LK15emL/h/w+qaCsu2oDFAUF7ObPjmp3arZIYIpRfvxothGkPCz6I69XR3f/GjqZ20ruqGsgQXikXVrwRtf/uZVDmpjP5eQdZ8fHIo494zFp1ktfuxaooz+VU/RAglB8RkCOIIrdLHsjU7+5CW3mcCggEBAJ1W+OyOvx05BmHVCT5QcJc1DpU8nFMz+T6A/E8eMSpx39kcJ85/q0vlCeiz/2blnBLZrYrgyKXqEXL0vXi7ipZ/5SmyIU7syFDWGtpexjLjJwmS8mxGbweBHfCXlpw9hLYTmFO/5TmV01WX0y4rl7DuiSpOH5yentgt8py93C6xr8gQX08EWAmueWguTLvKEHXUvJ/yFG2rHXgM/rKotGg1/PK/wv0WoOMQbcaMZYzmEqiIesc/zbwVwsXRzTojq/vpXdISypNLeYHsrDKEZWLUoLnNyx85ao2mQkU/fXGgO8inmUsvef0+/I+Auae1gg5ixGO/UDEr5uO7wjj6pq0CggEAOeQ4cvIu1VLKxfXIIQuSd5PqkzqiONW1EN+ZRGS0SuZAcpQSrEGDPjbAiG2UezC3eHmY3xULRFF2gp8ULl1fmjGW4GRu6EV4zV8ah8kYnr8l73kkcFj02JD0pQvWtTSeOilUQYJTQvWG+437EPlvLKayqALu3skZXZi3kpkZQ8G6WfMVSGOqV16uSX3mqAArATrbyiT0FLvevguTXnqzGeoyBpSZ/7X13Yx7UwQucl7CP2BgsqacvCoJ8J/xtt4O2CocYdZLERp0f42k79un2g+MGw0yS/XdqdrAyOLYIrQvwlPfJ7tE4W3rKEu9Ycq7CzJJzPLPD4yikxgddLwrvQKCAQBPDvnNlO9qyeVCJdGJyvQ9/rvhttUuTDIQhpA/hYOPQjnJUtvQUy5Q1JMdwdv4Kos/sqk54N1H6YL+cLbsW1oEMveFWW5n16A/v07FYlOGGouAmJuZQfiGO7bbyxeNr302zkWicZiFkqc9ppCWmyYFG/BSJtk1HPPc2UoumCqIAYKvV7iUyHoig2e924Dt9wAWBhVb7Xt6/dTO9voC8WpwLgEuQhJR4+SyCLSMFJlBEpmQOStUbBR0lfGZf1bFFf0KyUxq1Xjol3qgpMWmZqt85JItWSdImyGBR9a9dn6R5aJqijm7bNMqf7daixblVkCFFGSRp4tJWU3Ul8CKwEjT-----END RSA PRIVATE KEY-----

1.7 buildCustomCert

buildCustomCert 函数允许自定义证书。会采用以下字符串参数:

  • base64 编码PEM格式证书
  • base64 编码PEM格式私钥

返回包含以下属性的整数对象:

  • Cert:PEM编码证书
  • Key: PEM编码私钥
$ca := buildCustomCert "base64-encoded-ca-crt" "base64-encoded-ca-key"

注意返回的对象可以使用这个CA传递给genSignedCert函数进行签名。

1.8 genCA

genCA 函数生成一个新的,自签名的x509 机构证书(生成一个 CA 证书)。会采用以下参数:

  • 主体通用名 (cn)
  • 证书有效期(天)

返回一个包含以下属性的对象:

  • Cert: PEM编码证书
  • Key: PEM编码私钥
$ca := genCA "foo-ca" 365

注意返回的对象可以使用这个CA传递给genSignedCert函数进行签名。

templates/genCA.yaml 文件内容

{{ $ca := genCA "jicki CA" 365 }}
ca.crt: {{ $ca.Cert | b64enc |quote }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/genCA.yaml
---
# Source: myapp/templates/genCA.yaml
ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4ekNDQWR1Z0F3SUJBZ0lSQVB2bkxzRng0V0Jwb3ppSWtXMXhpbzR3RFFZSktvWklodmNOQVFFTEJRQXcKRXpFUk1BOEdBMVVFQXhNSWFtbGphMmtnUTBFd0hoY05NakF3T0RJMk1UQXhPVEF5V2hjTk1qRXdPREkyTVRBeApPVEF5V2pBVE1SRXdEd1lEVlFRREV3aHFhV05yYVNCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFMbUM0Yk45VFRPTi9TdGZqL0hyRGZsamw4N2M2QUxSRGJtV0VqalNaaVliZ0hkaCt5UXoKRnM4dG5PQXpQM255WTBHdmgveGZFeGhMY25Hb0dxd2pQVXhEb2VxdmRmNmE5UFB0THdkZmxrQ3A5UzRNSTd0QgpGbXBMTVNxTW1BcVRSUEY2ck1QNVI5VStQRGI4WHVkcHVLVjcrSHV4aE1DaGRpSjhibS9Fd3ovV2tNMUF5VFlmCnV4TVkxQU44aGlKMXZybXkrb0J6U0VFV1hHZmlUdTR4UGs3NmtncmpjU1BDNlJXVjh3NXdlZStNYURtbnRLMWIKTGs1dWdvb2wvQjlvRHJIdG43OEpRUXExM0xZRkE1TlIzVHVDREFzcjgvSk9kUm8zSE12ZmxlQUI5aDFrdzZ5eQo1ak9xajFHcTNSbUIwOG1SeWJVZ0V1c2VRczVqbmhYck9JVUNBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFECkFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTRmbW91aCtRYlBMbXQxdGhIY1lTZ2VuZS9GeDhBUm5Vegp5YTdHS00yVTErbVppMEtGcjVpcEFJNXdTWnBwN001UC8xZ0doeGk1TTVUQVlPZ1Q2OGtNNXVnTjUzeWI1WnhxCjFwMndocktMOTg1bTNzT25Ka0kxRWF4THZteGxsU0hyaFlVZldiTXJRNkYvaXpJSGNaYmtwSVNyZy81TzZLSXoKOU5Gc2ZBNmZQZVBPTGdpMUdtOE1Ua2xyWVoxUTBZb3YvMzI2SFlpSUd4bmZtOURZZTMydEZzNnRQSHFnOXk5RgpuaTlDWmh4SFpCalc1QmVoTWQ5ZHEwTWk1d2U4MWhFYk1TTC9NRy84NktuNzRwWDBEazV4Mnh0VHRtdlVpNzJwCkM4ZUJZWVN1bmx6TTlnRC9JQ2hBcUxvMmJKZE4rVTd3dHJTMndZYnBwRENRVHpUNDU5VUoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="

1.9 genSelfSignedCert

The genSelfSignedCert 函数生成一个新的,自签名的x509 证书。会采用下列参数:

  • 主体通用名 (cn)
  • 可选IP列表;可以为空
  • 可选备用DNS名称列表;可以为空
  • 证书有效期(天)

返回一个包含以下属性的对象:

  • Cert: PEM编码证书
  • Key: PEM编码私钥
$cert := genSelfSignedCert "foo.com" (list "10.0.0.1" "10.0.0.2") (list "bar.com" "bat.com") 365

1.10 genSignedCert

genSignedCert 通过指定的CA签名生成一个新的, x509证书(生成一个带签名的 证书)。会采用以下参数:

  • 主体通用名 (cn)
  • 可选IP列表;可以为空
  • 可选备用DNS名称列表;可以为空
  • 证书有效期(天)
  • CA (查看 genCA)
{{ $ca := genCA "jicki CA" 365 }}
{{ $cert := genSignedCert "jicki.cn" nil (list "jicki.cn" "www.jicki.cn") 365 $ca }}
tls.crt: {{ $cert.Cert | b64enc | quote }}

tls.key: {{ $cert.Key | b64enc | quote }}

templates/genSignedCert.yaml 文件内容

{{ $ca := genCA "jicki CA" 365 }}
ca.crt: {{ $ca.Cert | b64enc |quote }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/genSignedCert.yaml
---
# Source: myapp/templates/genSignedCert.yaml
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFakNDQWZxZ0F3SUJBZ0lRTVplNjRFbUlSK0NBVzYwbElQK2M4akFOQmdrcWhraUc5dzBCQVFzRkFEQVQKTVJFd0R3WURWUVFERXdocWFXTnJhU0JEUVRBZUZ3MHlNREE0TWpZeE1ESTFOVEZhRncweU1UQTRNall4TURJMQpOVEZhTUJNeEVUQVBCZ05WQkFNVENHcHBZMnRwTG1OdU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXRtL0YxUHVXYVdyczR3dEdYaGorTUVlcDZjQi91aDhDczE1SmJIVFJQc0Jac2cxM2NXdmgKV1JiSExCSHhza1FQR3NFZ1FxUTlIMVRiT0FobDJlYmdPc2hjN3czbjBhY202a3pWWDhnSDFXVkg3V0VOK1g5eQpWRG9sditPVTBJdGxDVzdTV0FKdDBIbUd4UGhxTWhZMVdVeGs2R2VUZmNkVGdKR054L0VmVjk2MjZYQTJ3QmxICnRMeGltQ1RGSVUyUDZZbEVscWxVZk5WU0g0YzZmUmhhSEhxeFhJQ04zZm8wTUw5aDg2VHRFNWVtMnJlalRMNmgKTGhsK2JkaG9sVG93Q1Y0QXhrWTB1cDkzUlN4aUNXYk1MTnM4c1RNRHArbzNNQmNFOXUyZU40VjRvTHY5VWtQRwpCdnM4V3QybHBLUjc3a0VqZ1luZEZ1YkdvSE41YWVhVVF3SURBUUFCbzJJd1lEQU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXcKSVFZRFZSMFJCQm93R0lJSWFtbGphMmt1WTI2Q0RIZDNkeTVxYVdOcmFTNWpiakFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQU1OR29uNGJBSGpicjFmRFVmTVRNRGZ6MDdvb29mSFNCWjhONWFZMjY1RnNKZnpWajFWWlU0cHdiClVoU2QzN21oclJabUpjNXZtbEJNZm1aamx0Qmc1ZzhGeGNVZXZvV3hscXFFWUtZcWQzaFZwUzB0OFBkU3Zsa2oKMFk4L3Q0ekxKRlBUV2dpL1Fwbi8vUGN4OGJIWEVHM1IvQWlWR0VaQ0dFb1pNUmpMQzJocGJsQXFGV3loYStCNgpVK1puMk16Q1lnZ3NyZTZsTk5pMW9yRWRJV2xBTE53KzZoaGxBUkFKc09iZklTYzBuaUN2ODB3TzAvQ2Y1dVl3CksxdXZqcHdPZG1VeFJDZmxlMEZ6eXI5RUNJSE1rcks4dE9GM29va0N4bW0zUm91OHVaYS9qVXIvakFHVWtuZ2IKNmE0NGE5eGw1dGNvbU1PdG1aZEZMV0hWemFjZk13PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="

tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdG0vRjFQdVdhV3JzNHd0R1hoaitNRWVwNmNCL3VoOENzMTVKYkhUUlBzQlpzZzEzCmNXdmhXUmJITEJIeHNrUVBHc0VnUXFROUgxVGJPQWhsMmViZ09zaGM3dzNuMGFjbTZrelZYOGdIMVdWSDdXRU4KK1g5eVZEb2x2K09VMEl0bENXN1NXQUp0MEhtR3hQaHFNaFkxV1V4azZHZVRmY2RUZ0pHTngvRWZWOTYyNlhBMgp3QmxIdEx4aW1DVEZJVTJQNllsRWxxbFVmTlZTSDRjNmZSaGFISHF4WElDTjNmbzBNTDloODZUdEU1ZW0ycmVqClRMNmhMaGwrYmRob2xUb3dDVjRBeGtZMHVwOTNSU3hpQ1diTUxOczhzVE1EcCtvM01CY0U5dTJlTjRWNG9MdjkKVWtQR0J2czhXdDJscEtSNzdrRWpnWW5kRnViR29ITjVhZWFVUXdJREFRQUJBb0lCQUZBQ2VSck5NOHdMenRSTQpMNUk1RjlHSXZHWDl2SWFkN3d0SFFLQkdJemFJR1U1VFJaMENtUlAvUDE1K2lDZU1YYXQ0STNQV244L0w0VkNUCnJrZUFUN3E0QUxuK3VUcGpPbGZyVm5EcFF6WTljdXdTY3BTSFpsYTJJYlFrVlRHWTBMandWMk90dlFkL0pMSGgKMklFYTZFNi9pRW04a3h6SWZFQ1lsVHVvN2Z3VXZISlZWUVpWb0hjV2hRcU00SktIZWlMRDQrV25jVkp1YlFqMwpGTXdySi9aN3dZN1NTL1dZc1dmRitLc2hjaVp1ZUc5YVNwZkJjdFZ5Y3pqdSs2OG5qMDJCaGFvZlQwME9NR0VTCkFNKzZHRDhOVXloeEtpTDZEWDBKcHNraXlYQ3kzR3BkTkpBa0ZpUWZuanlNL0pzQkd0N215Umg4YURGSm1PQkwKOEw5ZVp1RUNnWUVBeEwxemNlcXdza3A5TVYyY1BpajJka09hOHozYVZaOEtXTlN1UkJrY1I4QThiMG5qR25DMwpDaDQ3YkJDR3JEMGdxK00rcFBYdE9KSDRPdWJnWVcxdlloM2RVSkNIVnAwVmc1eVJlWG11ZkZ5VHZrZDcvYUZPCkE1aEkzU0czY2RIa0NndFNUN3NpQ1FVSUNKWlJxSElEMGtRYW9yaHM3MUk4eW00OWpoQ0xNVWtDZ1lFQTdXTmoKeW52SVFPK3lyVk9yU2hzcVhUc2pTaWQ5QzBpYkUrQXlOZ0tDUGpQemd2c0RaRGNEbEJoVUNhK25UTlBTcEVUcgpnQW80QzYrV3ZTV0NMMlV2VGcvVnp6RG96bDFueGIzYWQvYTEzeDA4OGoxSTZZWFExalJBb0xFRW9PY2lGdzNqCjBXdGdMRExWTTJqMHVSaWoyajRQYXFaVHpuMTdocExUR1FMMzVTc0NnWUFMUytGOEVnQ3hUQXVpTVFET3BPVjUKNXVuWHU1NTB1aHdLKzdOQjM3czY5M1BBNUJveEkzV3ZGQXRQYWllQmJrVVkrWVJZVG5LZmcrb2YzNi9VaUVjVAorQ2tEL2poM0phL2RqYmpnbzdiOEZ3aTRyVHdXVlJPNHF4N0w2NnF2MDJCbm56ekxyVEFJR296YWlWOEk3L3IrCk1NRGl4UG9rUjdHTDRnYVF5S3hsV1FLQmdDSjYwRERGMytWR3E0NHZXKzdNbVUrbldrM1lCSHFTRml4QjRTa2wKSGlQSXlmTFpZTG02bitOdjBTMEMvV3JVVFlFY25aUWdaOW1TckhOV3NsME45bHdCUXMzd1RiQkRzdUh1M0grVwpMdjUwTWJrQm04aUhiamplcUJCdkJid1ZOa2RnOWhraDNuc3MrdmlYb3d3TGZ5a2c0SDVlSUVnYXc4bGRKQm82CjZ5UzNBb0dBZGIvUFNyNzRHK3YxU0luNzlaMUJiWjBIbkY5RVNUMWVVL1UraXF4cWhZcU9IYzV3aVgySEM3MVUKbmhESk1OQmY0NVJOWUMwMG1FTTFMalRsUFhuQXFDSDJYdW9zTG9sbHNncDh1SkNOblZHQS92UWIxMmtLdWgvbgpBaGM0SithMnhtZWY0NTJ0TkFsWDVCUjhvZHlpTDNSMDZZa1ZadWFjSmJCY3JZZnpuaW89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=="

1.11 encryptAES

encryptAES 函数使用AES-256 CBC 加密文本并返回一个base64编码字符串。(需指定一个 偏引量如: “98765”)

  • 语法:encryptAES .Arg1 .Arg2
encryptAES "secretkey" "plaintext"

templates/encryptAES.yaml 文件内容

encryptAES: {{ encryptAES "98765" "jicki" }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/encryptAES.yaml
---
# Source: myapp/templates/encryptAES.yaml
encryptAES: Lj9RyzT4kG6Q7K+hRil1/4l8EL4rXPqGD3/CF1KSS70=

1.12 decryptAES

decryptAES函数接收一个AES-256 CBC编码的字符串并返回解密文本(解密 AES 加密过的字符串)。

"30tEfhuJSVRhpG97XCuWgz2okj7L8vQ1s6V9zVUPeDQ=" | decryptAES "secretkey"

templates/decryptAES.yaml 文件内容

decryptAES: |
        encryptAES: {{ encryptAES "98765" "jicki" }}
        decryptAES: {{ encryptAES "98765" "jicki" | decryptAES "98765" }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/decryptAES.yaml
---
# Source: myapp/templates/decryptAES.yaml
decryptAES: |
        encryptAES: H/UMBNfOx69KFHskREB4PeUEbdzv+ZLkCFUlN4vzRgw=
        decryptAES: jicki

2、编码解码函数(Encoding)

Helm有以下编码和解码函数:

  • b64enc/b64dec: 编码或解码 Base64
  • b32enc/b32dec: 编码或解码 Base32

2.1 b64enc

使用 b64enc 加密算法对指定字符串加密。

  • 语法:b64enc .Arg1

templates/b64enc.yaml 文件内容

b64enc: |
        {{ b64enc "jicki" }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/b64enc.yaml
---
# Source: myapp/templates/b64enc.yaml
b64enc: |
        amlja2k=

2.2 b64dec

对使用 b64enc 加密过的字符串进行解密。

  • 语法:b64enc .Arg1

templates/b64enc.yaml 文件内容

b64enc: {{ b64enc "jicki" }}
b64dec: {{ b64enc "jicki" | b64dec }}

运行 template

root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/b64dec.yaml
---
# Source: myapp/templates/b64dec.yaml
b64enc: amlja2k=
b64dec: jicki

2.3 b32enc

使用 b32enc 加密算法对指定字符串加密。

  • 语法:b32enc .Arg1

2.4 b32dec

对使用 b32enc 加密过的字符串进行解密。

  • 语法:b32dec .Arg1
1

评论区