Helm 包含了很多可以在模板中利用的模板函数。包括密码安全、日期、字典、逻辑与流程控制、列表、正则表达式、字符串、类型转换、统一资源定位等17大类的模板函数,本节主要介绍密码安全函数(Cryptographic and Security)及编码解码函数(Encoding)。
1、密码与安全函数(Cryptographic and Security)
Helm提供了一些高级的加密函数。包括了adler32sum
, buildCustomCert
, decryptAES
, derivePassword
, encryptAES
, genCA
, genPrivateKey
, genSelfSignedCert
, genSignedCert
, htpasswd
, sha1sum
, sha256sum
。
1.1 sha1sum
sha1sum函数接收一个字符串,并计算它的SHA1摘要。
- 语法:
sha1sum .Arg1
sha1sum "Hello world!"
1.2 sha256sum
sha256sum 函数接收一个字符串,并计算它的SHA256摘要。
- 语法:
sha256sum .Arg1
sha256sum "Hello world!"
上述语句会以“ASCII包装”格式计算SHA 256 校验和,并安全打印出来。
templates/sha256sum.yaml 文件内容
sha256sum: {{ sha256sum "jicki" }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/sha256sum.yaml
---
# Source: myapp/templates/sha256sum.yaml
sha256sum: 57a4bffd5916cd9fded9ad94a76de152e56eb0bf9e34c94f5ea48f8cbd4f866a
1.3 adler32sum
adler32sum函数接收一个字符串,并计算它的Adler-32校验和。
- 语法:
adler32sum .Arg1
adler32sum "Hello world!"
1.4 htpasswd
htpasswd 函数使用username 和 password 生成一个密码的bcrypt哈希值。该结果可用于 Apache HTTP Server 的基础认证。
- 语法:
htpasswd .Arg1 .Arg2
- 注意,将密码直接存储在模板中并不安全。
htpasswd "myUser" "myPassword"
1.5 derivePassword
derivePassword 函数可用于基于某些共享的“主密码”约束得到特定密码(生成一个指定类型的密码)。
- 语法:
derivePassword .Arg1 .Arg2 .Arg3 .Arg4
- 注意,将这部分直接存储在模板中并不安全。
derivePassword 1 "long" "password" "user" "example.com"
templates/derivePassword.yaml 文件内容
derivePassword: {{ derivePassword 20 "medium" "123456" "jicki" "jicki.cn" }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/derivePassword.yaml
---
# Source: myapp/templates/derivePassword.yaml
derivePassword: Foy3$Xox
1.6 genPrivateKey
genPrivateKey 函数生成一个编码成PEM块的新私钥(获取 Private Key 私钥密文)。第一个参数会采用以下某个值:
- ecdsa: 生成椭圆曲线 DSA key (P256)
- dsa: 生成 DSA key (L2048N256)
- rsa: 生成 RSA 4096 key
templates/genPrivateKey.yaml 文件内容
{{ $key := genPrivateKey "rsa" }}
key: {{ replace "\n" "" $key }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/genPrivateKey.yaml
---
# Source: myapp/templates/genPrivateKey.yaml
key: -----BEGIN RSA PRIVATE KEY-----MIIJKQIBAAKCAgEAlUtM9IynuPTCfl9j10ENjFligj6sLV9TyU0dMcKWMyaUBx38XQkqEDDtkjtELxHZLcGaO4NXQ8Vim/eVW8XUURM68MEG3uobgm0xNSU4QNOEjXWMLBFftXA5pjN3cp7qDJxGLafLOz85ibVBVc+vB718SKeDCDj9zaHvyTw2NakgRDNaaDcs1uvY5r2ip7yBFVXFsDAV0vBkJ+NI7ldtTwtnGw9056mggVdYH5DKLs9WasrOEHiQltxlhT2QAVbd4goMMPGZGJIAD0/WAvx184KEt7zRhphwMBINFN3h0JkxcHxSYNBbbrb3zClyehNVpnD1/yxiRIat4LStvpN6NKv3GI9dee67iPLsGZRV9Bp8GrsHfO0LmCXzn68lzq/OlcgLJzAHsA6ka3hrqQpZPW35FSZ+DWVeQ8pQOAIaYaghSJWr+/C4J70F8Fa5N/JgrcFlTNqodfl10Z9AQ0SjU91RylVsGtw9/vkqCvSzOoL3nDFAiwbxIiptAJA1NTJr+K6+H2S/2PNXsCp7EMYTvlEyPiSp553I51E7n+zRloKFVc9CBxImF5wm2M/hOD8IOi9uxx4KFhEt9aywBjyi7tbP9i6RC5Om6iBNSTZ9rmeKI/WTfJgvK8CwtSExnleohe6f0nPNfmIR/skP4n233kqK4lhdQxLZU68XVMQ29RECAwEAAQKCAgEAgVrNQtbcPBVWr8hW6Zsj8gdAozlKVcXTAwgd04+WNJuohsIkdzgJih3aumk/mskMM+kbiZUzdzT/S8QpVWsDm3veBdw558tQKqIRkMq/AuxCXY8L9OLY2oxyZt8RD+9BO8vrwoMwRBVz9S1nfsKEFWDI3urFTcqTnihBa0sQbU4s9urH2qRz5YRUWxjUZiGedq3qq83+GtbO8QCtoFWAEI0AuSGbWV5QA8F6SV9az1Q2vDEceoj8PrqX++pra72oYsHx7jZnQDLAeoPiGpREXskn1Ut0//n0urHpQ7s8fVE+1QfjGJ9vmW5PJkaDOeKmw5/8hSwfuOA4qAnkwMtnhgjoWX7J9gU2t28MEidWzhLyvCvKRJVSwzbmX5M2RbugnBAEQztQqoTfSQMg9XxIbKTXhnn/eQKBpuExLV+/P+hDenVtweTGfP2gnnoN1DXFXNUUs2U2PxAEmeqbOeQ0X2CSnnglweWRwvFiM5QK5dkwjpNSZApAWUn6Ip9/DV3DA2XHoGF9C5KWrMatDBrIq+a9E6BSe9/hRuwpeVzjoB4uuuAcT3guadmf6snkyHdhtbMH3JSGXFws2P6FmCEX9gNJebiOMvrIIlN46U8eTsfJEskV9MW37mtYX9D5n3Zm2zAfzetUHUZGuB6trtOmSMANwt9K03cCBPaF09PGjUECggEBAMCLnMeLQ/IoOnw+p5xPzitV92z5w7YA64EzcGcS02w1x2W2rP/VwF0VA06Cie7LyRZGTzONLUMxuIfw27mj1YXszQ9cOY8VACuWi/x9Ui4RlM/Qtsq+LEsRvdSt63ad9lKpOzlL+0Pdc/SyDrHC0nJuFsbpQ85kWAbeQWMdiWBtDunA6s00Jc/KBHLge8xxwFiXwU5Nq7uo5nXG/qGWd6TOCHldGS08+fTSEOrG0cgM7HE17VsYPYyy2fAYG1yY4bNySMV7w1bis3mvqgdTfasYARAyp9kXcO7crHy2//A7uKUk5y9RfUE8Tm05gvh40G+wZNYiJk0sHypRT7V9dccCggEBAMZ+u3EaCJ5ialpitcIsI0sdae4D+94kBtafn58cwFKk484F6OoQcLbtC4i4dwzYyw8Kpv8/tA0inpP9oHHPfSsP5hjZSK5+SWFC1NTy6CGIpdguxLAByK3eliOh+b7z9xcqHTxHGiJZ3lEfdLIH4JSVddEyvueY0eH5KITe6qmZfStwvBa6T5jU3nBKylF4H/LK15emL/h/w+qaCsu2oDFAUF7ObPjmp3arZIYIpRfvxothGkPCz6I69XR3f/GjqZ20ruqGsgQXikXVrwRtf/uZVDmpjP5eQdZ8fHIo494zFp1ktfuxaooz+VU/RAglB8RkCOIIrdLHsjU7+5CW3mcCggEBAJ1W+OyOvx05BmHVCT5QcJc1DpU8nFMz+T6A/E8eMSpx39kcJ85/q0vlCeiz/2blnBLZrYrgyKXqEXL0vXi7ipZ/5SmyIU7syFDWGtpexjLjJwmS8mxGbweBHfCXlpw9hLYTmFO/5TmV01WX0y4rl7DuiSpOH5yentgt8py93C6xr8gQX08EWAmueWguTLvKEHXUvJ/yFG2rHXgM/rKotGg1/PK/wv0WoOMQbcaMZYzmEqiIesc/zbwVwsXRzTojq/vpXdISypNLeYHsrDKEZWLUoLnNyx85ao2mQkU/fXGgO8inmUsvef0+/I+Auae1gg5ixGO/UDEr5uO7wjj6pq0CggEAOeQ4cvIu1VLKxfXIIQuSd5PqkzqiONW1EN+ZRGS0SuZAcpQSrEGDPjbAiG2UezC3eHmY3xULRFF2gp8ULl1fmjGW4GRu6EV4zV8ah8kYnr8l73kkcFj02JD0pQvWtTSeOilUQYJTQvWG+437EPlvLKayqALu3skZXZi3kpkZQ8G6WfMVSGOqV16uSX3mqAArATrbyiT0FLvevguTXnqzGeoyBpSZ/7X13Yx7UwQucl7CP2BgsqacvCoJ8J/xtt4O2CocYdZLERp0f42k79un2g+MGw0yS/XdqdrAyOLYIrQvwlPfJ7tE4W3rKEu9Ycq7CzJJzPLPD4yikxgddLwrvQKCAQBPDvnNlO9qyeVCJdGJyvQ9/rvhttUuTDIQhpA/hYOPQjnJUtvQUy5Q1JMdwdv4Kos/sqk54N1H6YL+cLbsW1oEMveFWW5n16A/v07FYlOGGouAmJuZQfiGO7bbyxeNr302zkWicZiFkqc9ppCWmyYFG/BSJtk1HPPc2UoumCqIAYKvV7iUyHoig2e924Dt9wAWBhVb7Xt6/dTO9voC8WpwLgEuQhJR4+SyCLSMFJlBEpmQOStUbBR0lfGZf1bFFf0KyUxq1Xjol3qgpMWmZqt85JItWSdImyGBR9a9dn6R5aJqijm7bNMqf7daixblVkCFFGSRp4tJWU3Ul8CKwEjT-----END RSA PRIVATE KEY-----
1.7 buildCustomCert
buildCustomCert 函数允许自定义证书。会采用以下字符串参数:
- base64 编码PEM格式证书
- base64 编码PEM格式私钥
返回包含以下属性的整数对象:
- Cert:PEM编码证书
- Key: PEM编码私钥
$ca := buildCustomCert "base64-encoded-ca-crt" "base64-encoded-ca-key"
注意返回的对象可以使用这个CA传递给genSignedCert函数进行签名。
1.8 genCA
genCA 函数生成一个新的,自签名的x509 机构证书(生成一个 CA 证书)。会采用以下参数:
- 主体通用名 (cn)
- 证书有效期(天)
返回一个包含以下属性的对象:
- Cert: PEM编码证书
- Key: PEM编码私钥
$ca := genCA "foo-ca" 365
注意返回的对象可以使用这个CA传递给genSignedCert函数进行签名。
templates/genCA.yaml 文件内容
{{ $ca := genCA "jicki CA" 365 }}
ca.crt: {{ $ca.Cert | b64enc |quote }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/genCA.yaml
---
# Source: myapp/templates/genCA.yaml
ca.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4ekNDQWR1Z0F3SUJBZ0lSQVB2bkxzRng0V0Jwb3ppSWtXMXhpbzR3RFFZSktvWklodmNOQVFFTEJRQXcKRXpFUk1BOEdBMVVFQXhNSWFtbGphMmtnUTBFd0hoY05NakF3T0RJMk1UQXhPVEF5V2hjTk1qRXdPREkyTVRBeApPVEF5V2pBVE1SRXdEd1lEVlFRREV3aHFhV05yYVNCRFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFMbUM0Yk45VFRPTi9TdGZqL0hyRGZsamw4N2M2QUxSRGJtV0VqalNaaVliZ0hkaCt5UXoKRnM4dG5PQXpQM255WTBHdmgveGZFeGhMY25Hb0dxd2pQVXhEb2VxdmRmNmE5UFB0THdkZmxrQ3A5UzRNSTd0QgpGbXBMTVNxTW1BcVRSUEY2ck1QNVI5VStQRGI4WHVkcHVLVjcrSHV4aE1DaGRpSjhibS9Fd3ovV2tNMUF5VFlmCnV4TVkxQU44aGlKMXZybXkrb0J6U0VFV1hHZmlUdTR4UGs3NmtncmpjU1BDNlJXVjh3NXdlZStNYURtbnRLMWIKTGs1dWdvb2wvQjlvRHJIdG43OEpRUXExM0xZRkE1TlIzVHVDREFzcjgvSk9kUm8zSE12ZmxlQUI5aDFrdzZ5eQo1ak9xajFHcTNSbUIwOG1SeWJVZ0V1c2VRczVqbmhYck9JVUNBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFECkFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTRmbW91aCtRYlBMbXQxdGhIY1lTZ2VuZS9GeDhBUm5Vegp5YTdHS00yVTErbVppMEtGcjVpcEFJNXdTWnBwN001UC8xZ0doeGk1TTVUQVlPZ1Q2OGtNNXVnTjUzeWI1WnhxCjFwMndocktMOTg1bTNzT25Ka0kxRWF4THZteGxsU0hyaFlVZldiTXJRNkYvaXpJSGNaYmtwSVNyZy81TzZLSXoKOU5Gc2ZBNmZQZVBPTGdpMUdtOE1Ua2xyWVoxUTBZb3YvMzI2SFlpSUd4bmZtOURZZTMydEZzNnRQSHFnOXk5RgpuaTlDWmh4SFpCalc1QmVoTWQ5ZHEwTWk1d2U4MWhFYk1TTC9NRy84NktuNzRwWDBEazV4Mnh0VHRtdlVpNzJwCkM4ZUJZWVN1bmx6TTlnRC9JQ2hBcUxvMmJKZE4rVTd3dHJTMndZYnBwRENRVHpUNDU5VUoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
1.9 genSelfSignedCert
The genSelfSignedCert 函数生成一个新的,自签名的x509 证书。会采用下列参数:
- 主体通用名 (cn)
- 可选IP列表;可以为空
- 可选备用DNS名称列表;可以为空
- 证书有效期(天)
返回一个包含以下属性的对象:
- Cert: PEM编码证书
- Key: PEM编码私钥
$cert := genSelfSignedCert "foo.com" (list "10.0.0.1" "10.0.0.2") (list "bar.com" "bat.com") 365
1.10 genSignedCert
genSignedCert 通过指定的CA签名生成一个新的, x509证书(生成一个带签名的 证书)。会采用以下参数:
- 主体通用名 (cn)
- 可选IP列表;可以为空
- 可选备用DNS名称列表;可以为空
- 证书有效期(天)
- CA (查看 genCA)
{{ $ca := genCA "jicki CA" 365 }}
{{ $cert := genSignedCert "jicki.cn" nil (list "jicki.cn" "www.jicki.cn") 365 $ca }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
templates/genSignedCert.yaml 文件内容
{{ $ca := genCA "jicki CA" 365 }}
ca.crt: {{ $ca.Cert | b64enc |quote }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/genSignedCert.yaml
---
# Source: myapp/templates/genSignedCert.yaml
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFakNDQWZxZ0F3SUJBZ0lRTVplNjRFbUlSK0NBVzYwbElQK2M4akFOQmdrcWhraUc5dzBCQVFzRkFEQVQKTVJFd0R3WURWUVFERXdocWFXTnJhU0JEUVRBZUZ3MHlNREE0TWpZeE1ESTFOVEZhRncweU1UQTRNall4TURJMQpOVEZhTUJNeEVUQVBCZ05WQkFNVENHcHBZMnRwTG1OdU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXRtL0YxUHVXYVdyczR3dEdYaGorTUVlcDZjQi91aDhDczE1SmJIVFJQc0Jac2cxM2NXdmgKV1JiSExCSHhza1FQR3NFZ1FxUTlIMVRiT0FobDJlYmdPc2hjN3czbjBhY202a3pWWDhnSDFXVkg3V0VOK1g5eQpWRG9sditPVTBJdGxDVzdTV0FKdDBIbUd4UGhxTWhZMVdVeGs2R2VUZmNkVGdKR054L0VmVjk2MjZYQTJ3QmxICnRMeGltQ1RGSVUyUDZZbEVscWxVZk5WU0g0YzZmUmhhSEhxeFhJQ04zZm8wTUw5aDg2VHRFNWVtMnJlalRMNmgKTGhsK2JkaG9sVG93Q1Y0QXhrWTB1cDkzUlN4aUNXYk1MTnM4c1RNRHArbzNNQmNFOXUyZU40VjRvTHY5VWtQRwpCdnM4V3QybHBLUjc3a0VqZ1luZEZ1YkdvSE41YWVhVVF3SURBUUFCbzJJd1lEQU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXcKSVFZRFZSMFJCQm93R0lJSWFtbGphMmt1WTI2Q0RIZDNkeTVxYVdOcmFTNWpiakFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQU1OR29uNGJBSGpicjFmRFVmTVRNRGZ6MDdvb29mSFNCWjhONWFZMjY1RnNKZnpWajFWWlU0cHdiClVoU2QzN21oclJabUpjNXZtbEJNZm1aamx0Qmc1ZzhGeGNVZXZvV3hscXFFWUtZcWQzaFZwUzB0OFBkU3Zsa2oKMFk4L3Q0ekxKRlBUV2dpL1Fwbi8vUGN4OGJIWEVHM1IvQWlWR0VaQ0dFb1pNUmpMQzJocGJsQXFGV3loYStCNgpVK1puMk16Q1lnZ3NyZTZsTk5pMW9yRWRJV2xBTE53KzZoaGxBUkFKc09iZklTYzBuaUN2ODB3TzAvQ2Y1dVl3CksxdXZqcHdPZG1VeFJDZmxlMEZ6eXI5RUNJSE1rcks4dE9GM29va0N4bW0zUm91OHVaYS9qVXIvakFHVWtuZ2IKNmE0NGE5eGw1dGNvbU1PdG1aZEZMV0hWemFjZk13PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdG0vRjFQdVdhV3JzNHd0R1hoaitNRWVwNmNCL3VoOENzMTVKYkhUUlBzQlpzZzEzCmNXdmhXUmJITEJIeHNrUVBHc0VnUXFROUgxVGJPQWhsMmViZ09zaGM3dzNuMGFjbTZrelZYOGdIMVdWSDdXRU4KK1g5eVZEb2x2K09VMEl0bENXN1NXQUp0MEhtR3hQaHFNaFkxV1V4azZHZVRmY2RUZ0pHTngvRWZWOTYyNlhBMgp3QmxIdEx4aW1DVEZJVTJQNllsRWxxbFVmTlZTSDRjNmZSaGFISHF4WElDTjNmbzBNTDloODZUdEU1ZW0ycmVqClRMNmhMaGwrYmRob2xUb3dDVjRBeGtZMHVwOTNSU3hpQ1diTUxOczhzVE1EcCtvM01CY0U5dTJlTjRWNG9MdjkKVWtQR0J2czhXdDJscEtSNzdrRWpnWW5kRnViR29ITjVhZWFVUXdJREFRQUJBb0lCQUZBQ2VSck5NOHdMenRSTQpMNUk1RjlHSXZHWDl2SWFkN3d0SFFLQkdJemFJR1U1VFJaMENtUlAvUDE1K2lDZU1YYXQ0STNQV244L0w0VkNUCnJrZUFUN3E0QUxuK3VUcGpPbGZyVm5EcFF6WTljdXdTY3BTSFpsYTJJYlFrVlRHWTBMandWMk90dlFkL0pMSGgKMklFYTZFNi9pRW04a3h6SWZFQ1lsVHVvN2Z3VXZISlZWUVpWb0hjV2hRcU00SktIZWlMRDQrV25jVkp1YlFqMwpGTXdySi9aN3dZN1NTL1dZc1dmRitLc2hjaVp1ZUc5YVNwZkJjdFZ5Y3pqdSs2OG5qMDJCaGFvZlQwME9NR0VTCkFNKzZHRDhOVXloeEtpTDZEWDBKcHNraXlYQ3kzR3BkTkpBa0ZpUWZuanlNL0pzQkd0N215Umg4YURGSm1PQkwKOEw5ZVp1RUNnWUVBeEwxemNlcXdza3A5TVYyY1BpajJka09hOHozYVZaOEtXTlN1UkJrY1I4QThiMG5qR25DMwpDaDQ3YkJDR3JEMGdxK00rcFBYdE9KSDRPdWJnWVcxdlloM2RVSkNIVnAwVmc1eVJlWG11ZkZ5VHZrZDcvYUZPCkE1aEkzU0czY2RIa0NndFNUN3NpQ1FVSUNKWlJxSElEMGtRYW9yaHM3MUk4eW00OWpoQ0xNVWtDZ1lFQTdXTmoKeW52SVFPK3lyVk9yU2hzcVhUc2pTaWQ5QzBpYkUrQXlOZ0tDUGpQemd2c0RaRGNEbEJoVUNhK25UTlBTcEVUcgpnQW80QzYrV3ZTV0NMMlV2VGcvVnp6RG96bDFueGIzYWQvYTEzeDA4OGoxSTZZWFExalJBb0xFRW9PY2lGdzNqCjBXdGdMRExWTTJqMHVSaWoyajRQYXFaVHpuMTdocExUR1FMMzVTc0NnWUFMUytGOEVnQ3hUQXVpTVFET3BPVjUKNXVuWHU1NTB1aHdLKzdOQjM3czY5M1BBNUJveEkzV3ZGQXRQYWllQmJrVVkrWVJZVG5LZmcrb2YzNi9VaUVjVAorQ2tEL2poM0phL2RqYmpnbzdiOEZ3aTRyVHdXVlJPNHF4N0w2NnF2MDJCbm56ekxyVEFJR296YWlWOEk3L3IrCk1NRGl4UG9rUjdHTDRnYVF5S3hsV1FLQmdDSjYwRERGMytWR3E0NHZXKzdNbVUrbldrM1lCSHFTRml4QjRTa2wKSGlQSXlmTFpZTG02bitOdjBTMEMvV3JVVFlFY25aUWdaOW1TckhOV3NsME45bHdCUXMzd1RiQkRzdUh1M0grVwpMdjUwTWJrQm04aUhiamplcUJCdkJid1ZOa2RnOWhraDNuc3MrdmlYb3d3TGZ5a2c0SDVlSUVnYXc4bGRKQm82CjZ5UzNBb0dBZGIvUFNyNzRHK3YxU0luNzlaMUJiWjBIbkY5RVNUMWVVL1UraXF4cWhZcU9IYzV3aVgySEM3MVUKbmhESk1OQmY0NVJOWUMwMG1FTTFMalRsUFhuQXFDSDJYdW9zTG9sbHNncDh1SkNOblZHQS92UWIxMmtLdWgvbgpBaGM0SithMnhtZWY0NTJ0TkFsWDVCUjhvZHlpTDNSMDZZa1ZadWFjSmJCY3JZZnpuaW89Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=="
1.11 encryptAES
encryptAES 函数使用AES-256 CBC 加密文本并返回一个base64编码字符串。(需指定一个 偏引量如: “98765”)
- 语法:
encryptAES .Arg1 .Arg2
encryptAES "secretkey" "plaintext"
templates/encryptAES.yaml 文件内容
encryptAES: {{ encryptAES "98765" "jicki" }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/encryptAES.yaml
---
# Source: myapp/templates/encryptAES.yaml
encryptAES: Lj9RyzT4kG6Q7K+hRil1/4l8EL4rXPqGD3/CF1KSS70=
1.12 decryptAES
decryptAES函数接收一个AES-256 CBC编码的字符串并返回解密文本(解密 AES 加密过的字符串)。
"30tEfhuJSVRhpG97XCuWgz2okj7L8vQ1s6V9zVUPeDQ=" | decryptAES "secretkey"
templates/decryptAES.yaml 文件内容
decryptAES: |
encryptAES: {{ encryptAES "98765" "jicki" }}
decryptAES: {{ encryptAES "98765" "jicki" | decryptAES "98765" }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/decryptAES.yaml
---
# Source: myapp/templates/decryptAES.yaml
decryptAES: |
encryptAES: H/UMBNfOx69KFHskREB4PeUEbdzv+ZLkCFUlN4vzRgw=
decryptAES: jicki
2、编码解码函数(Encoding)
Helm有以下编码和解码函数:
- b64enc/b64dec: 编码或解码 Base64
- b32enc/b32dec: 编码或解码 Base32
2.1 b64enc
使用 b64enc 加密算法对指定字符串加密。
- 语法:
b64enc .Arg1
templates/b64enc.yaml 文件内容
b64enc: |
{{ b64enc "jicki" }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/b64enc.yaml
---
# Source: myapp/templates/b64enc.yaml
b64enc: |
amlja2k=
2.2 b64dec
对使用 b64enc 加密过的字符串进行解密。
- 语法:
b64enc .Arg1
templates/b64enc.yaml 文件内容
b64enc: {{ b64enc "jicki" }}
b64dec: {{ b64enc "jicki" | b64dec }}
运行 template
root@kubernetes:/opt/helm/myapp# helm template . --show-only templates/b64dec.yaml
---
# Source: myapp/templates/b64dec.yaml
b64enc: amlja2k=
b64dec: jicki
2.3 b32enc
使用 b32enc 加密算法对指定字符串加密。
- 语法:
b32enc .Arg1
2.4 b32dec
对使用 b32enc 加密过的字符串进行解密。
- 语法:
b32dec .Arg1
评论区