问题描述
我正在设置生产环境,并希望保护与环境相关的变量.目前,每个环境都有自己的应用程序参数文件,该文件运行良好,但是我不希望团队中的每个开发人员都知道生产连接字符串和可能会出现在其中的其他敏感内容.
I'm setting up my production environment and would like to secure my environment-related variables. For the moment, every environment has its own application parameters file, which works well, but I don't want every dev in my team knowing the production connection strings and other sensitive stuffs that could appear in there.
因此,我正在寻找各种可能的方法.我已经看到,在我目前用于CI/CD的Azure DevOps中,存在一些可能的变量替换(xml转换).它可以在SF项目中使用吗?我在另一个项目中看到了与Octopus类似的东西.还有其他工具可以帮助我安全(轻松)地按环境管理变量吗?最终我可以使用KeyVault这样做吗?有什么建议吗?谢谢
So I'm looking for every possibility available. I've seen that in Azure DevOps, which I'm using at the moment for my CI/CD, there is some possible variable substitution (xml transformation). Is it usable in a SF project? I've seen in another project something similar through Octopus.Are there any other tools that would help me manage my variables by environment safely (and easily)?Can I do that with my KeyVault eventually?Any recommendations?Thanks
我想如何管理这些值的示例;这是章鱼的截图:
an example of how I'd like to manage those values; this is a screenshot from octopus :
所以我想要的就是与此类似的东西,它可以分离并注入值.
so something similar to this that separates and injects the values is what I'm looking for.
推荐答案
您可以在部署XML之前将其转换为ApplicationParameter文件,以更新其中的值.
You can do XML transformation to the ApplicationParameter file to update the values in there before you deploy it.
另一种选择是使用Powershell更新应用程序并将参数作为参数传递给脚本.
The other option is use Powershell to update the application and pass the parameters as argument to the script.
Start-ServiceFabricApplicationUpgrade 命令接受带有参数的哈希表作为参数,从技术上讲,VSTS \ DevOps中的内置任务将哈希表中的应用程序参数转换为脚本,如下所示:
The Start-ServiceFabricApplicationUpgrade command accept as parameter a hashtable with the parameters, technically, the builtin task in VSTS\DevOps transform the application parameters in a hashtable, the script would be something like this:
#Get the existing parameters
$app = Get-ServiceFabricApplication -ApplicationName "fabric:/AzureFilesVolumePlugin"
#Create a temp hashtable and populate with existing values
$parameters = @{ }
$app.ApplicationParameters | ForEach-Object { $parameters.Add($_.Name, $_.Value) }
#Replace the desired parameters
$parameters["test"] = "123test" #Here you would replace with your variable, like $env:username
#Upgrade the application
Start-ServiceFabricApplicationUpgrade -ApplicationName "fabric:/AzureFilesVolumePlugin" -ApplicationParameter $parameters -ApplicationTypeVersion "6.4.617.9590" -UnmonitoredAuto
请记住,现有的VSTS任务还具有其他操作,例如将包复制到SF并在映像存储区中注册应用程序版本,则需要对其进行复制.您可以从服务结构项目中的Deploy-FabricApplication.ps1文件复制完整脚本,然后将其替换为所做的更改.另一种方法是获取VSTS任务的源在这里并添加您的更改.
Keep in mind that the existing VSTS Task also has other operations, like copy the package to SF and register the application version in the image store, you will need to replicate it. You can copy the full script from Deploy-FabricApplication.ps1 file in the service fabric project and replace it with your changes. The other approach is get the source for the VSTS Task here and add your changes.
如果您打算使用KeyVault,我建议应用程序直接在KeyVault上访问值,而不是将其传递给SF,这样,您可以在KeyVault中更改值而无需重新部署应用程序.在部署中,您只能通过KeyVault凭据\配置.
If you are planning to use KeyVault, I would recommend the application access the values direct on KeyVault instead of passing it to SF, this way, you can change the values in KeyVault without redeploying the application. In the deployment, you would only pass the KeyVault credentials\configuration.
这篇关于部署期间替换Service Fabric应用程序参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!