Kubernetes Minikube Secrets似乎未安装在Pod中
[英]Kubernetes Minikube Secrets appear not mounted in Pod
问题描述
I have a "Deployment" in Kubernetes which works fine in GKE, but fails in MiniKube. 
我在Kubernetes中有一个“部署”,它在GKE中运行良好,但在MiniKube中失败了。 I have a Pod with 2 containers:- (1) Nginx as reverse proxy ( reads secrets and configMap volumes at /etc/tls & /etc/nginx respectively ) (2) A JVM based service listening on localhost 我有一个带有2个容器的Pod: - (1)Nginx作为反向代理(分别在/ etc / tls和/ etc / nginx读取秘密和configMap卷)(2)基于JVM的服务侦听localhost
The problem in the minikube deployment is that the Nginx container fails to read the TLS certs which appear not to be there - ie the volume mount of the secrets to the Pod appears to have failed. minikube部署中的问题是Nginx容器无法读取看起来不存在的TLS证书 - 即,对Pod的密钥的卷装载似乎已失败。
nginx: [emerg] BIO_new_file("/etc/tls/server.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/tls/server.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
But if I do "minikube logs" I get a large amount of seemingly "successful" tls volume mounts... 但是,如果我做“minikube日志”,我会得到大量看似“成功”的量级坐骑......
MountVolume.SetUp succeeded for volume "kubernetes.io/secret/61701667-eca7-11e6-ae16-080027187aca-scriptwriter-tls" (spec.Name: "scriptwriter-tls")
And the secret themselves are in the cluster okay ... 秘密本身在集群中还可以......
$ kubectl get secrets scriptwriter-tls
NAME TYPE DATA AGE
scriptwriter-tls Opaque 3 1h
So it would appear that as far as miniKube is concerned all is well from a secrets point of view. 因此,就miniKube而言,似乎从秘密的角度来看,一切都很好。 But on the other hand the nginx container can't see it. 但另一方面,nginx容器无法看到它。
I can't logon to the container either since it keeps terminating. 我无法登录到容器,因为它一直在终止。
For completeness the relevant sections from the Deployment yaml ... Firstly the nginx config... 为了完整性,部署yaml的相关部分...首先是nginx配置...
- name: nginx
image: nginx:1.7.9
imagePullPolicy: Always
ports:
- containerPort: 443
lifecycle:
preStop:
exec:
command: ["/usr/sbin/nginx", "-s", "quit"]
volumeMounts:
- name: "nginx-scriptwriter-dev-proxf-conf"
mountPath: "/etc/nginx/conf.d"
- name: "scriptwriter-tls"
mountPath: "/etc/tls"
And secondly the volumes themselves at the container level ... 其次是容器级别的卷本身......
volumes:
- name: "scriptwriter-tls"
secret:
secretName: "scriptwriter-tls"
- name: "nginx-scriptwriter-dev-proxf-conf"
configMap:
name: "nginx-scriptwriter-dev-proxf-conf"
items:
- key: "nginx-scriptwriter.conf"
path: "nginx-scriptwriter.conf"
Any pointers of help would be greatly appreciated. 任何帮助指针将不胜感激。
1 个解决方案
解决方案1
0 已采纳 2017-02-07 14:56:31
I am a first class numpty! 我是一流的numpty! :-) Sometimes the error is just the error! :-)有时错误只是错误! So the problem was that the secrets are created using local $HOME/.ssh/* certs ... and if you are generating them from different computers with different certs then guess what?! 所以问题是秘密是使用本地$ HOME / .ssh / *证书创建的...如果你是从不同的计算机生成它们,那么猜猜是什么?! So all fixed now :-) 所以现在都修好了:-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.