[英]Passing the Google cloud service account file to traefik
As per https://docs.traefik.io/configuration/acme/根据https://docs.traefik.io/configuration/acme/
I've created a secret like so:我已经创建了一个像这样的秘密:
kubectl --namespace=gitlab-managed-apps create secret generic traefik-credentials \\ --from-literal=GCE_PROJECT=<id> \\ --from-file=GCE_SERVICE_ACCOUNT_FILE=key.json \\
And passed it to the helm chart by using: --set acme.dnsProvider.$name=traefik-credentials
并使用以下命令将其传递给 helm chart:--
--set acme.dnsProvider.$name=traefik-credentials
However I am still getting the following error:但是我仍然收到以下错误:
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"traefik.my.domain.com\" detected thanks to rule \"Host:traefik.my.domain.com\" : cannot get ACME client googlecloud: Service Account file missing","time":"2019-01-14T21:44:17Z"}
I don't know why/if traefik uses GCE_SERVICE_ACCOUNT_FILE
variable.我不知道为什么/如果 traefik 使用
GCE_SERVICE_ACCOUNT_FILE
变量。 All Google tooling and 3rd party integrations use GOOGLE_APPLICATION_CREDENTIALS
environment variable for that purpose (and all Google API clients automatically pick up this variable).为此,所有 Google 工具和 3rd
GOOGLE_APPLICATION_CREDENTIALS
使用GOOGLE_APPLICATION_CREDENTIALS
环境变量(并且所有 Google API 客户端都会自动选择此变量)。 So looks like traefik might have done a poor decision here calling it something else.所以看起来 traefik 可能在这里做了一个糟糕的决定,称它为别的东西。
I recommend you look at the Pod spec of the traefik pod (fields volumes
and volumeMounts
to see if the Secret is mounted to the pod correctly).我建议你看一下traefik荚荚规范(场
volumes
和volumeMounts
,看是否秘密安装在吊舱正确)。
If you follow this tutorial https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform you can learn how to mount IAM Service accounts to any Pod.如果您遵循本教程https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform,您可以了解如何将 IAM 服务帐户挂载到任何 Pod。 So maybe you can combine this with the Helm chart itself and figure out what you need to do to make this work.
因此,也许您可以将其与 Helm 图表本身结合起来,并弄清楚您需要做什么才能使这项工作发挥作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.