[英]Run kubectl command from GKE cronjob using workload identity
I'd like to run a kubectl command from within a cronjob
pod, to change the min replicas on a HPA for a deployment at the same time every week, ie time based scaling.我想在
cronjob
pod 中运行 kubectl 命令,以每周在同一时间更改 HPA 上的最小副本以进行部署,即基于时间的缩放。 I've been playing around with using the official google-sdk image with gcloud and kubectl installed.我一直在尝试使用安装了 gcloud 和 kubectl 的官方 google-sdk 映像。
I know I need to authenticate to the GKE cluster before I can run commands to interact via kubectl, and I really wanted to steer away from mounting a service account key (via a secret) to the pod, as we already have workload identity enabled.我知道我需要先对 GKE 集群进行身份验证,然后才能运行命令以通过 kubectl 进行交互,并且我真的想避免将服务帐户密钥(通过秘密)安装到 pod,因为我们已经启用了工作负载身份。
Normal gcloud commands work fine using this method eg gcloud compute instances list
but when I run gcloud container clusters get-credentials....
it fails saying I need to run gcloud auth login
- can't be done of course.正常的 gcloud 命令使用这种方法可以正常工作,例如
gcloud compute instances list
,但是当我运行gcloud container clusters get-credentials....
它失败说我需要运行gcloud auth login
- 当然不能完成。
I've read this post , I don't really want to use cURL if I can avoid it, and also know that gcloud doesn't use GOOGLE_APPLICATION_CREDENTIALS
( this post )我读过这篇文章,如果可以避免的话,我真的不想使用 cURL,而且我也知道 gcloud 不使用
GOOGLE_APPLICATION_CREDENTIALS
( 这篇文章)
Does anyone know of a way I can use workload identity and get this working?有谁知道我可以使用工作负载身份并使其正常工作的方法?
我找到了一种获得身份验证的方法,在尝试从 cronjob pod 中运行 kubectl 命令之前,我必须使用以下命令:
gcloud --account <account-name>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.