堆栈内存溢出
  简体   繁体   English

添加 ExternalSecret 到 Yaml 文件部署到 K8s

[英]Add ExternalSecret to Yaml file deploying to K8s

 原文  2022-12-13 15:47:01       kubernetes/ google-cloud-platform/ google-kubernetes-engine/ dbt

问题描述

I'm trying to deploy a Kube.netes processor to a cluster on GCP GKE but the pod fails with the following error:我正在尝试将 Kube.netes 处理器部署到 GCP GKE 上的集群,但 Pod 失败并出现以下错误:

secret "service-account-credentials-dbt-test" not found: CreateContainerConfigError

This is my deployment.yaml file:这是我的 deployment.yaml 文件:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dbt-core-processor
  namespace: prod
  labels:
    app: dbt-core
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dbt-core
  template:
    metadata:
      labels:
        app: dbt-core
    spec:
      containers:
      - name: dbt-core-processor
        image: IMAGE
        resources:
          requests:
            cpu: 50m
            memory: 1Gi
          limits:
            cpu: 1
            memory: 2Gi
        env:
        - name: GOOGLE_APPLICATION_CREDENTIALS
          valueFrom:
            secretKeyRef:
              name: service-account-credentials-dbt-test
              key: service-account-credentials-dbt-test
---
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: service-account-credentials-dbt-test
  namespace: prod
spec:
  backendType: gcpSecretsManager
  data:
  - key: service-account-credentials-dbt-test
    name: service-account-credentials-dbt-test
    version: latest

When I run kubectl apply -f deployment.yml I get the following error:当我运行kubectl apply -f deployment.yml时,出现以下错误:

deployment.apps/dbt-core-processor created
error: unable to recognize "deployment.yml": no matches for kind "ExternalSecret" in version "kubernetes-client.io/v1"

This creates my processor but the pod fails to spin up the secrets:这会创建我的处理器,但 pod 无法启动秘密:

secret "service-account-credentials-dbt-test" not found: CreateContainerConfigError

How do I add the secrets from my secrets manager in GCP to this deployment?如何将 GCP 中的机密管理器中的机密添加到此部署?

1 个解决方案

解决方案1
 1  2022-12-13 23:58:49

ExternalSecret is a custom resource definition (CRD) and it looks like it is not installed on your cluster. ExternalSecret是一个自定义资源定义 (CRD),看起来它没有安装在您的集群上。

I googled kube.netes-client.io/v1 and it looks like you may be following instructions from the old, archived project that first provided this CRD?我在 google 上搜索kube.netes-client.io/v1 ,看起来您可能正在按照最初提供此 CRD 的旧存档项目的说明进行操作? The GitHub repo pointed me to a maintained project that has replaced it. GitHub 存储库将我指向一个已替换它的维护项目

The good news is that the current project has what looks like comprehensive documentation, including a guide to how to install the CRDs on your cluster and the proper configuration for the External secret .好消息是,当前项目拥有看起来很全面的文档,包括有关如何在集群上安装 CRD 以及 External secret 的正确配置的指南

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 k8s deployment.yaml 中从 GCP Artifact Registry 中拉取图像? - How pull image from GCP Artifact Registry in k8s deployment.yaml? GCP 上的 K8s 上的 label 值无效 - Invalid label value on K8s on GCP K8s Daemonset Pod 放置 - K8s Daemonset Pod Placement k8s 使用 ownerRef 获取集群中的所有 pod 层次结构 - k8s get all pods hierarchy in cluster with ownerRef's K8S:运行负载均衡器同步例程时出错 - K8S: Error running load balancer syncing routine 通过 AWS Lambda 向 K8s 集群进行身份验证 - Authenticate to K8s cluster through AWS Lambda K8S 仅在 DaemonSets 启动后调度 pod - K8S schedule pods only after DaemonSets are up K8S pod 在不同节点上有两个副本 - K8S pods with two replicas on different nodes 如何让联邦用户访问k8s集群 - How to allow federated users to access k8s cluster 如何从 K8s 中获取 Kube.netes 集群名称 API - How to get Kubernetes cluster name from K8s API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM