[英]Add ExternalSecret to Yaml file deploying to K8s
I'm trying to deploy a Kube.netes processor to a cluster on GCP GKE but the pod fails with the following error:我正在尝试将 Kube.netes 处理器部署到 GCP GKE 上的集群,但 Pod 失败并出现以下错误:
secret "service-account-credentials-dbt-test" not found: CreateContainerConfigError
This is my deployment.yaml file:这是我的 deployment.yaml 文件:
apiVersion: apps/v1
kind: Deployment
metadata:
name: dbt-core-processor
namespace: prod
labels:
app: dbt-core
spec:
replicas: 1
selector:
matchLabels:
app: dbt-core
template:
metadata:
labels:
app: dbt-core
spec:
containers:
- name: dbt-core-processor
image: IMAGE
resources:
requests:
cpu: 50m
memory: 1Gi
limits:
cpu: 1
memory: 2Gi
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
valueFrom:
secretKeyRef:
name: service-account-credentials-dbt-test
key: service-account-credentials-dbt-test
---
apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
name: service-account-credentials-dbt-test
namespace: prod
spec:
backendType: gcpSecretsManager
data:
- key: service-account-credentials-dbt-test
name: service-account-credentials-dbt-test
version: latest
When I run kubectl apply -f deployment.yml
I get the following error:当我运行
kubectl apply -f deployment.yml
时,出现以下错误:
deployment.apps/dbt-core-processor created
error: unable to recognize "deployment.yml": no matches for kind "ExternalSecret" in version "kubernetes-client.io/v1"
This creates my processor but the pod fails to spin up the secrets:这会创建我的处理器,但 pod 无法启动秘密:
secret "service-account-credentials-dbt-test" not found: CreateContainerConfigError
How do I add the secrets from my secrets manager in GCP to this deployment?如何将 GCP 中的机密管理器中的机密添加到此部署?
ExternalSecret
is a custom resource definition (CRD) and it looks like it is not installed on your cluster. ExternalSecret
是一个自定义资源定义 (CRD),看起来它没有安装在您的集群上。
I googled kube.netes-client.io/v1
and it looks like you may be following instructions from the old, archived project that first provided this CRD?我在 google 上搜索
kube.netes-client.io/v1
,看起来您可能正在按照最初提供此 CRD 的旧存档项目的说明进行操作? The GitHub repo pointed me to a maintained project that has replaced it. GitHub 存储库将我指向一个已替换它的维护项目。
The good news is that the current project has what looks like comprehensive documentation, including a guide to how to install the CRDs on your cluster and the proper configuration for the External secret .好消息是,当前项目拥有看起来很全面的文档,包括有关如何在集群上安装 CRD 以及 External secret 的正确配置的指南。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.