[英]terraform - Unable to fetch service account from Kubernetes: serviceaccounts "<name of service account>" not found
这之前工作得很好,但由于某种原因它不再是,如果有人能帮助解决这个问题,我将不胜感激:
我的 terraform 代码如下,替换了关键信息。 带有“<>”只是为了在这里公开分享:
外部 main.tf 有这个:
module "<name>_service_account" {
source = "../modules/kubernetes/service-account"
name = "<name>-deployer"
}
# Create <name> platform namespace
resource "kubernetes_namespace" "<name>-platform" {
metadata {
name = "<name>-platform"
}
}
服务账户main.tf模块:
resource "kubernetes_service_account" "serviceaccount" {
metadata {
name = var.name
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "serviceaccount" {
metadata {
name = var.name
}
subject {
kind = "User"
name = "system:serviceaccount:kube-system:${var.name}"
}
role_ref {
kind = "ClusterRole"
name = "cluster-admin"
api_group = "rbac.authorization.k8s.io"
}
}
data "kubernetes_service_account" "serviceaccount" {
metadata {
name = var.name
namespace = "kube-system"
}
depends_on = [
resource.kubernetes_service_account.serviceaccount
]
}
data "kubernetes_secret" "serviceaccount" {
metadata {
name = data.kubernetes_service_account.serviceaccount.default_secret_name
namespace = "kube-system"
}
binary_data = {
"token": ""
}
depends_on = [
resource.kubernetes_service_account.serviceaccount
]
}
上述模块的 outputs.tf:
output "secret_token" {
sensitive = true
value = lookup(data.kubernetes_secret.serviceaccount.binary_data, "token")
}
我在 terraform 管道中遇到的错误:
│ Error: Unable to fetch service account from Kubernetes: serviceaccounts "<name>-deployer" not found
│
│ with module.<name>_service_account.data.kubernetes_service_account.serviceaccount,
│ on ../modules/kubernetes/service-account/main.tf line 27, in data "kubernetes_service_account" "serviceaccount":
│ 27: data "kubernetes_service_account" "serviceaccount" {
想通了,这是一个新的环境/项目,我的 terraform 刷新阶段仍在管道中,因此为什么它找不到服务帐户,删除它并让计划和应用首先运行解决了它。
Terraform 抛出为服务帐户设置 IAM 策略时出错...需要权限 iam.serviceAccounts.setIamPolicy
[英]Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required
为 Terraform 服务帐户定义 ClusterRoleBinding
[英]Defining a ClusterRoleBinding for Terraform service account
将 Kubernetes 服务帐号连接到 Google Cloud 服务帐号
[英]Connect Kubernetes service account to Google Cloud service account
在云运行上部署时,服务帐户的权限“iam.serviceaccounts.actAs”被拒绝
[英]Permission 'iam.serviceaccounts.actAs' denied on service account when deploying on cloud run
Terraform:使用 local_account_disabled=true 创建 azure kube.netes 服务时出错
[英]Terraform: Error when creating azure kubernetes service with local_account_disabled=true
Kube.netes 服务帐户的跨帐户 IAM 角色 - s3 存储桶
[英]Cross account IAM roles for Kubernetes service account - s3 bucket
在 terraform 中创建 GCP 服务帐户并将服务帐户密钥存储在 Secret Manager 中
[英]Create GCP service account and store service account key in secret manager in terraform
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.