Kubernetes作业无法识别环境

时间:2019-04-03 20:03:57

标签: kubernetes kubernetes-jobs

我正在使用以下作业模板:

 apiVersion: batch/v1
kind: Job
metadata:
  name: rotatedevcreds2
spec:
  template:
    metadata:
      name: rotatedevcreds2
    spec:
      containers:
      - name: shell
        image: akanksha/dsserver:v7
      env:
      - name: DEMO
        value: "Hello from the environment"
      - name: personal_AWS_SECRET_ACCESS_KEY
        valueFrom:
          secretKeyRef:
            name: rotatecreds-env
            key: personal_aws_secret_access_key
      - name: personal_AWS_SECRET_ACCESS_KEY_ID
        valueFrom:
          secretKeyRef:
            name: rotatecreds-env
            key: personal_aws_secret_access_key_id
      - name: personal_GIT_TOKEN
        valueFrom:
          secretKeyRef:
            name: rotatecreds-env
            key: personal_git_token
        command:
         - "bin/bash"
         - "-c"
         - "whoami; pwd; /root/rotateCreds.sh"
      restartPolicy: Never
      imagePullSecrets:
      - name: regcred

shell脚本运行一些烦人的任务,结果是:

    TASK [Get the existing access keys for the functional backup ID] ***************
    fatal: [localhost]: FAILED! => {"changed": false, "cmd": "aws iam list-access-keys --user-name ''", "failed_when_result": true, "msg": "[Errno 2] No such file or directory", "rc": 2}

但是,如果我使用以下相同的iamge旋转豆荚

apiVersion: batch/v1
kind: Job
metadata:
  name: rotatedevcreds3
spec:
  template:
    metadata:
      name: rotatedevcreds3
    spec:
      containers:
      - name: shell
        image: akanksha/dsserver:v7
        env:
        - name: DEMO
          value: "Hello from the environment"
        - name: personal_AWS_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: rotatecreds-env
              key: personal_aws_secret_access_key
        - name: personal_AWS_SECRET_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: rotatecreds-env
              key: personal_aws_secret_access_key_id
        - name: personal_GIT_TOKEN
          valueFrom:
            secretKeyRef:
              name: rotatecreds-env
              key: personal_git_token
        command:
         - "bin/bash"
         - "-c"
         - "whoami; pwd; /root/rotateCreds.sh"
      restartPolicy: Never
      imagePullSecrets:
      - name: regcred

这将创建一个POD,我可以登录到pod并运行/root/rotateCreds.sh

运行作业时,似乎无法重新识别aws cli。我尝试调试分别等于whoamipwd的{​​{1}}和root,这很好。任何指针缺少什么?我是新来的。

为了进一步调试作业模板,我添加了/秒的睡眠时间,以便我可以登录到容器并查看发生了什么。登录后我注意到,我也能够手动运行脚本。 10000命令已被正确识别。

2 个答案:

答案 0 :(得分:2)

您的PATH可能设置不正确, 一个快速的解决方法是在/usr/local/bin/aws脚本中定义aws-cli的绝对路径,例如/root/rotateCreds.sh

答案 1 :(得分:0)

好,所以我添加了导出命令来更新路径,并解决了该问题。问题是:我正在使用命令资源,因此它不在bash环境中。因此,我们可以使用带有bash参数的shell资源,如下所述: https://docs.ansible.com/ansible/latest/modules/shell_module.html 或导出新的PATH。

相关问题
最新问题