如何将GCP密码附加到Kubernetes服务帐户?

时间:2020-01-16 06:05:22

标签: kubernetes kubeflow kubeflow-pipelines

如何使用从Google云JSON文件创建的秘密对象进入服务帐户?我在虚拟机上安装了minikf,并安装了kubeflow。我正在尝试使用Jupyter Kubernetes集群中的minikf笔记本创建一个容器。笔记本计算机可以使用PodDefault访问GCP,但是从notebook开始的kanico容器自动无法访问GCP。 Jupyter Notebook中用于构建容器的代码如下:

IMAGE_NAME="mnist_training_kf_pipeline"
TAG="latest" # "v_$(date +%Y%m%d_%H%M%S)"

GCR_IMAGE="gcr.io/{PROJECT_ID}/{IMAGE_NAME}:{TAG}".format(
    PROJECT_ID=PROJECT_ID,
    IMAGE_NAME=IMAGE_NAME,
    TAG=TAG
)

builder = kfp.containers._container_builder.ContainerBuilder(
    gcs_staging=GCS_BUCKET + "/kfp_container_build_staging")

image_name = kfp.containers.build_image_from_working_dir(
    image_name=GCR_IMAGE,
    working_dir='./tmp/components/mnist_training/',
    builder=builder
)

我得到了错误:

Error: error resolving source context: dialing: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
Usage:
  executor [flags]

以Kaniko开头的Pod名称被创建并失败,因为它无法访问Google云存储: enter image description here

Jupyter笔记本能够使用我的秘密对象“ user-gcp-sa”的证据是上述代码正在GCS上准备文件: enter image description here

0 个答案:

没有答案
相关问题
最新问题