是否可以在GCP上为Composer环境的GKE集群配置机密?或更准确地说,要基于google_composer_environment定义Kubernetes提供程序?
我希望以下方法能起作用:
resource "google_composer_environment" "job-scheduler" {
provider = google-beta
name = "job-scheduler"
region = var.region
config {
...
}
}
provider "kubernetes" {
host = google_composer_environment.job-scheduler.config.0.gke_cluster.endpoint
client_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_certificate)
client_key = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_key)
cluster_ca_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.cluster_ca_certificate)
}
resource "kubernetes_secret" "sa-credentials" {
metadata {
name = "sa-credentials"
}
data = {
"secret" = "${file("${var.service_account_credentials_path}")}"
}
}
但是我遇到以下错误:
Error: Unsupported attribute
on main.tf line 53, in provider "kubernetes":
53: host = google_composer_environment.job-scheduler.config.0.gke_cluster.endpoint
This value does not have any attributes.
Error: Unsupported attribute
on main.tf line 54, in provider "kubernetes":
54: client_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_certificate)
This value does not have any attributes.
Error: Unsupported attribute
on main.tf line 55, in provider "kubernetes":
55: client_key = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_key)
This value does not have any attributes.
Error: Unsupported attribute
on main.tf line 56, in provider "kubernetes":
56: cluster_ca_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.cluster_ca_certificate)
This value does not have any attributes.
任何线索将不胜感激。 干杯!
答案 0 :(得分:0)
对于那些仍然想知道 gke_cluster 是一个字符串的人