我在从模板deployment.yaml部署多个机密时遇到问题。由于某些原因,当我的应用尝试在部署中查找文件时,找不到该文件。秘密是通过gopass的常规脚本获取的。
这是文件的实际简化版本(指示级别应该适当)
apiVersion: apps/v1
kind: Deployment
metadata:
name: "test-app"
spec:
template:
spec:
containers:
- name: "some-container"
image: "imgtag"
volumeMounts:
- name: app-secrets
mountPath: /app/secrets
volumes:
- name: app-secrets
projected:
sources:
- secret:
name: secret1
- secret:
name: secret2
旧版本(已正确创建private_key.pem):
apiVersion: apps/v1
kind: Deployment
metadata:
name: "test-app"
spec:
template:
spec:
containers:
- name: "some-container"
image: "imgtag"
volumeMounts:
- name: app-secrets
mountPath: /app/secrets
volumes:
- name: app-secrets
secret:
secretName: secret1
secrets.groovy:
def secrets() {
[
[type: "fromFile", name: "secret1", key: "private_key.pem", gopassPath: "firstGopassPath"],
[type: "fromFile", name: "secret2", key: "credentials.txt", gopassPath: "secondGopassPath"]
]
}
return this
当我添加延迟(以避免崩溃)时,我发现这些文件只是没有安装在任何地方。
pod的描述说:
(这是在更新kube客户端之前)
Volumes:
app-secrets:
<unknown>
(这是在将kube客户端从1.12.1更新到1.18之后)
Volumes:
app-secrets:
Type: Projected (a volume that contains injected data from multiple sources)
-更新-
kubectl get secret secret1 -o yaml
apiVersion: v1
data:
old_private_key.pem: somekey
kind: Secret
metadata:
creationTimestamp: "2020-04-22T15:31:43Z"
name: jpd-sales-force-private-key
namespace: default
resourceVersion: "137791226"
selfLink: /api/v1/namespaces/default/secrets/secret1
uid: a4f71c36-81d0-44f8-87a0-a6100c6f9f01
type: Opaque
(注意:我正在尝试重命名文件-原始文件为private_key.pem,此处为:old_private_key.pem,原始帖子中的private_key.pem为真实新名称,因此看起来文件的新名称没有出现)。
你们中的任何人都知道什么地方可能出问题吗?
答案 0 :(得分:1)
我的问题的解决方案:
kubectl delete secret secret1 secret1和secret2的apiVersion: apps/v1
kind: Deployment
metadata:
name: "test-app"
spec:
template:
spec:
containers:
- name: "some-container"
image: "imgtag"
volumeMounts:
- name: app-secrets
mountPath: /app/secrets
volumes:
- name: app-secrets
projected:
sources:
- secret:
name: secret1
- secret:
name: secret2