kubernetes-secrets

问题 I want to store files in Kubernetes Secrets but I haven't found how to do it using a yaml file. I've been able to make it using the cli with kubectl : kubectl create secret generic some-secret --from-file=secret1.txt=secrets/secret1.txt But when I try something similar in a yaml : apiVersion: v1 kind: Secret metadata: name: some-secret type: Opaque data: secret1.txt: secrets/secret1.txt I´ve got this error: [pos 73]: json: error decoding base64 binary 'assets/elasticsearch.yml': illegal

问题 I have created a secret for my JKS file under volume mount /etc/secrets/keystore. I am accessing my JKS file path as an environment variable where ssl.keystore.location gets resolved as file:///etc/secrets/keystore/ssl.jks. But I get exception from SSL engine builder that modification time of keystore couldn't be found and java.nio.file.NoSuchFile Exception file:/etc/secrets/keystore/ssl.jks 回答1: Remove the file:// . The keystore is opened by the Kafka client, not Spring. Kafka knows nothing

问题 I have 2 secrets i.e. production and staging. I want to dynamically load this secret in deployment file using the environment variable being set in same file env: - name: NODE_ENV value: "production" - name: general-secret secret: secretName: general-production-secret I want to load environment specific secrets like using secretName: general-{{env. NODE_ENV}}-secret Is it possible? 回答1: As far as I know, this is not possible unless you have Helm chart for your applications, then you can make

问题 I'm using a kubernetes ConfigMap that contains database configurations for an app and there is a secret that has the database password. I need to use this secret in the ConfigMap so when I try to add environment variable in the ConfigMap and specify the value in the pod deployment from the secret I'm not able to connect to mysql with password as the values in the ConfigMap took the exact string of the variable. apiVersion: v1 kind: ConfigMap metadata: name: config data: APP_CONFIG: | port:

问题 I'm using a kubernetes ConfigMap that contains database configurations for an app and there is a secret that has the database password. I need to use this secret in the ConfigMap so when I try to add environment variable in the ConfigMap and specify the value in the pod deployment from the secret I'm not able to connect to mysql with password as the values in the ConfigMap took the exact string of the variable. apiVersion: v1 kind: ConfigMap metadata: name: config data: APP_CONFIG: | port:

问题 I have the following yaml: volumeMounts: - name: app-secret mountPath: /app readOnly: true volumes: - name: app-secret secret: secretName: app-secret items: - key: app-secret.json path: appsettings.secret.json I expect the secret is mounted on /app/appsettings.secret.json but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app

问题 I have the following yaml: volumeMounts: - name: app-secret mountPath: /app readOnly: true volumes: - name: app-secret secret: secretName: app-secret items: - key: app-secret.json path: appsettings.secret.json I expect the secret is mounted on /app/appsettings.secret.json but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app

问题 How can I modify the values in a Kubernetes secret using the kubectl ? I created the secret with kubernetes create secret generic , but there does not seem to be a way to modify a secret. For example, to add a new secret-value to it, or to change a secret-value in it. I assume i can go 'low-level', and write the yaml-file and do a kubectl edit but I hope there is a simpler way. (I'm using kubernetes 1.2.x ) 回答1: The most direct (and interactive) way should be to execute kubectl edit secret

问题 I'm receiving the following error when the runner is trying to retrieve a resource: checking failed - Expected to find variables: git my resource looks similar to: - name: resource-repo type: git source: uri: https://[url] branch: master tag_filter: '*' username: ((git.username)) password: ((git.password)) my values.yaml for the helm chart includes: rbac: create: false credentialManager: kubernetes: namespacePrefix: concourse (regardless, the release name is concourse) under namespace

问题 For the past couple of days we have been experiencing an intermittent deployment failure when deploying (via Helm) to Kubernetes v1.11.2. When it fails, kubectl describe <deployment> usually reports that the container failed to create: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 1s default-scheduler Successfully assigned default/pod-fc5c8d4b8-99npr to fh1-node04 Normal Pulling 0s kubelet, fh1-node04 pulling image "docker-registry.internal/pod