0

以前是否有人使用服务帐户挂载 ssl 证书以从正在运行的作业中访问 aws 集群?我们如何做到这一点?我创建了作业,这是来自导致 Pod 处于错误状态的失败容器的输出。

Error in configuration:
* unable to read client-cert /client.crt for test-user due to open /client.crt: no such file or directory
* unable to read client-key /client.key for test-user due to open /client.key: no such file or directory
* unable to read certificate-authority /ca.crt for test-cluster due to open /ca.crt: no such file or director
4

1 回答 1

0

解决方案是创建一个Secret包含证书,然后让作业引用它。

步骤 1.创建密钥:

kubectl create secret generic job-certs --from-file=client.crt --from-file=client.key --from-file=ca.crt

步骤 2.在作业清单中引用秘密。您必须在作业中插入volumesand volumeMounts

spec:
  volumes:
  - name: ssl
    secret:
      secretName: job-certs
  containers:
    volumeMounts:
    - mountPath: "/etc/ssl"
      name: "ssl"
于 2017-07-19T05:18:32.640 回答