如何使用从谷歌云 JSON 文件创建的秘密对象到服务帐户?我已经minikf在VM上并kubeflow安装了。我正在尝试在Kubernetes 集群中使用Jupyter笔记本制作一个容器。minikf笔记本可以使用 PodDefault 访问 GCP,但notebook自动启动的 kanico 容器无法访问 GCP。jupyter notebook中构建容器的代码如下:
IMAGE_NAME="mnist_training_kf_pipeline"
TAG="latest" # "v_$(date +%Y%m%d_%H%M%S)"
GCR_IMAGE="gcr.io/{PROJECT_ID}/{IMAGE_NAME}:{TAG}".format(
PROJECT_ID=PROJECT_ID,
IMAGE_NAME=IMAGE_NAME,
TAG=TAG
)
builder = kfp.containers._container_builder.ContainerBuilder(
gcs_staging=GCS_BUCKET + "/kfp_container_build_staging")
image_name = kfp.containers.build_image_from_working_dir(
image_name=GCR_IMAGE,
working_dir='./tmp/components/mnist_training/',
builder=builder
)
我得到错误:
Error: error resolving source context: dialing: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
Usage:
executor [flags]
以 Kaniko 开头的 pod 名称被创建并失败,因为它无法访问谷歌云存储:
Jupyter notebook 能够利用我的秘密对象“user-gcp-sa”的证明是上面的代码正在 GCS 上准备文件:
