我想使用 akv2k8s.io 使用 helm chart 将密钥库添加到 kubernetes 中。
apiVersion: spv.no/v2beta1
kind: AzureKeyVaultSecret
metadata:
name: secret-sync
namespace: akv-test-butfa
spec:
vault:
name: akv2k8s-butfa # name of key vault
object:
name: myusername # name of the akv object
type: secret # akv object type
output:
secret:
name: my-secret-from-butfa # kubernetes secret name
dataKey: secret-value # key to store object value in kubernetes secret
还有我的部署文件:
apiVersion: apps/v1
kind: Deployment
metadata:
name: akvs-secret-app
namespace: akv-test-butfa
labels:
app: akvs-secret-app
spec:
selector:
matchLabels:
app: akvs-secret-app
template:
metadata:
labels:
app: akvs-secret-app
spec:
containers:
- name: akv2k8s-env-test
image: spvest/akv2k8s-env-test:2.0.1
args: ["TEST_SECRET"]
env:
- name: TEST_SECRET
value: "secret-inject@azurekeyvault" # ref to akvs
我已经创建了 keyvault is name: akv2k8s-butfa
with secret 并且我已经为此设置了权限。
$kubectl -n akv-test get akvs
NAME VAULT VAULT OBJECT SECRET NAME SYNCHED AGE
secret-sync akv2k8s-test-butfa mysecret 6h26m
但我有问题:
secret-inject@azurekeyvault
waiting forever...
当我看到部署日志时。
更新:
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Fri, 29 Oct 2021 07:50:15 +0700
Finished: Fri, 29 Oct 2021 07:50:15 +0700
Ready: False
Restart Count: 7
Environment Variables from:
my-secret-from-butfa Secret Optional: false
Environment: <none>