是否使用服务帐户挂载client.crt,client.key,ca.crt? [英] Mounting client.crt, client.key, ca.crt with a service-account or otherwise?
本文介绍了是否使用服务帐户挂载client.crt,client.key,ca.crt?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
以前有没有人使用服务帐户挂载ssl证书来从正在运行的作业中访问aws集群?我们如何做到这一点?我创建了作业,这是来自导致容器Pod处于错误状态的故障容器的输出.
Has anyone used service-accounts to mount ssl certificates to access the aws cluster from within a running job before? How do we do this? I created the job and this is the from the the output of the failing container which is causing the Pod to be in error state.
Error in configuration:
* unable to read client-cert /client.crt for test-user due to open /client.crt: no such file or directory
* unable to read client-key /client.key for test-user due to open /client.key: no such file or directory
* unable to read certificate-authority /ca.crt for test-cluster due to open /ca.crt: no such file or director
推荐答案
解决方案是创建一个包含证书的Secret
,然后获得引用它的工作.
The solution is to create a Secret
containing the certs, and then getting the job to reference it.
第1步.创建机密:
kubectl create secret generic job-certs --from-file=client.crt --from-file=client.key --from-file=ca.crt
第2步.作业清单中的参考秘密.您必须在作业中插入volumes
和volumeMounts
.
Step 2. Reference secret in job's manifest. You have to insert the volumes
and volumeMounts
in the job.
spec:
volumes:
- name: ssl
secret:
secretName: job-certs
containers:
volumeMounts:
- mountPath: "/etc/ssl"
name: "ssl"
这篇关于是否使用服务帐户挂载client.crt,client.key,ca.crt?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文