Kubernetes作业不识别环境
我正在使用以下工作模板:Kubernetes作业不识别环境,kubernetes,kubernetes-jobs,Kubernetes,Kubernetes Jobs,我正在使用以下工作模板: apiVersion: batch/v1 kind: Job metadata: name: rotatedevcreds2 spec: template: metadata: name: rotatedevcreds2 spec: containers: - name: shell image: akanksha/dsserver:v7 env: - name: DE
apiVersion: batch/v1
kind: Job
metadata:
name: rotatedevcreds2
spec:
template:
metadata:
name: rotatedevcreds2
spec:
containers:
- name: shell
image: akanksha/dsserver:v7
env:
- name: DEMO
value: "Hello from the environment"
- name: personal_AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key
- name: personal_AWS_SECRET_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key_id
- name: personal_GIT_TOKEN
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_git_token
command:
- "bin/bash"
- "-c"
- "whoami; pwd; /root/rotateCreds.sh"
restartPolicy: Never
imagePullSecrets:
- name: regcred
shell脚本运行一些ansible任务,结果是:
TASK [Get the existing access keys for the functional backup ID] ***************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "aws iam list-access-keys --user-name ''", "failed_when_result": true, "msg": "[Errno 2] No such file or directory", "rc": 2}
但是,如果我使用相同的直径旋转一个豆荚,使用以下
apiVersion: batch/v1
kind: Job
metadata:
name: rotatedevcreds3
spec:
template:
metadata:
name: rotatedevcreds3
spec:
containers:
- name: shell
image: akanksha/dsserver:v7
env:
- name: DEMO
value: "Hello from the environment"
- name: personal_AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key
- name: personal_AWS_SECRET_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key_id
- name: personal_GIT_TOKEN
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_git_token
command:
- "bin/bash"
- "-c"
- "whoami; pwd; /root/rotateCreds.sh"
restartPolicy: Never
imagePullSecrets:
- name: regcred
这将创建一个POD,我可以登录到POD并运行/root/rotateCreds.sh
运行作业时,似乎无法重新识别aws cli。我试着调试whoami
和pwd
,这分别等于root
和/
,这很好。有什么指示缺少什么?我对工作不熟悉
为了在作业模板中进行进一步调试,我添加了睡眠时间
10000
秒,以便登录到容器并查看发生了什么。我注意到在登录后,我也可以手动运行脚本<代码>aws命令已正确识别。可能是您的路径设置不正确,
一个快速修复方法是在/root/rotateCreds.sh
脚本中定义aws cli的绝对路径,如/usr/local/bin/aws
,因此我添加了一个导出命令来更新路径,并修复了该问题。问题是:我使用的是命令资源,所以它不在bash环境中。因此,我们可以使用带有bash参数的shell资源,如下所述:
或者导出新路径。事实上,这就是问题所在。在给出了绝对路径之后,事情就成功了。在手动登录pod后,我可以再次看到路径。我想知道为什么运行作业时aws未设置在路径中!我正在使用的图像已经设置了路径。