Kubernetes缺少机密文件,错误为:secret“;环境";找不到
当我部署Kubernetes应用程序的新版本时,我遇到了这个错误Kubernetes缺少机密文件,错误为:secret“;环境";找不到,kubernetes,sealedsecret,Kubernetes,Sealedsecret,当我部署Kubernetes应用程序的新版本时,我遇到了这个错误 Error: secret "env" not found 甚至我在自定义资源定义中也有env-->sealedsecrets.bitnami.com env.yaml apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: creationTimestamp: null name: env namespace: api sp
Error: secret "env" not found
甚至我在自定义资源定义中也有env-->sealedsecrets.bitnami.com
env.yaml
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: env
namespace: api
spec:
encryptedData:
AUTH_COGNITO: AgCIxZX0Zv6gcK2p ----
template:
metadata:
creationTimestamp: null
name: env
namespace: api
type: Opaque
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
labels:
app: {{ .Release.Name }}
spec:
revisionHistoryLimit: 2
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}
spec:
containers:
- name: {{ .Release.Name }}
image: "{{ .Values.imageRepository }}:{{ .Values.tag }}"
env:
{{- include "api.env" . | nindent 12 }}
resources:
limits:
memory: {{ .Values.memoryLimit }}
cpu: {{ .Values.cpuLimit }}
requests:
memory: {{ .Values.memoryRequest }}
cpu: {{ .Values.cpuRequest }}
{{- if .Values.healthCheck }}
livenessProbe:
httpGet:
path: /healthcheck
port: 4000
initialDelaySeconds: 3
periodSeconds: 3
timeoutSeconds: 3
{{- end }}
imagePullSecrets:
- name: {{ .Values.imagePullSecret }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: env
namespace: api
type: Opaque
stringData:
DB_USER: "userName"
DB_PASSWORD: "password"
部署。yaml
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: env
namespace: api
spec:
encryptedData:
AUTH_COGNITO: AgCIxZX0Zv6gcK2p ----
template:
metadata:
creationTimestamp: null
name: env
namespace: api
type: Opaque
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
labels:
app: {{ .Release.Name }}
spec:
revisionHistoryLimit: 2
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}
spec:
containers:
- name: {{ .Release.Name }}
image: "{{ .Values.imageRepository }}:{{ .Values.tag }}"
env:
{{- include "api.env" . | nindent 12 }}
resources:
limits:
memory: {{ .Values.memoryLimit }}
cpu: {{ .Values.cpuLimit }}
requests:
memory: {{ .Values.memoryRequest }}
cpu: {{ .Values.cpuRequest }}
{{- if .Values.healthCheck }}
livenessProbe:
httpGet:
path: /healthcheck
port: 4000
initialDelaySeconds: 3
periodSeconds: 3
timeoutSeconds: 3
{{- end }}
imagePullSecrets:
- name: {{ .Values.imagePullSecret }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: env
namespace: api
type: Opaque
stringData:
DB_USER: "userName"
DB_PASSWORD: "password"
更新我的问题
我的秘密我没有叫做env的秘密
加上regcred
内部Sealedsecrets.bitnami.com
Failed to unseal: no key could decrypt secret (.dockerconfigjson)
您对错误的Kubernetes群集运行了kubeseal
,或者您试图在加密后编辑名称或命名空间,但未启用加密模式下的名称或命名空间。更可能是第一个。甚至@coderanger回答它,我想补充更多细节
我犯了一个错误,我用错误的名称空间(api而不是api2)运行kubeSeal命令,然后在转换的文件中更改它
KubeSeal < input.yaml > env.yaml -o yaml
集群中是否有名为env
的“Secret”对象(而不是sealedsecret对象)。您的Sealed Secrets控制器是否实际“解除密封”Sealed secret并创建该秘密?您可以共享sealed secrets controller的日志吗?不,我没有使用env name的secret,很抱歉,我不知道我的sealed secrets controller是否“取消密封”我的对象sealed secrets controller应该取消密封/解密sealed secrets对象,然后使用该数据创建“机密”对象。检查sealed secrets controller的日志。是的,我看到他不能,因为错误导致无法打开:没有密钥可以解密机密(.dockerconfigjson)您是否加密sealed secrets使用的密钥中的机密“.dockerconfigjson”?似乎是密封机密密钥设置和加密的问题