我在本地配置了我的gcloud,并且能够连接到gcp秘密管理器。我的springboot项目工作得很好。我试图构建相同应用程序的docker映像,并试图在谷歌云命令行中运行该映像。我得到的错误如下所示。我正在使用谷歌秘密管理器存储秘密和访问它。我试图避免硬编码密钥在我的docker图像,并试图配置实例,我正在使用运行docker图像与gcloud访问秘密。我从gcloud cli本身开始,在docker运行时遇到了这个错误。请帮助我了解我哪里做错了。
pictarise_user@cloudshell:~ (picta-rise)$ docker run pictarise1.jfrog.io/pictarise-docker-local/pictaserv:v0.0.1
2022-06-01 04:16:04.976 INFO 1 --- [ main] c.g.c.s.core.DefaultCredentialsProvider : Default credentials provider for Google Compute Engine.
2022-06-01 04:16:04.980 INFO 1 --- [ main] c.g.c.s.core.DefaultCredentialsProvider : Scopes in use by default credentials: [https://www.googleapis.com/auth/cloud-platform]
2022-06-01 04:16:06.404 WARN 1 --- [ main] s.c.a.AnnotationConfigApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretManagerClient' defined in class path resource [com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
2022-06-01 04:16:06.412 INFO 1 --- [ main] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-06-01 04:16:06.458 ERROR 1 --- [ main] o.s.boot.SpringApplication : Application run failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretManagerClient' defined in class path resource [com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:953) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:740) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:415) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener.bootstrapServiceContext(BootstrapApplicationListener.java:195) ~[spring-cloud-context-3.1.1.jar!/:3.1.1]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:114) ~[spring-cloud-context-3.1.1.jar!/:3.1.1]
at org.springframework.cloud.bootstrap.BootstrapApplicationListener.onApplicationEvent(BootstrapApplicationListener.java:77) ~[spring-cloud-context-3.1.1.jar!/:3.1.1]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131) ~[spring-context-5.3.18.jar!/:5.3.18]
at org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:85) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:66) ~[spring-boot-2.6.6.jar!/:2.6.6]
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) ~[na:na]
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:120) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:114) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:65) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:339) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:297) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1312) ~[spring-boot-2.6.6.jar!/:2.6.6]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1301) ~[spring-boot-2.6.6.jar!/:2.6.6]
at com.pictarise.main.PictaRiseMonoApplication.main(PictaRiseMonoApplication.java:10) ~[classes!/:0.0.1-SNAPSHOT]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.3.18.jar!/:5.3.18]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.18.jar!/:5.3.18]
... 42 common frames omitted
Caused by: java.lang.NoClassDefFoundError: com/google/auth/Retryable
at java.base/java.lang.ClassLoader.defineClass1(Native Method) ~[na:na]
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017) ~[na:na]
at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174) ~[na:na]
at java.base/java.net.URLClassLoader.defineClass(URLClassLoader.java:555) ~[na:na]
at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:458) ~[na:na]
at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:452) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:451) ~[na:na]
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589) ~[na:na]
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:151) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
at java.base/java.lang.Class.getDeclaredMethods0(Native Method) ~[na:na]
at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3166) ~[na:na]
at java.base/java.lang.Class.getMethodsRecursive(Class.java:3307) ~[na:na]
at java.base/java.lang.Class.getMethod0(Class.java:3293) ~[na:na]
at java.base/java.lang.Class.getMethod(Class.java:2106) ~[na:na]
at io.grpc.auth.GoogleAuthLibraryCallCredentials$JwtHelper.<init>(GoogleAuthLibraryCallCredentials.java:273) ~[grpc-auth-1.35.0.jar!/:1.35.0]
at io.grpc.auth.GoogleAuthLibraryCallCredentials.createJwtHelperOrNull(GoogleAuthLibraryCallCredentials.java:220) ~[grpc-auth-1.35.0.jar!/:1.35.0]
at io.grpc.auth.GoogleAuthLibraryCallCredentials.<clinit>(GoogleAuthLibraryCallCredentials.java:53) ~[grpc-auth-1.35.0.jar!/:1.35.0]
at io.grpc.auth.MoreCallCredentials.from(MoreCallCredentials.java:35) ~[grpc-auth-1.35.0.jar!/:1.35.0]
at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:131) ~[gax-grpc-1.60.1.jar!/:1.60.1]
at com.google.api.gax.grpc.GrpcCallContext.withCredentials(GrpcCallContext.java:64) ~[gax-grpc-1.60.1.jar!/:1.60.1]
at com.google.api.gax.rpc.ClientContext.create(ClientContext.java:174) ~[gax-1.60.1.jar!/:1.60.1]
at com.google.cloud.secretmanager.v1.stub.GrpcSecretManagerServiceStub.create(GrpcSecretManagerServiceStub.java:250) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
at com.google.cloud.secretmanager.v1.stub.SecretManagerServiceStubSettings.createStub(SecretManagerServiceStubSettings.java:343) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.<init>(SecretManagerServiceClient.java:144) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
at com.google.cloud.secretmanager.v1.SecretManagerServiceClient.create(SecretManagerServiceClient.java:125) ~[google-cloud-secretmanager-1.2.8.jar!/:1.2.8]
at com.google.cloud.spring.autoconfigure.secretmanager.GcpSecretManagerBootstrapConfiguration.secretManagerClient(GcpSecretManagerBootstrapConfiguration.java:78) ~[spring-cloud-gcp-autoconfigure-3.2.0.jar!/:3.2.0]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.18.jar!/:5.3.18]
... 43 common frames omitted
Caused by: java.lang.ClassNotFoundException: com.google.auth.Retryable
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:476) ~[na:na]
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589) ~[na:na]
at org.springframework.boot.loader.LaunchedURLClassLoader.loadClass(LaunchedURLClassLoader.java:151) ~[PictaRiseMono-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
... 76 common frames omitted
2022-06-01 04:16:06.478 ERROR 1 --- [ main] o.s.boot.SpringApplication : Application run failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretManagerClient' defined in class path resource [com/google/cloud/spring/autoconfigure/secretmanager/GcpSecretManagerBootstrapConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.google.cloud.secretmanager.v1.SecretManagerServiceClient]: Factory method 'secretManagerClient' threw exception; nested exception is java.lang.NoClassDefFoundError: com/google/auth/Retryable
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.18.jar!/:5.3.18]
at
...
将此依赖项添加到POM.xml中解决了此问题
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-credentials</artifactId>
<version>1.7.0</version>
</dependency>
您的SpringBoot应用程序无法访问您在docker映像中本地配置的凭据。因此,它无法对google云API进行身份验证。
要解决这个问题,您需要创建一个服务帐户,如下所述。此服务帐户需要具有访问GCP上的秘密所需的所有权限。然后从该服务帐户创建密钥(JSON格式),如下所述。这些键需要挂载到docker镜像中。
最后但并非最不重要的是,您需要设置环境变量GOOGLE_APPLICATION_CREDENTIALS,正如这里在docker映像中所描述的那样,并将其指向docker映像中JSON密钥文件的路径。