以前是否有人使用服务账户挂载 SSL 证书以从正在运行的作业中访问 AWS 集群?我们如何做到这一点?我创建了作业,这是来自失败容器的输出,导致 Pod 处于错误状态。
Error in configuration:
* unable to read client-cert /client.crt for test-user due to open /client.crt: no such file or directory
* unable to read client-key /client.key for test-user due to open /client.key: no such file or directory
* unable to read certificate-authority /ca.crt for test-cluster due to open /ca.crt: no such file or director
解决方案是创建一个包含证书的Secret,然后让作业引用它。
第 1 步。创建密钥:
kubectl create secret generic job-certs --from-file=client.crt --from-file=client.key --from-file=ca.crt
第 2 步。作业清单中的引用机密。您必须在作业中插入volumes和volumeMounts。
spec:
volumes:
- name: ssl
secret:
secretName: job-certs
containers:
volumeMounts:
- mountPath: "/etc/ssl"
name: "ssl"