Kubernetes 作业无法识别环境
Kubernetes job does not recognize environment
我正在使用以下作业模板:
apiVersion: batch/v1
kind: Job
metadata:
name: rotatedevcreds2
spec:
template:
metadata:
name: rotatedevcreds2
spec:
containers:
- name: shell
image: akanksha/dsserver:v7
env:
- name: DEMO
value: "Hello from the environment"
- name: personal_AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key
- name: personal_AWS_SECRET_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key_id
- name: personal_GIT_TOKEN
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_git_token
command:
- "bin/bash"
- "-c"
- "whoami; pwd; /root/rotateCreds.sh"
restartPolicy: Never
imagePullSecrets:
- name: regcred
shell 脚本 运行 有一些 ansible 任务导致:
TASK [Get the existing access keys for the functional backup ID] ***************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "aws iam list-access-keys --user-name ''", "failed_when_result": true, "msg": "[Errno 2] No such file or directory", "rc": 2}
但是,如果我使用以下
使用相同的图像旋转一个 pod
apiVersion: batch/v1
kind: Job
metadata:
name: rotatedevcreds3
spec:
template:
metadata:
name: rotatedevcreds3
spec:
containers:
- name: shell
image: akanksha/dsserver:v7
env:
- name: DEMO
value: "Hello from the environment"
- name: personal_AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key
- name: personal_AWS_SECRET_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key_id
- name: personal_GIT_TOKEN
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_git_token
command:
- "bin/bash"
- "-c"
- "whoami; pwd; /root/rotateCreds.sh"
restartPolicy: Never
imagePullSecrets:
- name: regcred
这会创建一个 POD,我可以登录到该 pod 并且 运行 /root/rotateCreds.sh
虽然 运行正在执行作业,但它似乎无法识别 aws cli。我尝试调试 whoami 和 pwd,它们分别等于 root 和 /,没问题。任何指针缺少什么?我是新手。
为了在作业模板中进一步调试,我添加了 10000 秒的休眠,以便我可以登录到容器并查看发生了什么。我注意到登录后我也可以手动 运行 脚本。 aws 命令被正确识别。
可能是你的PATH设置不正确,
一个快速的解决方法是定义 aws-cli 的绝对路径,比如 /usr/local/bin/aws in /root/rotateCreds.sh script
好的,所以我添加了一个导出命令来更新路径并解决了这个问题。问题是:我正在使用命令资源,所以它不在 bash 环境中。所以要么我们可以使用 shell 资源和 bash 参数,如下所述:
https://docs.ansible.com/ansible/latest/modules/shell_module.html
或导出新路径。
我正在使用以下作业模板:
apiVersion: batch/v1
kind: Job
metadata:
name: rotatedevcreds2
spec:
template:
metadata:
name: rotatedevcreds2
spec:
containers:
- name: shell
image: akanksha/dsserver:v7
env:
- name: DEMO
value: "Hello from the environment"
- name: personal_AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key
- name: personal_AWS_SECRET_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key_id
- name: personal_GIT_TOKEN
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_git_token
command:
- "bin/bash"
- "-c"
- "whoami; pwd; /root/rotateCreds.sh"
restartPolicy: Never
imagePullSecrets:
- name: regcred
shell 脚本 运行 有一些 ansible 任务导致:
TASK [Get the existing access keys for the functional backup ID] ***************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "aws iam list-access-keys --user-name ''", "failed_when_result": true, "msg": "[Errno 2] No such file or directory", "rc": 2}
但是,如果我使用以下
使用相同的图像旋转一个 podapiVersion: batch/v1
kind: Job
metadata:
name: rotatedevcreds3
spec:
template:
metadata:
name: rotatedevcreds3
spec:
containers:
- name: shell
image: akanksha/dsserver:v7
env:
- name: DEMO
value: "Hello from the environment"
- name: personal_AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key
- name: personal_AWS_SECRET_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_aws_secret_access_key_id
- name: personal_GIT_TOKEN
valueFrom:
secretKeyRef:
name: rotatecreds-env
key: personal_git_token
command:
- "bin/bash"
- "-c"
- "whoami; pwd; /root/rotateCreds.sh"
restartPolicy: Never
imagePullSecrets:
- name: regcred
这会创建一个 POD,我可以登录到该 pod 并且 运行 /root/rotateCreds.sh
虽然 运行正在执行作业,但它似乎无法识别 aws cli。我尝试调试 whoami 和 pwd,它们分别等于 root 和 /,没问题。任何指针缺少什么?我是新手。
为了在作业模板中进一步调试,我添加了 10000 秒的休眠,以便我可以登录到容器并查看发生了什么。我注意到登录后我也可以手动 运行 脚本。 aws 命令被正确识别。
可能是你的PATH设置不正确,
一个快速的解决方法是定义 aws-cli 的绝对路径,比如 /usr/local/bin/aws in /root/rotateCreds.sh script
好的,所以我添加了一个导出命令来更新路径并解决了这个问题。问题是:我正在使用命令资源,所以它不在 bash 环境中。所以要么我们可以使用 shell 资源和 bash 参数,如下所述: https://docs.ansible.com/ansible/latest/modules/shell_module.html 或导出新路径。