Reputation: 11265
Trying to access db-user-pass secret
I inherited a Kubernetes/Docker setup. I am trying to recreate a dev environmental exactly as it is (with a new name) on a separate cluster. Sorry if my question is a bit ignorant, while I've mostly picked up Kubernetes/Docker, I'm still pretty new at it.
I've copied all of the information over to the cluster and launched it via kubectl and the old YAML. I am also using the old image file, which should contain the relevant secrets to my knowledge
However, I am getting an error about a missing secret, db-user-pass.
I have checked the included secrets directory in my state store for KOPS (on S3)
Warning FailedScheduling 22m (x3 over 22m) default-scheduler No nodes are available that match all of the predicates: Insufficient memory (2), PodToleratesNodeTaints (1).
Normal Scheduled 22m default-scheduler Successfully assigned name-keycloak-7c4c57cbdf-9g2n2 to ip-ip.address.goes.here.us-east-2.compute.internal
Normal SuccessfulMountVolume 22m kubelet, ip-ip.address.goes.here.us-east-2.compute.internal MountVolume.SetUp succeeded for volume "default-token-2vb5x"
Normal Pulled 21m (x6 over 22m) kubelet, ip-ip.address.goes.here.us-east-2.compute.internal Successfully pulled image "image.location.amazonaws.com/dev-name-keycloak"
Warning Failed 21m (x6 over 22m) kubelet, ip-ip.address.goes.here.us-east-2.compute.internal Error: secrets "db-user-pass" not found
Warning FailedSync 21m (x6 over 22m) kubelet, ip-ip.address.goes.here.us-east-2.compute.internal Error syncing pod
Normal Pulling 2m (x90 over 22m) kubelet, ip-ip.address.goes.here.us-east-2.compute.internal pulling image "image.location.amazonaws.com/dev-name-keycloak"
What exactly am I misunderstanding here? Is it maybe that Kubernetes is trying to assign a variable based on a value in my YAML, which is also set on the Docker image, but isn't available to Kubernetes? Should I just copy all of the secrets manually from one pod to another (or export to YAML and include in my application).
I'm strongly guessing that export + put into my existing setup is probably the best way forward to give all of the credentials to the pod.
Any guidance or ideas would be welcome here.
Upvotes: 0
Views: 152
Answers (1)
Reputation: 31
Could you please check if you have a secret named as a "db-user-pass" in your old cluster?
You can check that via : ubuntu@sal-k-m:~$ kubectl get secrets
OR (if it's in a different namespace)
ubuntu@sal-k-m:~$ kubectl get secrets -n web
If the secret is there then you need to --export that also and configure that in the new cluster.
kubectl get secrets -n web -o yaml --export > db-user-pass.yaml
You can find more details about the secret in this doc.
https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/
Upvotes: 1
Related Questions
- Cannot connect to mariadb on kubernetes when using secret
- Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)
- Docker Mysql official image not creating user in kubernetes
- Add users to a Kubernetes deployment of MySQL with secrets
- Kubernetes can't use secret for private docker repository
- POSTGRES_PASSWORD ignored and can access DB without or with any password
- Docker container (Kubernetes): Mysql user access denied
- How can I connect from a local Kubernetes to a DB on my local machine
- How to make kubernetes docker secret work?
- Postgres DB Password not being set in Kubernetes script