HC LW
Reputation: 197
Why cannot K8s pod read stored secret?
I cannot access a secret I created. I inserted a secret in K8s secret store and am simply trying to test access to it with this yaml...
apiVersion: v1
kind: Namespace
metadata:
name: space1
---
apiVersion: v1
kind: Pod
metadata:
name: space1
namespace: space1
spec:
containers:
- name: space1-pod
image: repo/python-image:latest
imagePullPolicy: Always
command: ['sh', '-c', 'echo "Username: $USER" "Password: $PASSWORD"']
env:
- name: USER
valueFrom:
secretKeyRef:
name: tool-user
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name:tool-user
key: password
restartPolicy: Always
The status of the "pod is waiting to start: CreateContainerConfigError". And I receive this error...
Error: secret "tool-user" not found
Despite the result I get from "kubectl get secrets" which clearly shows...
NAME TYPE DATA AGE
tool-user Opaque 2 4d1h
Upvotes: 0
Views: 617
Answers (2)
Prasanta Kumar Behera
Reputation: 36
secrets are namespaced objects. Make sure the secret "tool-user" is created on the "secret1" namespace.
Upvotes: 0
zerkms
Reputation: 254916
kubectl get secrets shows secrets from a default namespace, add -n space1 to see secrets from the namespace your pod runs in.
Upvotes: 1
Related Questions
- How to use faker.js in typescript?
- TypeScript - custom type guard
- Using a type guard on this
- Looking for type-guarding solution (TypeScript)
- Force TypeScript to type object literally
- Properly handling TypeScript's weak type detection
- Asserting that TypeScript should fail to type check some example code
- How to circumvent TypeScript typechecking when I know more than it
- User-defined type guards and lodash
- Typescript: User-Defined type guards for literal types?