這以前作業得很好,但由于某種原因它不再是,如果有人可以幫助解決這個問題,將不勝感激:
我的 terraform 代碼如下,已替換關鍵資訊。使用“<>”僅用于在此處公開分享:
外部 main.tf 有這個:
module "<name>_service_account" {
source = "../modules/kubernetes/service-account"
name = "<name>-deployer"
}
# Create <name> platform namespace
resource "kubernetes_namespace" "<name>-platform" {
metadata {
name = "<name>-platform"
}
}
服務帳戶 main.tf 模塊:
resource "kubernetes_service_account" "serviceaccount" {
metadata {
name = var.name
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "serviceaccount" {
metadata {
name = var.name
}
subject {
kind = "User"
name = "system:serviceaccount:kube-system:${var.name}"
}
role_ref {
kind = "ClusterRole"
name = "cluster-admin"
api_group = "rbac.authorization.k8s.io"
}
}
data "kubernetes_service_account" "serviceaccount" {
metadata {
name = var.name
namespace = "kube-system"
}
depends_on = [
resource.kubernetes_service_account.serviceaccount
]
}
data "kubernetes_secret" "serviceaccount" {
metadata {
name = data.kubernetes_service_account.serviceaccount.default_secret_name
namespace = "kube-system"
}
binary_data = {
"token": ""
}
depends_on = [
resource.kubernetes_service_account.serviceaccount
]
}
我的 output.tf 用于上述模塊:
output "secret_token" {
sensitive = true
value = lookup(data.kubernetes_secret.serviceaccount.binary_data, "token")
}
我在 terraform 管道中遇到的錯誤:
│ Error: Unable to fetch service account from Kubernetes: serviceaccounts "<name>-deployer" not found
│
│ with module.<name>_service_account.data.kubernetes_service_account.serviceaccount,
│ on ../modules/kubernetes/service-account/main.tf line 27, in data "kubernetes_service_account" "serviceaccount":
│ 27: data "kubernetes_service_account" "serviceaccount" {
uj5u.com熱心網友回復:
想通了,這是一個新的環境/專案,我的 terraform 重繪 階段仍在管道中,因此為什么它找不到服務帳戶,洗掉它并讓計劃和應用程式首先運行解決了它。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/432971.html
標籤:Kubernetes 谷歌云平台 地形