我目前陷入困境,不知道如何继续。
这是我的 Spring Boot application.properties
...
spring.datasource.driverClassName=org.postgresql.Driver
spring.datasource.url=jdbc:postgresql://${POSTGRES_HOST}:5432/postgres
spring.datasource.username=${POSTGRES_USER}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.testWhileIdle=true
spring.datasource.validationQuery=SELECT 1
spring.jpa.show-sql=true
spring.jpa.hibernate.ddl-auto=update
spring.jpa.hibernate.naming-strategy=org.hibernate.cfg.ImprovedNamingStrategy
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
#Setup SSL
server.port: 8443
server.ssl.key-store: ${TLS_CERTIFICATE}
server.ssl.key-store-password: ${TLS_PASSWORD}
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias fundtr
...
我的 Spring Boot 应用程序部署 yaml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: f-app
namespace: default
spec:
replicas: 1
template:
metadata:
name: f-app
labels:
app: f-app
spec:
containers:
- name: f-app
image: eu.gcr.io/..../...
env:
- name: POSTGRES_USER
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres_user
- name: POSTGRES_PASSWORD
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres_password
- name: POSTGRES_HOST
valueFrom:
configMapKeyRef:
name: hostname-config
key: postgres_host
- name: TLS-CERTIFICATE
valueFrom:
secretKeyRef:
name: f-tls
key: Certificate.p12
- name: TLS-PASSWORD
valueFrom:
secretKeyRef:
name: f-tls
key: password
这就是我在 Kubernetes 中创建 secret 的方式:
kubectl create secret generic f-tls --from-file=Certificate.p12 --from-literal=password=changeit
当它部署时,我得到
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: ContainerCannotRun
Message: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:295: setting oom score for ready process caused \"write /proc/13895/oom_score_adj: invalid argument\""
当我从部署 yaml 中删除 Secrets 时,它工作正常,但我不明白这个问题的根本原因是什么。我正在使用谷歌云平台容器引擎。
最佳答案
这是我的 deployment.yaml,它使用存储在 Kubernetes secret 中的 p12 key 和密码,就像在您的示例中一样创建。对我来说可以进行 SSL curl 调用。我获取作为只读卷安装的 p12 key 和密码文件的内容。希望能帮助到你。
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deployment-name
spec:
replicas: 3
selector:
matchLabels:
app: app-name
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
minReadySeconds: 30
template:
metadata:
labels:
app: app-name
spec:
volumes:
- name: application
emptyDir: {}
- name: secrets
secret:
secretName: key.p12
containers:
- name: php-fpm
image: index.docker.io/docker_account/docker_image:image_tag
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9000
volumeMounts:
- name: application
mountPath: /app
- name: secrets
mountPath: /api-p12-keys
readOnly: true
imagePullSecrets:
- name: docker-auth
关于spring-boot - Kubernetes Secret TLS 证书 P12 和 Spring Boot 部署不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50020701/