K
Q

Trying to access db-user-pass secret

7/18/2019

I inherited a Kubernetes/Docker setup. I am trying to recreate a dev environmental exactly as it is (with a new name) on a separate cluster. Sorry if my question is a bit ignorant, while I've mostly picked up Kubernetes/Docker, I'm still pretty new at it.

I've copied all of the information over to the cluster and launched it via kubectl and the old YAML. I am also using the old image file, which should contain the relevant secrets to my knowledge

However, I am getting an error about a missing secret, db-user-pass.

I have checked the included secrets directory in my state store for KOPS (on S3)

 Warning  FailedScheduling       22m (x3 over 22m)  default-scheduler                                    No nodes are available that match all of the predicates: Insufficient memory (2), PodToleratesNodeTaints (1).
  Normal   Scheduled              22m                default-scheduler                                    Successfully assigned name-keycloak-7c4c57cbdf-9g2n2 to ip-ip.address.goes.here.us-east-2.compute.internal
  Normal   SuccessfulMountVolume  22m                kubelet, ip-ip.address.goes.here.us-east-2.compute.internal  MountVolume.SetUp succeeded for volume "default-token-2vb5x"
  Normal   Pulled                 21m (x6 over 22m)  kubelet, ip-ip.address.goes.here.us-east-2.compute.internal  Successfully pulled image "image.location.amazonaws.com/dev-name-keycloak"
  Warning  Failed                 21m (x6 over 22m)  kubelet, ip-ip.address.goes.here.us-east-2.compute.internal  Error: secrets "db-user-pass" not found
  Warning  FailedSync             21m (x6 over 22m)  kubelet, ip-ip.address.goes.here.us-east-2.compute.internal  Error syncing pod
  Normal   Pulling                2m (x90 over 22m)  kubelet, ip-ip.address.goes.here.us-east-2.compute.internal  pulling image "image.location.amazonaws.com/dev-name-keycloak"

What exactly am I misunderstanding here? Is it maybe that Kubernetes is trying to assign a variable based on a value in my YAML, which is also set on the Docker image, but isn't available to Kubernetes? Should I just copy all of the secrets manually from one pod to another (or export to YAML and include in my application).

I'm strongly guessing that export + put into my existing setup is probably the best way forward to give all of the credentials to the pod.

Any guidance or ideas would be welcome here.

-- Cecil Rodriguez
docker
kubernetes

Similar Questions

New kubernetes install has remnants of old cluster
How to move kubernetes integration between gitlab groups
HTTP Client (Declarative or Low Level) could not access internet from the pod [Micronaut 1.1.4]
MetalLB External IP to Internet
volumeClaimTemplates and vsphereVolume
oc patch replace image name error " json: cannot unmarshal object into Go value of type jsonpatch.Patch"

1 Answer

7/19/2019

Could you please check if you have a secret named as a "db-user-pass" in your old cluster?

You can check that via : ubuntu@sal-k-m:~$ kubectl get secrets

OR (if it's in a different namespace)

ubuntu@sal-k-m:~$ kubectl get secrets -n web

If the secret is there then you need to --export that also and configure that in the new cluster.

kubectl get secrets -n web -o yaml --export > db-user-pass.yaml

You can find more details about the secret in this doc.

https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/

-- Salman Memon
Source: StackOverflow