我正在google kubernetes引擎部署java应用程序。应用程序正确启动但在尝试请求数据时失败。例外是“DatastoreException,Missing or insufficient permissions”。我创建了具有“所有者”角色的服务帐户,并为kubernetes提供了服务帐户密钥。以下是我如何应用kubernetes部署:
# delete old secret
kubectl delete secret google-key --ignore-not-found
# file with key
kubectl create secret generic google-key --from-file=key.json
kubectl apply -f prod-kubernetes.yml
这是部署配置:
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
name: user
labels:
app: user
spec:
type: NodePort
ports:
- port: 8000
name: user
targetPort: 8000
nodePort: 32756
selector:
app: user
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: userdeployment
spec:
replicas: 1
template:
metadata:
labels:
app: user
spec:
volumes:
- name: google-cloud-key
secret:
secretName: google-key
containers:
- name: usercontainer
image: gcr.io/proj/user:v1
imagePullPolicy: Always
volumeMounts:
- name: google-cloud-key
mountPath: /var/secrets/google
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
ports:
- containerPort: 8000
我想知道它为什么不起作用?我在之前的部署中使用过此配置并取得了成功。 UPD:我确保/var/secrets/google/key.json存在于pod。我打印Files.exists(System.getEnv(“GOOGLE_APPLICATION_CREDENTIALS”))来记录。我也打印这个文件的内容 - 它似乎没有被破坏。
解决了,原因是错误的名称GOOGLE_CLOUD_PROJECT