I am trying to deploy a k8s pos with dapr sidecar container. I want the dapr container to access a secret key named "MY_KEY" stored in a secret called my-secrets. I wrote this manifest for the deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
namespace: my-namespace
spec:
replicas: 1
selector:
matchLabels:
app: my-app
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
template:
metadata:
labels:
app: my-app
annotations:
dapr.io/enabled: "true"
dapr.io/app-id: my-app
dapr.io/app-port: "80"
dapr.io/config: |
{
"components": [
{
"name": "secrets",
"value": {
"MY_KEY": {
"secretName": "my-secrets",
"key": "MY_KEY"
}
}
}
]
}
spec:
containers:
- name: my_container
image: <<image_source>>
imagePullPolicy: "Always"
ports:
- containerPort: 80
envFrom:
- secretRef:
name: my-secrets
env:
- name: ASPNETCORE_ENVIRONMENT
value: Development
- name: ASPNETCORE_URLS
value: http:// :80
imagePullSecrets:
- name: <<image_pull_secret>>
but it seems that it cannot create the configuration, the dapr container log is:
time="2023-01-24T09:05:50.927484097Z" level=info msg="starting Dapr Runtime -- version 1.9.5 -- commit f5f847eef8721d85f115729ee9efa820fe7c4cd3" app_id=my-app instance=my-container-6db6f7f6b9-tggww scope=dapr.runtime type=log ver=1.9.5
time="2023-01-24T09:05:50.927525344Z" level=info msg="log level set to: info" app_id=emy-app instance=my-container-6db6f7f6b9-tggww scope=dapr.runtime type=log ver=1.9.5
time="2023-01-24T09:05:50.927709269Z" level=info msg="metrics server started on :9090/" app_id=my-app instance=my-container-6db6f7f6b9-tggww scope=dapr.metrics type=log ver=1.9.5
time="2023-01-24T09:05:50.92795239Z" level=info msg="Initializing the operator client (config: {
"components": [
{
"name": "secrets",
"value": {
"MY_KEY": {
"secretName": "my-secrets",
"key": "MY_KEY"
}
}
}
]
}
)" app_id=my-app instance=my-container-6db6f7f6b9-tggww scope=dapr.runtime type=log ver=1.9.5
time="2023-01-24T09:05:50.93737904Z" level=fatal msg="error loading configuration: rpc error: code = Unknown desc = error getting configuration: Configuration.dapr.io "{
"components": [
{
"name": "secrets",
"value": {
"MY_KEY": {
"secretName": "my-secrets",
"key": "MY_KEY"
}
}
}
]
}" not found" app_id=my-app instance=my-container-6db6f7f6b9-tggww scope=dapr.runtime type=log ver=1.9.5
can anyone tell me what's I am doing wrong? Thanks in advance for your help.
CodePudding user response:
Secret data should be configured in a secret store rather than being hard-coded into each component YAML. Know more on how to use Dapr components and secrets here
You must specify the name of the secret store that stores the secrets in the auth.secretStore field in order to reference a secret.
If auth.secretStore is empty while running in Kubernetes, the Kubernetes secret store is assumed.
Refer this to view all Dapr-supported secret stores and learn how to set them up and use them.