This is my deployment file:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: udagram-user
name: udagram-user
spec:
replicas: 1
selector:
matchLabels:
service: udagram-user
template:
metadata:
labels:
service: udagram-user
spec:
containers:
- image: pranjal121997/udagram-user
name: udagram-user
imagePullPolicy: Always
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "500m"
env:
- name: POSTGRESS_PASSWORD
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_PASSWORD
- name: POSTGRESS_USERNAME
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_USERNAME
- name: URL
valueFrom:
configMapKeyRef:
name: env-config
key: URL
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: env-config
key: JWT_SECRET
- name: POSTGRESS_DATABASE
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_DATABASE
- name: POSTGRESS_HOST
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_HOST
restartPolicy: Always
On deploying via kubectl create, it runs into CreateContainerConfigError. Below is the output of kubectl describe pod:
Name: udagram-user-f57f44889-5jtxf
Namespace: default
Priority: 0
Node: ip-172-31-43-242.ap-south-1pute.internal/172.31.43.242
Start Time: Wed, 20 May 2020 17:58:34 +0530
Labels: pod-template-hash=f57f44889
service=udagram-user
Annotations: kubernetes.io/psp: eks.privileged
Status: Pending
IP: 172.31.33.34
Controlled By: ReplicaSet/udagram-user-f57f44889
Containers:
udagram-user:
Container ID:
Image: pranjal121997/udagram-user
Image ID:
Port: <none>
Host Port: <none>
State: Waiting
Reason: CreateContainerConfigError
Ready: False
Restart Count: 0
Limits:
cpu: 500m
memory: 1Gi
Requests:
cpu: 250m
memory: 64Mi
Environment:
POSTGRESS_PASSWORD: <set to the key 'POSTGRESS_PASSWORD' of config map 'env-config'> Optional: false
POSTGRESS_USERNAME: <set to the key 'POSTGRESS_USERNAME' of config map 'env-config'> Optional: false
URL: <set to the key 'URL' of config map 'env-config'> Optional: false
JWT_SECRET: <set to the key 'JWT_SECRET' of config map 'env-config'> Optional: false
POSTGRESS_DATABASE: <set to the key 'POSTGRESS_DATABASE' of config map 'env-config'> Optional: false
POSTGRESS_HOST: <set to the key 'POSTGRESS_HOST' of config map 'env-config'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-skqmw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-skqmw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-skqmw
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m9s default-scheduler Successfully assigned default/udagram-user-f57f44889-5jtxf to ip-172-31-43-242.ap-south-1pute.internal
Warning FailedCreatePodSandBox 3m8s kubelet, ip-172-31-43-242.ap-south-1pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "93df5832a932be9ad03d0cfd1bbaaae2c44fed0073f1325e02697fd9f6b391e9" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m7s kubelet, ip-172-31-43-242.ap-south-1pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "ebcf88c3b4d88a19994f6fdd5eee011f257d9e40348f559758e94e7c368da3b2" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m6s kubelet, ip-172-31-43-242.ap-south-1pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "486dd729e6f9781f7440305cadd0ec6a8eb82129b07efaed2dc1b707c5d03f64" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m5s kubelet, ip-172-31-43-242.ap-south-1pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "35e39b69cd153b1a9b76b2fc672dec151afb5aebbce5999712891ab6c2329e9f" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Normal SandboxChanged 3m4s (x4 over 3m7s) kubelet, ip-172-31-43-242.ap-south-1pute.internal Pod sandbox changed, it will be killed and re-created.
Warning Failed 2m9s (x5 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1pute.internal Error: Couldn't find key POSTGRESS_DATABASE in ConfigMap default/env-config
Normal Pulling 114s (x6 over 3m4s) kubelet, ip-172-31-43-242.ap-south-1pute.internal Pulling image "pranjal121997/udagram-user"
Normal Pulled 112s (x6 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1pute.internal Successfully pulled image "pranjal121997/udagram-user"
I also have 2 other files: aws-secret.yaml and env-secret.yaml containing my postgress username, password and access id's but somehow kubernetes expects all keys to be present in env-configmap.yaml. How do I force my cluster to pick up secrets from the secrets file?
This is my deployment file:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: udagram-user
name: udagram-user
spec:
replicas: 1
selector:
matchLabels:
service: udagram-user
template:
metadata:
labels:
service: udagram-user
spec:
containers:
- image: pranjal121997/udagram-user
name: udagram-user
imagePullPolicy: Always
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "500m"
env:
- name: POSTGRESS_PASSWORD
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_PASSWORD
- name: POSTGRESS_USERNAME
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_USERNAME
- name: URL
valueFrom:
configMapKeyRef:
name: env-config
key: URL
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: env-config
key: JWT_SECRET
- name: POSTGRESS_DATABASE
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_DATABASE
- name: POSTGRESS_HOST
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_HOST
restartPolicy: Always
On deploying via kubectl create, it runs into CreateContainerConfigError. Below is the output of kubectl describe pod:
Name: udagram-user-f57f44889-5jtxf
Namespace: default
Priority: 0
Node: ip-172-31-43-242.ap-south-1.pute.internal/172.31.43.242
Start Time: Wed, 20 May 2020 17:58:34 +0530
Labels: pod-template-hash=f57f44889
service=udagram-user
Annotations: kubernetes.io/psp: eks.privileged
Status: Pending
IP: 172.31.33.34
Controlled By: ReplicaSet/udagram-user-f57f44889
Containers:
udagram-user:
Container ID:
Image: pranjal121997/udagram-user
Image ID:
Port: <none>
Host Port: <none>
State: Waiting
Reason: CreateContainerConfigError
Ready: False
Restart Count: 0
Limits:
cpu: 500m
memory: 1Gi
Requests:
cpu: 250m
memory: 64Mi
Environment:
POSTGRESS_PASSWORD: <set to the key 'POSTGRESS_PASSWORD' of config map 'env-config'> Optional: false
POSTGRESS_USERNAME: <set to the key 'POSTGRESS_USERNAME' of config map 'env-config'> Optional: false
URL: <set to the key 'URL' of config map 'env-config'> Optional: false
JWT_SECRET: <set to the key 'JWT_SECRET' of config map 'env-config'> Optional: false
POSTGRESS_DATABASE: <set to the key 'POSTGRESS_DATABASE' of config map 'env-config'> Optional: false
POSTGRESS_HOST: <set to the key 'POSTGRESS_HOST' of config map 'env-config'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-skqmw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-skqmw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-skqmw
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m9s default-scheduler Successfully assigned default/udagram-user-f57f44889-5jtxf to ip-172-31-43-242.ap-south-1.pute.internal
Warning FailedCreatePodSandBox 3m8s kubelet, ip-172-31-43-242.ap-south-1.pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "93df5832a932be9ad03d0cfd1bbaaae2c44fed0073f1325e02697fd9f6b391e9" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m7s kubelet, ip-172-31-43-242.ap-south-1.pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "ebcf88c3b4d88a19994f6fdd5eee011f257d9e40348f559758e94e7c368da3b2" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m6s kubelet, ip-172-31-43-242.ap-south-1.pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "486dd729e6f9781f7440305cadd0ec6a8eb82129b07efaed2dc1b707c5d03f64" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m5s kubelet, ip-172-31-43-242.ap-south-1.pute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "35e39b69cd153b1a9b76b2fc672dec151afb5aebbce5999712891ab6c2329e9f" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Normal SandboxChanged 3m4s (x4 over 3m7s) kubelet, ip-172-31-43-242.ap-south-1.pute.internal Pod sandbox changed, it will be killed and re-created.
Warning Failed 2m9s (x5 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1.pute.internal Error: Couldn't find key POSTGRESS_DATABASE in ConfigMap default/env-config
Normal Pulling 114s (x6 over 3m4s) kubelet, ip-172-31-43-242.ap-south-1.pute.internal Pulling image "pranjal121997/udagram-user"
Normal Pulled 112s (x6 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1.pute.internal Successfully pulled image "pranjal121997/udagram-user"
I also have 2 other files: aws-secret.yaml and env-secret.yaml containing my postgress username, password and access id's but somehow kubernetes expects all keys to be present in env-configmap.yaml. How do I force my cluster to pick up secrets from the secrets file?
Share Improve this question edited Apr 6, 2021 at 18:04 m0nhawk 24.3k9 gold badges49 silver badges74 bronze badges asked May 20, 2020 at 13:51 Pranjal SharmaPranjal Sharma 551 gold badge3 silver badges9 bronze badges1 Answer
Reset to default 3In the deployment yaml env-config is referred as configMapKeyRef in all the places. Hence kubernetes is expecting POSTGRESS_DATABASE to be present in env-config configMap. You can refer to a secret which contains key POSTGRESS_DATABASE key using secretKeyRef.
Here is an example.
apiVersion: v1
kind: Pod
metadata:
name: env-single-secret
spec:
containers:
- name: envars-test-container
image: nginx
env:
- name: POSTGRESS_DATABASE
valueFrom:
secretKeyRef:
name: postgres-database-secret-name
key: POSTGRESS_DATABASE