如何使用 Kubernetes Python 客户端创建秘密？答案

【问题标题】：How to create secrets using Kubernetes Python client?如何使用 Kubernetes Python 客户端创建秘密？
【发布时间】：2018-03-27 13:14:23
【问题描述】：

我一直在尝试使用 python 客户端为 Kubernetes 集群创建秘密。我不断收到一个错误提示

Traceback (most recent call last):
File "create_secrets.py", line 19, in <module>
api_response = v1.create_namespaced_secret(namespace, body)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py", line 7271, in create_namespaced_secret
(data) = self.create_namespaced_secret_with_http_info(namespace, body, **kwargs)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py", line 7361, in create_namespaced_secret_with_http_info
collection_formats=collection_formats)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py", line 335, in call_api
_preload_content, _request_timeout)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py", line 148, in __call_api
_request_timeout=_request_timeout)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py", line 393, in request
body=body)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/rest.py", line 287, in POST
body=body)
File "/usr/local/lib/python3.6/site-packages/kubernetes/client/rest.py", line 240, in request
raise ApiException(http_resp=r)
kubernetes.client.rest.ApiException: (400)
Reason: Bad Request
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json', 'Date': 'Mon, 16 Oct 2017 04:17:35 GMT', 'Content-Length': '234'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"none in version \"v1\" cannot be handled as a Secret: no kind \"none\" is registered for version \"v1\"","reason":"BadRequest","code":400}

这是我试图执行以创建秘密的代码。

from __future__ import print_function
import time
import kubernetes.client
from pprint import pprint
from kubernetes import client, config

config.load_kube_config()
v1 = client.CoreV1Api()
namespace = 'kube-system'
metadata = {'name': 'pk-test-tls', 'namespace': 'kube-system'}
data=  {'tls.crt': '###BASE64 encoded crt###', 'tls.key': '###BASE64 encoded Key###'}
api_version = 'v1'
kind = 'none'
body = kubernetes.client.V1Secret(api_version, data , kind, metadata, 
type='kubernetes.io/tls')

api_response = v1.create_namespaced_secret(namespace, body)
pprint(api_response)

我在这里错过了什么？

【问题讨论】：

标签： python json kubernetes openapi kubernetes-python-client

【解决方案1】：

您写的几乎所有内容都可以，但请注意从kube-apiserver收到的消息：

HTTP 响应正文：{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"none in version "v1"不能作为 Secret 处理：没有为版本 "v1"","reason":"BadRequest","code":400}
注册任何类型的“none”

尤其是没有“无”。只是错字还是你有什么想法？

这里有种类列表https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#types-kinds

如果您将 kind 更改为“Secret”，那么一切都会正常工作。

【讨论】：

我听取了您的建议并更改了 kind = Secret 并收到以下错误。 HTTP 响应正文： {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Secret in version \"none\" 不能作为秘密处理：没有为版本“无”“原因”：“BadRequest”，“代码”：400}注册任何类型的“秘密”
然后我将 api_version 更改为 v1 并修复了它。
您在原始帖子中有api_version = "v1"。
@3h4x 为什么不接受 string_data。我开始跟随错误。 {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Secret in version \"v1\" cannot be handled as a Secret: v1.Secret.ObjectMeta: v1.ObjectMeta.TypeMeta: Kind: Data: decode base64: illegal base64 data at input byte 12 我将 string_data 作为参数传递，但它将其处理为 Data 类型而不是 stringData 类型