dd-es-remote-ca我尝试将机密从命名空间复制default到kube-system命名空间。尽管在此过程中没有遇到任何错误,但机密未能成功复制。
% kubectl --namespace default get secret dd-es-remote-ca -o yaml | sed 's/namespace: default/namespace: kube-system/'
apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNekNDQWh1Z0F3SUJBZ0lRYlJYNlJ6amFSQ0gwcWZ1VTNldFNSakFOQmdrcWhraUc5dzBCQVFzRkFEQWsKTVFzd0NRWURWUVFMRXdKa1pERVZNQk1HQTFVRUF4TU1aR1F0ZEhKaGJuTndiM0owTUI0WERUSTBNREl3TnpJdwpORGMxT0ZvWERUSTFNREl3TmpJd05UYzFPRm93SkRFTE1Ba0dBMVVFQ3hNQ1pHUXhGVEFUQmdOVkJBTVRER1JrCkxYUnlZVzV6Y0c5eWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs4VzdNUEIKOU1YTU9KTGlqbnB3czYwR3gySm0vNzdiNmlxUGN1Y3lPZEVnZkVyZFJWcU13OWtyUlY5ZG92UFFLcHhxdXpZMgpLemFpYnpLb0ZVVWZpSEVJL0p2N1Y4c3ZWNkJSK3FudXFMbE9XcG90cWNiU205WGNUWmo4Mm5xU3o4UytSSFgrCmNMM1phTG0rczdlWHRIWDF1YzdYTEFMdDFyc1dFQkYrbWFoUmxXclR2VW1PdFdsL25wQ0FTY001MlROVW0yVTUKNUI0eklxa29OeXQrdG9IS0ZZYjZpZnVPNWlBUGtwVDBNQjRFbE1KNk45b1ZPTmllNDdGV0ZJUStqVmxyNXcrbQpEQzVnbVN4eE9oaCs0MHRoc1FBN1hLSkUvY3hCaVlxMmUyckxDM1JDdTUrWXJEUUpiaFpaT2dOb2QwT2syQVpqCis4QkNSaExIOEdlcldTVUNBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFEQWdLRU1CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSdQp4dEVqL3Rxenl5RWFNZ0F4NFc2SkpNeWRYVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbFFIbEtPcm1TUEZFCjNZR3p1Zm1ZaWVacUlZTXBBclJ2alR6SUFtams5SnFqbVYxK2Y2QXVFdE9CYy9NeHdwSEtuTHNZZVhRNUd1QVAKT0tsVTBiWGNiTmFocnd0Smg5YjVxWThSU1lMbmlrdTZxbHloK2taZHdZSTRxNW16dlVIeEJtUmpnaWJSbk05UQpLSE82QVkvbGtyNkQ5K0dJOHNDTlNLU2N5VUxVaVg0Um9sblpkUEdabmplbGFXNFBMMTVCRXNiMkRGTTV6WmVaCjBrR1p5RXhDWXdoWVZXKzlQVEo5aTRhcThYYmkvMDF4YlpxOWRIekhzd0E5SHBFcXpBVW1zeGJLQVJJUDhoNlAKdzRPQ21xbWFmY1MyaUtvdGtjQ0JrL1BiN0kzU0lmc09mczExTnVnNUFxOUYwUmd1a1FNUTJmT3pqM1FEbG1WYgpYcjZ5bE5ENGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kind: Secret
metadata:
creationTimestamp: "2024-02-07T20:57:58Z"
labels:
elasticsearch.k8s.elastic.co/cluster-name: dd
name: dd-es-remote-ca
namespace: kube-system
ownerReferences:
- apiVersion: elasticsearch.k8s.elastic.co/v1
blockOwnerDeletion: true
controller: true
kind: Elasticsearch
name: dd
uid: 21e623d1-8711-4273-8d55-82d7f85ea5eb
resourceVersion: "84366"
uid: ec59fa6f-910c-4934-bdca-9f5105a67512
type: Opaque
%
% kubectl get secret dd-es-remote-ca --namespace default -o yaml | sed 's/namespace: default/namespace: kube\-system/g' | kubectl apply -f -
secret/dd-es-remote-ca created
% kubectl --namespace kube-system get secrets
No resources found in kube-system namespace.
%
我做错了什么?请指教)谢谢!
% kubectl --namespace default get secret dd-es-remote-ca -o yaml | yq 'del ( .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid )' | sed 's/namespace: default/namespace: kube-system/' | kubectl apply -f -
secret/dd-es-remote-ca created
% kubectl --namespace kube-system get secrets
No resources found in kube-system namespace.
% kubectl --namespace default get secret dd-es-remote-ca -o yaml | yq 'del ( .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid )' | sed 's/namespace: default/namespace: kube-system/'
apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNekNDQWh1Z0F3SUJBZ0lRYlJYNlJ6amFSQ0gwcWZ1VTNldFNSakFOQmdrcWhraUc5dzBCQVFzRkFEQWsKTVFzd0NRWURWUVFMRXdKa1pERVZNQk1HQTFVRUF4TU1aR1F0ZEhKaGJuTndiM0owTUI0WERUSTBNREl3TnpJdwpORGMxT0ZvWERUSTFNREl3TmpJd05UYzFPRm93SkRFTE1Ba0dBMVVFQ3hNQ1pHUXhGVEFUQmdOVkJBTVRER1JrCkxYUnlZVzV6Y0c5eWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs4VzdNUEIKOU1YTU9KTGlqbnB3czYwR3gySm0vNzdiNmlxUGN1Y3lPZEVnZkVyZFJWcU13OWtyUlY5ZG92UFFLcHhxdXpZMgpLemFpYnpLb0ZVVWZpSEVJL0p2N1Y4c3ZWNkJSK3FudXFMbE9XcG90cWNiU205WGNUWmo4Mm5xU3o4UytSSFgrCmNMM1phTG0rczdlWHRIWDF1YzdYTEFMdDFyc1dFQkYrbWFoUmxXclR2VW1PdFdsL25wQ0FTY001MlROVW0yVTUKNUI0eklxa29OeXQrdG9IS0ZZYjZpZnVPNWlBUGtwVDBNQjRFbE1KNk45b1ZPTmllNDdGV0ZJUStqVmxyNXcrbQpEQzVnbVN4eE9oaCs0MHRoc1FBN1hLSkUvY3hCaVlxMmUyckxDM1JDdTUrWXJEUUpiaFpaT2dOb2QwT2syQVpqCis4QkNSaExIOEdlcldTVUNBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFEQWdLRU1CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSdQp4dEVqL3Rxenl5RWFNZ0F4NFc2SkpNeWRYVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbFFIbEtPcm1TUEZFCjNZR3p1Zm1ZaWVacUlZTXBBclJ2alR6SUFtams5SnFqbVYxK2Y2QXVFdE9CYy9NeHdwSEtuTHNZZVhRNUd1QVAKT0tsVTBiWGNiTmFocnd0Smg5YjVxWThSU1lMbmlrdTZxbHloK2taZHdZSTRxNW16dlVIeEJtUmpnaWJSbk05UQpLSE82QVkvbGtyNkQ5K0dJOHNDTlNLU2N5VUxVaVg0Um9sblpkUEdabmplbGFXNFBMMTVCRXNiMkRGTTV6WmVaCjBrR1p5RXhDWXdoWVZXKzlQVEo5aTRhcThYYmkvMDF4YlpxOWRIekhzd0E5SHBFcXpBVW1zeGJLQVJJUDhoNlAKdzRPQ21xbWFmY1MyaUtvdGtjQ0JrL1BiN0kzU0lmc09mczExTnVnNUFxOUYwUmd1a1FNUTJmT3pqM1FEbG1WYgpYcjZ5bE5ENGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kind: Secret
metadata:
labels:
elasticsearch.k8s.elastic.co/cluster-name: dd
name: dd-es-remote-ca
namespace: kube-system
ownerReferences:
- apiVersion: elasticsearch.k8s.elastic.co/v1
blockOwnerDeletion: true
controller: true
kind: Elasticsearch
name: dd
uid: 21e623d1-8711-4273-8d55-82d7f85ea5eb
type: Opaque
%
答案1
您所遇到的行为是由于metadata.ownerReferences您的原始对象造成的。如下:
kubectl explain secret.metadata.ownerReferences
此对象所依赖的对象列表。如果列表中的所有对象都已删除,则此对象将被垃圾回收。... 拥有对象必须与依赖对象位于同一命名空间中,或属于集群范围,因此没有命名空间字段。
由于目标命名空间中没有拥有该秘密的对象,因此它会被垃圾收集。