我试图让kubectl在VM上运行。我按照here给出的步骤进行了安装。我将本地kubernetes配置(从/Users/me/.kube/config)复制到.kube目录中的VM。但是,当我运行kubectl get nodes之类的任何命令时,它会返回error: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information
我可以在VM上运行kubectl吗?
答案 0 :(得分:1)
要使用kubectl与非Google VM中的Google Container Engine群集通信,您可以创建用户管理的IAM Service Account,并使用它对您的群集进行身份验证:
# Set these variables for your project
PROJECT_ID=my-project
SA_NAME=my-new-serviceaccount
SA_EMAIL=$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com
KEY_FILE=~/serviceaccount_key.json
# Create a new GCP IAM service account.
gcloud iam service-accounts create $SA_NAME
# Download a json key for that service account.
gcloud iam service-accounts keys create $KEY_FILE --iam-account $SA_EMAIL
# Give that service account the "Container Engine Developer" IAM role for your project.
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:$SA_EMAIL --role roles/container.developer
# Configure Application Default Credentials (what kubectl uses) to use that service account.
export GOOGLE_APPLICATION_CREDENTIALS=$KEY_FILE
然后继续像往常一样使用kubectl。