Question

我使用RancherOS作为主机并尝试设置kubectl container。我修改了图像，只是将kubectl版本更改为最新版本（1.8.0），并将代理设置添加到Dockerfile中，因为没有它，docker build无法运行apk命令。此外，Kubernetes由Rancher服务器管理。我从Rancher UI下载了kubectl CLI配置。如下所示：

apiVersion: v1
kind: Config
clusters:
- cluster:
    api-version: v1
    server: "https://rancher.dev.abc.net/r/projects/1a6842/kubernetes:6443"
  name: "test"
contexts:
- context:
    cluster: "test"
    user: "test"
  name: "test"
current-context: "test"
users:
- name: "test"
  user:
    token: "QmFzaWMgTnpV9UZ3hPVVV4TXpaRFJrSTFSRFpDTkNOa2hSUTNscGNsSXpjMXAxVUdacVZUWk9NWFZaYVVGd1NqUk5UazVDUkZSM1lWZFhUZz09"

Dockerfile：

FROM docker.artifactory.abc.net/alpine:3.6

# Required for apk to install openssl
ENV http_proxy='http://proxy.abc.net:8080'  \
    https_proxy='http://proxy.abc.net:8080' \
    no_proxy='localhost,abc.net'

ADD https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/linux/amd64/kubectl /usr/local/bin/kubectl

ENV HOME=/config

RUN set -x && \
    apk add --no-cache curl ca-certificates && \
    chmod +x /usr/local/bin/kubectl && \
    \
    # Create non-root user (with a randomly chosen UID/GUI).
    adduser kubectl -Du 2342 -h /config && \
    \
    # Basic check it works.
    kubectl version --client

USER kubectl

ENTRYPOINT ["/usr/local/bin/kubectl"]

还尝试将以下内容添加到Dockerfile中但无济于事。

COPY .kube/chain.pem /config/.kube/ca.crt
RUN cat /config/.kube/ca.crt

现在，当我运行命令时，

$ docker run --rm --user $UID -v ~rancher/kubectl/.kube:/config/.kube kubectl:v1.8.0 version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority

如上所示，客户端版本显示正常，但在连接到服务器时，它失败了。我复制了~rancher/kubectl/.kube目录中的ca.crt文件。还尝试将文件重命名为ca.pem但它不起作用。不确定必须提供什么参数，因此kubectl可以获取crt文件。

Answer 1

所以我终于开始工作了。 Dockerfile没有变化。在上面显示的.kube/config文件中，我只需要添加以下条目：

certificate-authority: /config/.kube/ca.crt

所以.kube/config文件现在看起来如下所示：

apiVersion: v1
kind: Config
clusters:
- cluster:
    api-version: v1
    certificate-authority: /config/.kube/ca.crt
    server: "https://rancher.dev.abc.net/r/projects/1a6842/kubernetes:6443"
  name: "test"
contexts:
- context:
    cluster: "test"
    user: "test"
  name: "test"
current-context: "test"
users:
- name: "test"
  user:
    token: "QmFzaWMgTnpV9UZ3hPVVV4TXpaRFJrSTFSRFpDTkNOa2hSUTNscGNsSXpjMXAxVUdacVZUWk9NWFZaYVVGd1NqUk5UazVDUkZSM1lWZFhUZz09"

最后，我可以看到服务器版本。呼...

$ docker run --rm --user $UID -v ~rancher/kubectl/.kube:/config/.kube kubectl:v1.8.0 version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"7+", GitVersion:"v1.7.2-rancher1", GitCommit:"eda266858c448156b6d6fee372ff43ffb458a70c", GitTreeState:"clean", BuildDate:"2017-08-03T17:22:27Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

kubectl容器无法与Kubernetes连接

1 个答案: