我正在尝试使用kubernetes-incubator/client-python库连接到我的gke群集。我只运行基本查询:
from kubernetes import client, config
# Configs can be set in Configuration class directly or using helper utility
config.load_kube_config()
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
我收到了一个错误:
--------------------------------------------------------------------------
RefreshError Traceback (most recent call last)
<ipython-input-1-40695f414daf> in <module>()
2
3 # Configs can be set in Configuration class directly or using helper utility
----> 4 config.load_kube_config()
5
6 v1 = client.CoreV1Api()
/usr/local/lib/python2.7/distpackages/kubernetes/config/kube_config.pyc in
load_kube_config(config_file, context, client_configuration,
persist_config)
359 config_file, active_context=context,
360 client_configuration=client_configuration,
--> 361 config_persister=config_persister).load_and_set()
362
363
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in load_and_set(self)
251
252 def load_and_set(self):
--> 253 self._load_authentication()
254 self._load_cluster_info()
255 self._set_config()
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in
_load_authentication(self)
174 if not self._user:
175 return
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _load_gcp_token(self)
194 _is_expired(provider['config']['expiry']))):
195 # token is not available or expired, refresh it
--> 196 self._refresh_gcp_token()
197
198 self.token = "Bearer %s" % provider['config']['access-token']
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _refresh_gcp_token(self)
203 self._user['auth-provider'].value['config'] = {}
204 provider = self._user['auth-provider']['config']
--> 205 credentials = self._get_google_credentials()
206 provider.value['access-token'] = credentials.token
207 provider.value['expiry'] = format_rfc3339(credentials.expiry)
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _refresh_credentials()
133 credentials, project_id = google.auth.default()
134 request = google.auth.transport.requests.Request()
--> 135 credentials.refresh(request)
136 return credentials
137
/usr/local/lib/python2.7/dist-packages/google/oauth2/service_account.pyc in refresh(self, request)
320 assertion = self._make_authorization_grant_assertion()
321 access_token, expiry, _ = _client.jwt_grant(
--> 322 request, self._token_uri, assertion)
323 self.token = access_token
324 self.expiry = expiry
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in jwt_grant(request, token_uri, assertion)
141 }
142
--> 143 response_data = _token_endpoint_request(request, token_uri, body)
144
145 try:
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in _token_endpoint_request(request, token_uri, body)
107
108 if response.status != http_client.OK:
--> 109 _handle_error_response(response_body)
110
111 response_data = json.loads(response_body)
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in _handle_error_response(response_body)
57
58 raise exceptions.RefreshError(
---> 59 error_details, response_body)
60
61
RefreshError: ('invalid_scope: Empty or missing scope not allowed.', u'{\n "error" : "invalid_scope",\n "error_description" : "Empty or missing scope not allowed."\n}')
我认为我的kube.config文件存在问题。所以我删除了它并再次创建了集群,以便重新创建一个新的kube.config文件。问题仍然存在。你可以帮帮我吗?
答案 0 :(得分:2)
这是您的Google Cloud Platform凭据的问题。他们没有被发现,你无法与服务互动。 Here's some instructions关于如何设置它们。将GOOGLE_APPLICATION_CREDENTIALS环境变量指向您的凭证文件或通过SDK进行身份验证。