--insecure-skip-tls-verify不适用于kubefed join

时间:2018-04-22 18:11:15

标签: kubernetes kubectl

我正在尝试使用kubefed join向联盟添加群集: 这是联邦kube配置文件:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://k8s-apiserver.cluster.local:8443
  name: kubernetes
- cluster:
    certificate-authority-data: REDACTED
    server: https://172.16.1.4:32471
  name: federation
- cluster:
    insecure-skip-tls-verify: true
    server: https://139.54.130.49:32046
  name: kubernetes-s1
contexts:
- context:
    cluster: kubernetes
    namespace: default
    user: kubectl
  name: default-context
- context:
    cluster: federation
    user: federation
  name: federation
- context:
    cluster: kubernetes
    namespace: kube-system
    user: kubectl
  name: kube-system-context
- context:
    cluster: kubernetes-s1
    namespace: default
    user: kubernetes-admins1
  name: kubernetes-admin-s1
current-context: federation
kind: Config
preferences: {}
users:
- name: federation
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    token: e7506989-42eb-11e8-bf70-fa163eb593a3
- name: federation-basic-auth
  user:
    password: e7506937-42eb-11e8-bf70-fa163eb593a3
    username: admin
- name: kubectl
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: kubernetes-admins1
  user:
    token: eyJhbGciOiJSUz............

我运行此命令:kubefed join site-1 --host-cluster-context = default-context --cluster-context = kubernetes-admin-s1 --insecure-skip-tls-verify = true,群集是创建但具有脱机状态,无法访问; 我正在使用令牌承载来到达目标集群的api服务器; 我哪里错了? 

kubectl describe clusters
Name:         site-1
Namespace:    
Labels:       <none>
Annotations:  federation.kubernetes.io/cluster-role-name=federation-controller-manager:federation-site-1-default-context
              federation.kubernetes.io/servive-account-name=site-1-default-context
API Version:  federation/v1beta1
Kind:         Cluster
Metadata:
  Creation Timestamp:  2018-04-22T17:37:40Z
  Resource Version:    1347
  Self Link:           /apis/federation/v1beta1/clusters/site-1
  UID:                 daf922d2-4653-11e8-aded-f225b0c7c174
Spec:
  Secret Ref:
    Name:  site-1-w4vv6
  Server Address By Client CID Rs:
    Client CIDR:     0.0.0.0/0
    Server Address:  https://139.54.130.49:32046
Status:
  Conditions:
    Last Probe Time:       2018-04-22T18:09:43Z
    Last Transition Time:  2018-04-22T17:37:42Z
    Message:               cluster is not reachable
    Reason:                ClusterNotReachable
    Status:                True
    Type:                  Offline
Events:                    <none>

1 个答案:

答案 0 :(得分:0)

根据source code,该消息的含义正是如此:

无法访问群集,因为无法从控制器访问群集端点https://139.54.130.49:32046

因此,只需检查端点是否正确并且是否可以从控制器进行连接。

相关问题
最新问题