Kubernetes身份验证问题

时间:2018-05-23 09:53:35

标签: kubernetes

我开始研究在kubernetes上使用身份验证的不同方法。当然,我从最简单的选项,静态密码文件开始。基本上,我创建了一个名为users.csv的文件,其中包含以下内容:

mauro,maurosil,maurosil123,group_mauro

当我使用此文件启动minikube时,它会挂起群集组件(启动群集组件)。我使用的命令是:

minikube --extra-config = apiserver.Authentication.PasswordFile.BasicAuthFile =〜/ temp / users.csv start

一段时间后(约10分钟),minikube启动命令失败,并显示以下错误消息:

E0523 10:23:57.391692   30932 util.go:151] Error uploading error message: : Post https://clouderrorreporting.googleapis.com/v1beta1/projects/k8s-minikube/events:report?key=AIzaSyACUwzG0dEPcl-eOgpDKnyKoUFgHdfoFuA: x509: certificate signed by unknown authority

我可以看到日志上有几个错误(minikube日志):

ay 23 09:47:32 minikube kubelet[3301]: E0523 09:47:32.473157    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.99.100:8443/api/v1/pods?fieldSelector=spec.nodeName%3Dminikube&limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:33 minikube kubelet[3301]: E0523 09:47:33.414460    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:460: Failed to list *v1.Node: Get https://192.168.99.100:8443/api/v1/nodes?fieldSelector=metadata.name%3Dminikube&limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:33 minikube kubelet[3301]: E0523 09:47:33.470604    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:451: Failed to list *v1.Service: Get https://192.168.99.100:8443/api/v1/services?limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:33 minikube kubelet[3301]: E0523 09:47:33.474548    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.99.100:8443/api/v1/pods?fieldSelector=spec.nodeName%3Dminikube&limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:34 minikube kubelet[3301]: I0523 09:47:34.086654    3301 kubelet_node_status.go:271] Setting node annotation to enable volume controller attach/detach
May 23 09:47:34 minikube kubelet[3301]: I0523 09:47:34.090697    3301 kubelet_node_status.go:82] Attempting to register node minikube
May 23 09:47:34 minikube kubelet[3301]: E0523 09:47:34.091108    3301 kubelet_node_status.go:106] Unable to register node "minikube" with API server: Post https://192.168.99.100:8443/api/v1/nodes: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:34 minikube kubelet[3301]: E0523 09:47:34.370484    3301 event.go:209] Unable to write event: 'Patch https://192.168.99.100:8443/api/v1/namespaces/default/events/minikube.15313c5b8cf5913c: dial tcp 192.168.99.100:8443: getsockopt: connection refused' (may retry after sleeping)
May 23 09:47:34 minikube kubelet[3301]: E0523 09:47:34.419833    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:460: Failed to list *v1.Node: Get https://192.168.99.100:8443/api/v1/nodes?fieldSelector=metadata.name%3Dminikube&limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:34 minikube kubelet[3301]: E0523 09:47:34.472826    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:451: Failed to list *v1.Service: Get https://192.168.99.100:8443/api/v1/services?limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused
May 23 09:47:34 minikube kubelet[3301]: E0523 09:47:34.479619    3301 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.99.100:8443/api/v1/pods?fieldSelector=spec.nodeName%3Dminikube&limit=500&resourceVersion=0: dial tcp 192.168.99.100:8443: getsockopt: connection refused

我还登录了minikube VM(minikube ssh),我注意到apiserver docker容器已关闭。查看此容器的日志,我看到以下错误:

error: unknown flag: --Authentication.PasswordFile.BasicAuthFile

因此,我将命令改为:

minikube start --extra-config=apiserver.basic-auth-file=~/temp/users.csv

它再次失败,但现在容器显示不同的错误。该错误不再与无效标志相关。相反,它抱怨找不到文件(没有这样的文件或目录)。我还尝试在minikube vm(/ var / lib / localkube)上指定一个文件,但我遇到了同样的问题。

minikube版本是:

minikube version: v0.26.0

当我在不考虑身份验证的情况下启动minikube时,它运行正常。我还需要做其他任何步骤吗?

莫罗

1 个答案:

答案 0 :(得分:0)

您需要将文件安装到运行apiserver的docker容器中。请查看有效的黑客:https://github.com/kubernetes/minikube/issues/1898#issuecomment-402714802

相关问题
最新问题