使用阿里巴巴容器服务设置Kubernets集群,使用root帐户访问集群没有问题,当创建新的名称空间并将用户添加到该名称空间时,会引发错误服务器localhost:8080被拒绝
这是疑难解答的设置
定义名称空间 dev ,并使用get verb显示所有kubernetes名称空间。
root@kube-master:# kubectl get namespaces
NAME STATUS AGE
default Active 14d
dev Active 56m
kube-public Active 14d
kube-system Active 14d
在Kubernetes集群中添加了新的上下文。
kubectl config set-context dev --namespace=dev --user=user1
在将kubectl CLI与该配置文件一起使用时,我应该收到拒绝访问错误
root@kube-master:/home/ansible# kubectl --context=dev get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?
不是显示与服务器localhost:8080的连接被拒绝
没有-context ,效果很好
root@kube-master:# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 1 1h
这是kubernetes配置视图
root@kube-master:/home/ansible# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://172.16.2.13:6443
name: kubernetes
contexts:
- context:
cluster: ""
namespace: dev
user: user1
name: dev
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
root@kube-master:# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
dev user1 dev
* kubernetes-admin@kubernetes kubernetes kubernetes-admin
答案 0 :(得分:1)
我知道了,执行命令时我注意到了
kubectl config view
集群显示为空
- context:
cluster: ""
namespace: dev
user: user1
为解决此问题,添加了--cluster信息并修改了set-context
root@kube-master:/home/ansible# kubectl config set-context dev --cluster=kubernetes --namespace=dev --user=user1
Context "dev" modified.
并且上下文设置正确
contexts:
- context:
cluster: kubernetes
namespace: dev
user: user1
name: dev
当我用--context=dev查找豆荚时,我获得了预期的结果
root@kube-master:/home/ansible# kubectl --context=dev get pods
No resources found.
Error from server (Forbidden): pods is forbidden: User "system:anonymous" cannot list pods in the namespace "dev"