使用KOPS时,我无法创建kubernetes集群,收到的错误消息是:
error reading cluster configuration "fraxxxx-k8s-devopsxxx": error reading s3://devopsxxx-k8s-learn.s3.amazonaws.com/fraxxx-k8s-devopsbcn/config: Could not retrieve location for AWS bucket devopsxxx-k8s-learn.s3.amazonaws.com
我确实创建了s3存储桶,尽管这是一个问题,例如未创建存储桶,所以我浏览了我的AWS存储桶并位于其中。
执行以下命令总是对我显示错误:
$ sudo kops create cluster fraxxxx-k8s-devopsxxx --zones eu-west-3a --yes
error reading cluster configuration "fraxxxx-k8s-devopsxxx": error reading s3://devopsxxx-k8s-learn.s3.amazonaws.com/fraxxx-k8s-devopsbcn/config: Could not retrieve location for AWS bucket devopsxxx-k8s-learn.s3.amazonaws.com
我确实配置了访问密钥:
:~$ aws configure
AWS Access Key ID [****************IYFQ]:
AWS Secret Access Key [****************+SXJ]:
Default region name [eu-west-3]:
Default output format [None]:
甚至将密钥导出为环境变量:
~$ echo $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
XXXXXXXXXXXXXXXIYFQ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+SXJ
存储桶名称也被导出为env var,我通过GUI对其进行了仔细检查,这似乎很好。
~$ echo $KOPS_STATE_STORE
s3://devxxxxxx-k8s-learn.s3.amazonaws.com
再次执行create命令,但现在添加了“状态”标志,但仍然失败。
$ sudo kops create cluster fraxxxx-k8s-devxxxxx --zones eu-west-3a --yes --state s3://devxxxxxx-k8s-learn.s3.amazonaws.com
error reading cluster configuration "fraxxxx-k8s-devxxxxxx": error reading s3://devxxxxxx-k8s-learn.s3.amazonaws.com/fraxxxx-k8s-devopsbcn/config: Could not retrieve location for AWS bucket devopsbcn-k8s-learn.s3.amazonaws.com
我希望运行create命令并具有一个可用的kubernetes集群。
答案 0 :(得分:2)
正在回答自己 根据AWS官方文档,在KOPS 1.6.1版之后,您需要:
1)用于创建kubernetes集群的顶级域。
2)具有特定权限的IAM用户,因为使用根AWS密钥很复杂,或者现在受到限制。
我将这些权限用于IAM用户:
AmazonEC2FullAccess
IAMFullAccess
AmazonEC2ContainerRegistryFullAccess
AmazonS3FullAccess
AWSElasticBeanstalkFullAccess
AmazonVPCFullAccess
AmazonRoute53FullAccess
3)当然,您应该使用IAM用户的访问密钥和机密。
4)然后是一个AWS route53托管区域。以下链接中的步骤
5)对我有用的“创建”集群命令:
$ sudo kops create cluster --name cluster.kubernetes-aws.io --zones eu-west-3a --state s3://xxxxx-kops-state-store --master-size=t2.micro --yes
注意标记--name和--state
请使用此文档来满足以上https://aws.amazon.com/blogs/compute/kubernetes-clusters-aws-kops/
除了上面列出的这些要点之外,我还必须弄清楚一些其他事情,例如:
A)从我的AWS route53将我的api DNS条目添加到/etc/hosts,即api.cluster.kubernetes-aws.io 32.56.87.41,因为当我运行此命令kops validate cluster时,它正在尝试要在我的PC上本地查找群集,请参见下文:
错误
$ sudo kops validate cluster --name cluster.kubernetes-aws.io --state s3://xxxxx-kops-state-store
Validating cluster cluster.kubernetes-aws.io
unexpected error during validation: unable to resolve Kubernetes cluster API URL dns: lookup api.cluster.xxxxxxxxx.com on 127.0.0.53:53: no such host
右
$ sudo kops validate cluster --name cluster.kubernetes-aws.io --state s3://xxxxx-kops-state-store
[sudo] password for prometheus:
Validating cluster cluster.kubernetes-aws.io
INSTANCE GROUPS
NAME ROLE MACHINETYPE MIN MAX SUBNETS
master-eu-west-3a Master t2.micro 1 1 eu-west-3a
nodes Node t2.medium 2 2 eu-west-3a
NODE STATUS
NAME ROLE READY
ip-172-XX-XX-XX.eu-west-3.xxxxx.internal master True
VALIDATION ERRORS
KIND NAME MESSAGE
Machine i-05755f2ba8b9ebea0 machine "i-05755f2ba8b9ebea0" has not yet joined cluster
Machine i-05d0a12acf5434e26 machine "i-05d0a12acf5434e26" has not yet joined cluster
Pod kube-system/kube-dns-57dd96bb49-q6zwc kube-system pod "kube-dns-57dd96bb49-q6zwc" is pending
Pod kube-system/kube-dns-autoscaler-867b9fd49d-hgpf8 kube-system pod "kube-dns-autoscaler-867b9fd49d-hgpf8" is pending
B)在尝试验证集群时,请再次注意标志--name和--state,否则会出错。
C)重要的是,在创建集群时,必须添加计算机类型,否则会出现以下错误。
error assigning default machine type for masters: error finding default machine type: could not find a suitable supported instance type for the instance group "master-eu-west-3a" (type "Master") in region "eu-west-3"
D)我的s3存储桶不是从env vars(或类似的东西)中挑选的,我只是将其作为标志传递给--state。对于C点和D点,我成功创建了集群,如下所示:
$ sudo kops create cluster --name cluster.kubernetes-aws.io --zones eu-west-3a --state s3://xxxxx-kops-state-store --master-size=t2.micro --yes