我正在尝试创建一个Python客户端以在AKS集群上的Pod中连接并执行命令,但是当尝试连接时,我从客户端401 Unauthorized处收到消息错误。有人在API中遇到此问题吗?
API例外消息:
kubernetes.client.rest.ApiException: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({'Audit-Id': 'ba23c2b3-d65b-4200-b802-161300119860', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Date': 'Mon, 21 Sep 2020 18:21:59 GMT', 'Content-Length': '129'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
Python客户端API Kubernetes
from __future__ import print_function
import time
import kubernetes.client
import os
from kubernetes.stream import stream
from kubernetes.client.rest import ApiException
from pprint import pprint
name = input("Insira o POD name cadastrado")
namespace = input("namespace do POD cadastrado")
NomeAtuador = input("Insira o nome do atuador a ser gerado o arquivo de configuração")
configuration = kubernetes.client.Configuration()
#configuration.verify_ssl=False
#configuration.assert_hostname = False
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = 'MYTOKEN'
configuration.ssl_ca_cert= 'PATH TO CA.CRT'
configuration.host = "HOST_IP:443"
api_instance = kubernetes.client.CoreV1Api(
kubernetes.client.ApiClient(configuration))
exec_command = [
'/etc/openvpn/setup/newClientCert.sh',
(NomeAtuador),
'xxxxxxx']
resp = stream(api_instance.connect_post_namespaced_pod_exec(
(name), (namespace), command=exec_command,
stderr=True, stdin=True,
stdout=True, tty=True))
print("Response: " + resp)
我正在使用 Python 3.8.2 和 Kubernetes 1.16.13
答案 0 :(得分:1)
要解决我的问题,我将以下配置添加到群集配置中。
kubectl create clusterrolebinding serviceaccounts-cluster-admin \ --clusterrole=cluster-admin \ --group=system:serviceaccounts