我試圖讓虛擬機上運行kubectl。我遵循給定的步驟here,並可以通過安裝。我將本地kubernetes配置(從/Users/me/.kube/config)複製到.kube目錄中的VM。然而,當我運行任何命令,如kubectl get nodes返回error: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information在虛擬機上運行kubectl
有沒有一種方法,我可以在虛擬機上運行kubectl?
要使用kubectl去跟谷歌集裝箱引擎集羣中的非谷歌VM,您可以創建一個用戶管理IAM Service Account,並用它來驗證您的集羣:
# Set these variables for your project
PROJECT_ID=my-project
SA_NAME=my-new-serviceaccount
[email protected]$PROJECT_ID.iam.gserviceaccount.com
KEY_FILE=~/serviceaccount_key.json
# Create a new GCP IAM service account.
gcloud iam service-accounts create $SA_NAME
# Download a json key for that service account.
gcloud iam service-accounts keys create $KEY_FILE --iam-account $SA_EMAIL
# Give that service account the "Container Engine Developer" IAM role for your project.
gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:$SA_EMAIL --role roles/container.developer
# Configure Application Default Credentials (what kubectl uses) to use that service account.
export GOOGLE_APPLICATION_CREDENTIALS=$KEY_FILE
然後繼續前進並像平常一樣使用kubectl。
'〜/ serviceaccount_key.json'從哪裏來?編輯:在'API CONSOLE CREDENTIALS'下找到它:https://developers.google.com/identity/protocols/application-default-credentials – Ash
您的集羣託管在哪裏?是GKE嗎?它似乎期待你做一個'gcloud認證登錄'。 –
你可以從虛擬機上'gcloud auth login',但是這將使用你的個人身份來進行從該虛擬機進行的所有調用。爲程序化訪問創建一個服務帳戶比較安全(例如,如果它受到威脅,您可以撤銷服務帳戶的權限)。 –