1. 首頁
  2. 問答
  3. 代理服務器後面的kubectl

代理服務器後面的kubectl

2017-01-05 90 views
3

我已經按照說明here使用minikube安裝了一個本地Kubernetes服務器羣集。代理服務器後面的kubectl

我屬於公司代理機構。因此我設置了http_proxy和https_proxy env變量。一旦羣集在minikube start命令之後啓動,我還將值minikube ip添加到no_proxy env var。但是kubectl仍然無法連接到羣集。

[email protected]:~$ kubectl -v=7 get pods 
I0105 10:31:47.773801 17607 loader.go:354] Config loaded from file /home/ubuntu/.kube/config 
I0105 10:31:47.775151 17607 round_trippers.go:296] GET https://192.168.42.22:8443/api 
I0105 10:31:47.778533 17607 round_trippers.go:303] Request Headers: 
I0105 10:31:47.778606 17607 round_trippers.go:306]  Accept: application/json, */* 
I0105 10:31:47.778676 17607 round_trippers.go:306]  User-Agent: kubectl/v1.5.1 (linux/amd64) kubernetes/82450d0 
I0105 10:31:47.783069 17607 round_trippers.go:321] Response Status: in 4 milliseconds 
I0105 10:31:47.783166 17607 helpers.go:221] Connection error: Get https://192.168.42.22:8443/api: Forbidden port 
F0105 10:31:47.783181 17607 helpers.go:116] Unable to connect to the server: Forbidden port

我假設這是因爲kubectl沒有意識到no_proxy設置。一個簡單的捲曲到集羣過得很好。

[email protected]:~$ curl -v -k https://192.168.42.22:8443/api 
* Hostname was NOT found in DNS cache 
* Trying 192.168.42.22... 
* Connected to 192.168.42.22 (192.168.42.22) port 8443 (#0) 
* successfully set certificate verify locations: 
* CAfile: none 
    CApath: /etc/ssl/certs 
* SSLv3, TLS handshake, Client hello (1): 
* SSLv3, TLS handshake, Server hello (2): 
* SSLv3, TLS handshake, CERT (11): 
* SSLv3, TLS handshake, Server key exchange (12): 
* SSLv3, TLS handshake, Request CERT (13): 
* SSLv3, TLS handshake, Server finished (14): 
* SSLv3, TLS handshake, CERT (11): 
* SSLv3, TLS handshake, Client key exchange (16): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* SSLv3, TLS change cipher, Client hello (1): 
* SSLv3, TLS handshake, Finished (20): 
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256 
* Server certificate: 
*  subject: CN=minikube 
*  start date: 2017-01-04 16:04:47 GMT 
*  expire date: 2018-01-04 16:04:47 GMT 
*  issuer: CN=minikubeCA 
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. 
> GET /api HTTP/1.1 
> User-Agent: curl/7.35.0 
> Host: 192.168.42.22:8443 
> Accept: */* 
> 
< HTTP/1.1 401 Unauthorized 
< Content-Type: text/plain; charset=utf-8 
< X-Content-Type-Options: nosniff 
< Date: Thu, 05 Jan 2017 10:33:45 GMT 
< Content-Length: 13 
< 
Unauthorized 
* Connection #0 to host 192.168.42.22 left intact

有關如何解決此問題的任何想法?

來源

2017-01-05 n3o

回答

13

修復了這個問題。解決方法是在NO_PROXY中也有no_proxy細節。

export NO_PROXY=$no_proxy,$(minikube ip)

Relevant thread。希望這對別人有用。

來源

2017-01-05 10:40:59 n3o

+0

對於任何人,如果還有其他卡在A級可怕Cisco AnyConnect VPN客戶端後面,它會將所有進入'192.168.99.100'的請求有效地路由到黑洞 - 這樣任何包含該IP地址的'no_proxy'都不會工作 - 你可能也想看到這個解決方案:https://github.com/kubernetes/minikube/issues/1099#issuecomment-307154111 –

相關問題

 相關問題