0
我使用RancherOS作爲主機並嘗試設置kubectl container。我修改了鏡像,只是將kubectl版本更改爲最新版本(1.8.0),並將代理設置添加到Dockerfile中,因爲沒有它,docker build無法運行apk命令。此外,Kubernetes正在由Rancher服務器進行管理。我從Rancher UI下載了kubectl CLI配置。它如下所示:kubectl容器無法連接Kubernetes
apiVersion: v1
kind: Config
clusters:
- cluster:
api-version: v1
server: "https://rancher.dev.abc.net/r/projects/1a6842/kubernetes:6443"
name: "test"
contexts:
- context:
cluster: "test"
user: "test"
name: "test"
current-context: "test"
users:
- name: "test"
user:
token: "QmFzaWMgTnpV9UZ3hPVVV4TXpaRFJrSTFSRFpDTkNOa2hSUTNscGNsSXpjMXAxVUdacVZUWk9NWFZaYVVGd1NqUk5UazVDUkZSM1lWZFhUZz09"
Dockerfile:
FROM docker.artifactory.abc.net/alpine:3.6
# Required for apk to install openssl
ENV http_proxy='http://proxy.abc.net:8080' \
https_proxy='http://proxy.abc.net:8080' \
no_proxy='localhost,abc.net'
ADD https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/linux/amd64/kubectl /usr/local/bin/kubectl
ENV HOME=/config
RUN set -x && \
apk add --no-cache curl ca-certificates && \
chmod +x /usr/local/bin/kubectl && \
\
# Create non-root user (with a randomly chosen UID/GUI).
adduser kubectl -Du 2342 -h /config && \
\
# Basic check it works.
kubectl version --client
USER kubectl
ENTRYPOINT ["/usr/local/bin/kubectl"]
也嘗試添加下列到Dockerfile但無濟於事。
COPY .kube/chain.pem /config/.kube/ca.crt
RUN cat /config/.kube/ca.crt
現在,當我運行命令,
$ docker run --rm --user $UID -v ~rancher/kubectl/.kube:/config/.kube kubectl:v1.8.0 version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority
如上所示,客戶端版本表示正常,但在連接到服務器,它失敗。我複製了~rancher/kubectl/.kube目錄中的ca.crt文件。也嘗試將文件重命名爲ca.pem,但不起作用。不知道需要提供什麼參數才能讓kubectl獲得crt文件。