KUBECONFIG安装完成,但kubectl从gitlab中的远程docker runner获取的吊舱-o宽无法工作
这有点棘手,我有一个K8s集群并正在运行,我能够在集群内执行docker映像,我可以看到命令“kubectl get pods-o wide”的内容。现在我已经用这个K8集群设置了Gitlab 我在上面K8集群的Gitlab中分别设置了变量$KUBE_URL$KUBE_USER和$KUBE_PASSWORD 在这里,Gitlab runner console显示所有这些信息,如下面的console日志所示,最后它失败了KUBECONFIG安装完成,但kubectl从gitlab中的远程docker runner获取的吊舱-o宽无法工作,docker,kubernetes,gitlab,Docker,Kubernetes,Gitlab,这有点棘手,我有一个K8s集群并正在运行,我能够在集群内执行docker映像,我可以看到命令“kubectl get pods-o wide”的内容。现在我已经用这个K8集群设置了Gitlab 我在上面K8集群的Gitlab中分别设置了变量$KUBE_URL$KUBE_USER和$KUBE_PASSWORD 在这里,Gitlab runner console显示所有这些信息,如下面的console日志所示,最后它失败了 $ kubeconfig=cluster1-config kubectl g
$ kubeconfig=cluster1-config kubectl get pods -o wide
error: the server doesn’t have a resource type “pods”
ERROR: Job failed: exit code 1
以下是完整的控制台日志:
这是我的.gitlab-ci.yml内容,您能建议一下为什么即使KUBECONFIG设置成功,kubectl get pods也不显示远程集群的pods吗
image : docker:latest
variables:
CONTAINER_DEV_IMAGE: https://hub.docker.com/r/tarunkumard/gatling/:$CI_COMMIT_SHA
stages:
deploy
deploy:
stage: deploy
tags:
- docker
script:
‘uname -a’
‘apk add --no-cache curl’
‘curl -LO http s://storage.go ogleapis.com/kubernetes-release/release/$(curl -s htt ps:// storage.googlea pis .com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl’
‘chmod +x ./kubectl’
‘mv ./kubectl /usr/local/bin/kubectl’
‘kubectl config set-cluster nosebit --server="$KUBE_URL" --insecure-skip-tls-verify=true’
‘kubectl config set-credentials admin --username=" " --password="$KUBE_PASSWORD"’
‘kubectl config set-context default --cluster=nosebit --user=admin’
‘kubectl config use-context default’
‘cat $HOME/.kube/config’
‘kubectl config view --minify > cluster1-config’
‘export KUBECONFIG=$HOME/.kube/config’
‘kubectl --kubeconfig=cluster1-config config get-contexts’
'kubeconfig=cluster1-config kubectl get pods -o wide ’
为什么gitlab runner无法从Kubernetes clusterNote获取POD此群集已使用启动并运行,我可以使用kubectl get pods命令查看POD基本上
kubectl config view --minify > cluster1-config
不会这样做,因为输出将类似于以下内容,没有实际的凭据/证书:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://<kube-apiserver>:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
namespace: default
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
如果这不是问题的话。可能是您的凭据没有正确的权限。我将尝试查找为该管理员用户绑定的ClusterRoleBinding或RoleBinding。比如:
$ kubectl get clusterrolebinding -o=jsonpath='{range .items[*]}{.metadata.name} {.roleRef.name} {.subjects}{"\n"}{end}' | grep admin
$ kubectl get rolebinding -o=jsonpath='{range .items[*]}{.metadata.name} {.roleRef.name} {.subjects}{"\n"}{end}' | grep admin
找到角色后,您可以查看它是否具有查看播客的正确权限。例如:
$ kubectl get clusterrole cluster-admin -o=yaml
你能把问题和代码片段的格式设置得更好一点吗?很难理解发生了什么。抱歉@JasonStanley,但您能在gitlab中帮助运行上面的脚本吗感谢您的响应,但仍然无法在gitlab$kubectl config view-raw中运行>cluster1 config$export KUBECONFIG=$HOME/.kube/config$kubectl-KUBECONFIG$HOME/.kube/config-config-get-contexts当前名称群集AUTHINFO命名空间*默认nosebit-admin$kubectl-KUBECONFIG$HOME/.kube/config-get-pods-o-wide错误:服务器没有资源类型pods错误:作业失败:退出代码1有没有办法确定是否建立了到我的远程Kubernetes群集的连接?下面是gitlab控制台输出$kubectl config view-minify>cluster1 config$export KUBECONFIG=$HOME/.kube/config$kubectl-KUBECONFIG=cluster1 config config-config-get-context当前名称群集AUTHINFO NAMESPACE*默认值nosebit admin$kubectl get clusterrolebinding-o=jsonpath={range.items[*]}{.metadata.name}{.roleRef.name}{.subjects}{\n}{end}}}grep管理错误:服务器没有资源类型clusterrolebinding错误:作业失败:退出代码1
$ kubectl get clusterrolebinding -o=jsonpath='{range .items[*]}{.metadata.name} {.roleRef.name} {.subjects}{"\n"}{end}' | grep admin
$ kubectl get rolebinding -o=jsonpath='{range .items[*]}{.metadata.name} {.roleRef.name} {.subjects}{"\n"}{end}' | grep admin
$ kubectl get clusterrole cluster-admin -o=yaml