Kubernetes 错误:服务器没有';“没有资源类型”;svc“;
获取Kubernetes 错误:服务器没有';“没有资源类型”;svc“;,kubernetes,kubectl,amazon-eks,Kubernetes,Kubectl,Amazon Eks,获取错误:按照本指南测试kubectl配置时,服务器没有资源类型“svc”: 详细错误 $kubectl get svc-v=8 I0712 15:30:24.902035 93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test I0712 15:30:24.902741 93745 round_trippers.go:383] GET https://REDACTED.yl4.u
错误:按照本指南测试kubectl
配置时,服务器没有资源类型“svc”
:
详细错误
$kubectl get svc-v=8
I0712 15:30:24.902035 93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test
I0712 15:30:24.902741 93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:24.902762 93745 round_trippers.go:390] Request Headers:
I0712 15:30:24.902768 93745 round_trippers.go:393] User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:24.902773 93745 round_trippers.go:393] Accept: application/json, */*
I0712 15:30:25.425614 93745 round_trippers.go:408] Response Status: 401 Unauthorized in 522 milliseconds
I0712 15:30:25.425651 93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.425657 93745 round_trippers.go:414] Content-Type: application/json
I0712 15:30:25.425662 93745 round_trippers.go:414] Content-Length: 129
I0712 15:30:25.425670 93745 round_trippers.go:414] Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.426757 93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.428104 93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.428239 93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.428258 93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.428268 93745 round_trippers.go:393] Accept: application/json, */*
I0712 15:30:25.428278 93745 round_trippers.go:393] User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.577788 93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.577818 93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.577838 93745 round_trippers.go:414] Content-Type: application/json
I0712 15:30:25.577854 93745 round_trippers.go:414] Content-Length: 129
I0712 15:30:25.577868 93745 round_trippers.go:414] Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.578876 93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.579492 93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.579851 93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.579864 93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.579873 93745 round_trippers.go:393] Accept: application/json, */*
I0712 15:30:25.579879 93745 round_trippers.go:393] User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.729513 93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.729541 93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.729547 93745 round_trippers.go:414] Content-Type: application/json
I0712 15:30:25.729552 93745 round_trippers.go:414] Content-Length: 129
I0712 15:30:25.729557 93745 round_trippers.go:414] Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.730606 93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.731228 93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.731254 93745 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0712 15:30:25.731493 93745 helpers.go:119] error: the server doesn't have a resource type "svc"
AWS中EKS群集的屏幕截图
版本
kubectl版本
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:03:09Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client to provide credentials)
配置
Kubctl配置
$kubectl配置视图
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- token
- -i
- test
command: heptio-authenticator-aws
env:
- name: AWS_PROFILE
value: personal
AWS配置
cat.aws/config
[profile personal]
source_profile = personal
AWS证书
$cat.aws/凭证
[personal]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED
~/.kube/config测试
类似问题
尝试取消设置并重置环境变量,使其仅具有1个值,然后查看这是否适用于您。401看起来像是权限问题。您的用户是否创建了集群? 在文档中:“当您创建Amazon EKS群集时,IAM实体(用户或角色)将自动被授予群集RBAC配置中的system:master权限。若要授予其他AWS用户与群集交互的能力,您必须在Kubernetes内编辑AWS auth ConfigMap。”
如果它是由其他用户创建的,则需要使用该用户,并在CLI中将其配置为执行kubectl只需删除.kube文件夹中的缓存和http缓存,然后尝试运行该命令 kubectl获得svc
还要确保您的配置文件正确缩进。由于语法错误,有时可能会抛出该错误。我遇到了此错误,这是一个不同的kube配置问题,因此
error: the server doesn't have a resource type “svc”
错误可能是非常普遍的
就我而言,解决方案是删除证书颁发机构数据周围的引号
示例
(不工作)
(工作)
我刚刚遇到了一个类似的问题,我通过aws支持解决了这个问题。我遇到的问题是,创建集群时使用的角色由用户承担,但kubectl没有使用aws cli创建的默认kube配置来承担此角色 我通过在kube配置的users部分提供角色修复了这个问题
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- token
- -i
- test
- -r
- <arn::of::your::role>
command: aws-iam-authenticator
env:
- name: AWS_PROFILE
value: personal
用户:
-名称:aws
用户:
执行官:
apiVersion:client.authentication.k8s.io/v1alpha1
args:
-代币
--我
-试验
--r
-
命令:aws iam验证器
环境:
-名称:AWS_简介
价值:个人
我相信heptio aws验证器现在已更改为aws iam验证器,但这一更改允许我使用群集。需要确保用于在CLI中创建群集和执行kubectl的凭据相同。在我的例子中,我通过控制台创建了集群,该集群采用了AWS临时自动售货机凭证,该凭证已过期,as kubectl使用了实际的永久凭证。
为了修复错误,我还从AWS CLI创建了集群 如果您在UI中创建集群,则可能的解决方案 如果您在UI中创建了集群,那么AWS
root
用户可能创建了集群。根据文档,“创建Amazon EKS群集时,创建群集的IAM实体(用户或角色)将作为管理员(系统:主)权限添加到Kubernetes RBAC授权表中。最初,只有该IAM用户可以使用kubectl调用Kubernetes API服务器。”
您需要首先以root
用户身份登录AWS CLI,以更新您希望访问群集的IAM用户的权限
.aws/credentials
。您可以使用命令aws configure
现在kubectl get svc
可以工作了,因为您是以最初创建集群的root用户身份登录的NodeInstanceRole
值作为输出
configmap/aws auth
并在mapUsers
部分添加需要kubectl
访问权限的其他用户aws configure
,并从非root用户添加访问密钥信息现在,您可以从AWS CLI并使用kubectl访问集群。我遇到了一个类似的问题,无法使用
kubectl
列出任何kubernetes对象。我尝试了以下命令,但得到了相同的“错误:服务器没有资源类型对象\u名称
”
我检查了我的k8s仪表板,它对我来说工作正常。因此,我知道当kubectl试图与kube apiserver建立连接时会出现问题。我决定使用现有证书curl
apiserver,但它需要证书密钥和crt文件。默认情况下,kubectl从$HOME/.kube/config
读取配置并查找上下文。如果有多个集群,请检查current context:your的值_user@cluster_name
。在users
部分,检查your_user
,并在执行以下步骤后将客户端证书/客户端证书数据
和客户端密钥/客户端密钥数据
的值保存在文件中
echo "value of client-certificate-data" | base64 --decode > your_user.crt
echo "value of client-key-data" | base64 --decode > your_user.key
#check the validality of certificate
openssl x509 -in your_user.crt -text
如果证书已过期,则创建一个新证书并尝试进行身份验证
如果您能够看到POD,则在配置文件中更新证书
$HOME/.kube/config的最终输出
apiVersion: v1
clusters:
- cluster:
certificate-authority: /$PATH/ca.crt
server: https://192.168.0.143:8443 ($APISERVER)
name: cluster_name
contexts:
- context:
cluster: cluster_name
user: your_user
name: your_user@cluster_name
current-context: your_user@cluster_name
kind: Config
preferences: {}
users:
- name: your_user
user:
client-certificate: /$PATH/your_user.crt
client-key: /$PATH/your_user.key
现在,您应该能够使用
kubectl
成功地列出pod或其他资源。您还可以共享/Users/matt.canty/.kube/config test的修订版吗?(并确保证书颁发机构和端点都是正常的(因为它们是经过编辑的)。kubectl提供了什么
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- token
- -i
- test
- -r
- <arn::of::your::role>
command: aws-iam-authenticator
env:
- name: AWS_PROFILE
value: personal
kubectl get pod
kubectl get service
kubectl get configmap
kubectl get namespace
echo "value of client-certificate-data" | base64 --decode > your_user.crt
echo "value of client-key-data" | base64 --decode > your_user.key
#check the validality of certificate
openssl x509 -in your_user.crt -text
openssl genrsa -out your_user.key 2048
openssl req -new -key your_user.key -subj "/CN=check_cn_from_existing_certificate_crt_file" -out your_user.csr
openssl x509 -req -in your_user.csr -CA /$PATH/ca.crt -CAkey /$PATH/ca.key -out your_user.crt -days 30
# Get the apiserver ip
APISERVER=$(cat ~/.kube/config | grep server | cut -f 2- -d ":" | tr -d " ")
# Authenticate with apiserver using curl command
curl $APISERVER/api/v1/pods \
--cert your_user.crt \
--key your_user.key \
--cacert /$PATH/ca.crt
apiVersion: v1
clusters:
- cluster:
certificate-authority: /$PATH/ca.crt
server: https://192.168.0.143:8443 ($APISERVER)
name: cluster_name
contexts:
- context:
cluster: cluster_name
user: your_user
name: your_user@cluster_name
current-context: your_user@cluster_name
kind: Config
preferences: {}
users:
- name: your_user
user:
client-certificate: /$PATH/your_user.crt
client-key: /$PATH/your_user.key