Kubernetes 错误：服务器没有'；“没有资源类型”；svc“；_Kubernetes_Kubectl_Amazon Eks

Kubernetes 错误：服务器没有'；“没有资源类型”；svc“；

kubernetes

Kubernetes 错误：服务器没有'；“没有资源类型”；svc“；,kubernetes,kubectl,amazon-eks,Kubernetes,Kubectl,Amazon Eks,获取错误：按照本指南测试kubectl配置时，服务器没有资源类型“svc”：详细错误 $kubectl get svc-v=8 I0712 15:30:24.902035 93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test I0712 15:30:24.902741 93745 round_trippers.go:383] GET https://REDACTED.yl4.u

获取

错误：按照本指南测试kubectl
配置时，服务器没有资源类型“svc”

：

详细错误

$kubectl get svc-v=8

I0712 15:30:24.902035   93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test
I0712 15:30:24.902741   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:24.902762   93745 round_trippers.go:390] Request Headers:
I0712 15:30:24.902768   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:24.902773   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.425614   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 522 milliseconds
I0712 15:30:25.425651   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.425657   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.425662   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.425670   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.426757   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.428104   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.428239   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.428258   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.428268   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.428278   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.577788   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.577818   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.577838   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.577854   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.577868   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.578876   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.579492   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.579851   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.579864   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.579873   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.579879   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.729513   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.729541   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.729547   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.729552   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.729557   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.730606   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.731228   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.731254   93745 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0712 15:30:25.731493   93745 helpers.go:119] error: the server doesn't have a resource type "svc"

AWS中EKS群集的屏幕截图

版本

kubectl版本

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:03:09Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client to provide credentials)

配置 Kubctl配置

$kubectl配置视图

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

AWS配置

cat.aws/config

[profile personal]
source_profile = personal

AWS证书

$cat.aws/凭证

[personal]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

~/.kube/config测试类似问题

我的KUBECONFIG环境变量有多个值时出现了这个问题，它看起来像：：/Users/my user/.kube/config firstcluster:/Users/my user/.kube/config secondcluster

尝试取消设置并重置环境变量，使其仅具有1个值，然后查看这是否适用于您。

401看起来像是权限问题。您的用户是否创建了集群？在文档中：“当您创建Amazon EKS群集时，IAM实体（用户或角色）将自动被授予群集RBAC配置中的system:master权限。若要授予其他AWS用户与群集交互的能力，您必须在Kubernetes内编辑AWS auth ConfigMap。”

如果它是由其他用户创建的，则需要使用该用户，并在CLI中将其配置为执行kubectl

只需删除.kube文件夹中的缓存和http缓存，然后尝试运行该命令 kubectl获得svc

还要确保您的配置文件正确缩进。由于语法错误，有时可能会抛出该错误。

我遇到了此错误，这是一个不同的kube配置问题，因此

error: the server doesn't have a resource type “svc”

错误可能是非常普遍的

就我而言，解决方案是删除证书颁发机构数据周围的引号

示例

（不工作）

（工作）

我刚刚遇到了一个类似的问题，我通过aws支持解决了这个问题。我遇到的问题是，创建集群时使用的角色由用户承担，但kubectl没有使用aws cli创建的默认kube配置来承担此角色

我通过在kube配置的users部分提供角色修复了这个问题

users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      - -r
      - <arn::of::your::role>
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: personal

用户：
-名称：aws
用户：
执行官：
apiVersion:client.authentication.k8s.io/v1alpha1
args：
-代币
--我
-试验
--r
- 
命令：aws iam验证器
环境：
-名称：AWS_简介
价值：个人

我相信heptio aws验证器现在已更改为aws iam验证器，但这一更改允许我使用群集。

需要确保用于在CLI中创建群集和执行kubectl的凭据相同。在我的例子中，我通过控制台创建了集群，该集群采用了AWS临时自动售货机凭证，该凭证已过期，as kubectl使用了实际的永久凭证。

为了修复错误，我还从AWS CLI创建了集群

如果您在UI中创建集群，则可能的解决方案
如果您在UI中创建了集群，那么AWS
root
用户可能创建了集群。根据文档，“创建Amazon EKS群集时，创建群集的IAM实体（用户或角色）将作为管理员（系统：主）权限添加到Kubernetes RBAC授权表中。最初，只有该IAM用户可以使用kubectl调用Kubernetes API服务器。”
您需要首先以
root
用户身份登录AWS CLI，以更新您希望访问群集的IAM用户的权限

您需要获取并将此信息放入默认用户下的
.aws/credentials
。您可以使用命令
aws configure
现在
kubectl get svc
可以工作了，因为您是以最初创建集群的root用户身份登录的

。按照这些文档中的步骤2，使用您从中获得的
NodeInstanceRole
值作为
输出

，请遵循这些文档中的步骤3。编辑
configmap/aws auth
并在
mapUsers
部分添加需要
kubectl
访问权限的其他用户

再次运行
aws configure
，并从非root用户添加访问密钥信息

现在，您可以从AWS CLI并使用kubectl访问集群。
我遇到了一个类似的问题，无法使用
kubectl
列出任何kubernetes对象。我尝试了以下命令，但得到了相同的“错误：服务器没有资源类型
对象\u名称
”
我检查了我的k8s仪表板，它对我来说工作正常。因此，我知道当kubectl试图与kube apiserver建立连接时会出现问题。我决定使用现有证书
curl
apiserver，但它需要证书密钥和crt文件。默认情况下，kubectl从
$HOME/.kube/config
读取配置并查找上下文。如果有多个集群，请检查
current context:your的值_user@cluster_name
。在
users
部分，检查
your_user
，并在执行以下步骤后将
客户端证书/客户端证书数据
和
客户端密钥/客户端密钥数据
的值保存在文件中

echo "value of client-certificate-data" | base64 --decode > your_user.crt echo "value of client-key-data" | base64 --decode > your_user.key #check the validality of certificate openssl x509 -in your_user.crt -text
如果证书已过期，则创建一个新证书并尝试进行身份验证如果您能够看到POD，则在配置文件中更新证书
$HOME/.kube/config的最终输出

apiVersion: v1 clusters: - cluster: certificate-authority: /$PATH/ca.crt server: https://192.168.0.143:8443 ($APISERVER) name: cluster_name contexts: - context: cluster: cluster_name user: your_user name: your_user@cluster_name current-context: your_user@cluster_name kind: Config preferences: {} users: - name: your_user user: client-certificate: /$PATH/your_user.crt client-key: /$PATH/your_user.key

现在，您应该能够使用
kubectl
成功地列出pod或其他资源。您还可以共享
/Users/matt.canty/.kube/config test的修订版吗？（并确保证书颁发机构和端点都是正常的（因为它们是经过编辑的）。kubectl提供了什么 users: - name: aws user: exec: apiVersion: client.authentication.k8s.io/v1alpha1 args: - token - -i - test - -r - <arn::of::your::role> command: aws-iam-authenticator env: - name: AWS_PROFILE value: personal kubectl get pod kubectl get service kubectl get configmap kubectl get namespace echo "value of client-certificate-data" | base64 --decode > your_user.crt echo "value of client-key-data" | base64 --decode > your_user.key #check the validality of certificate openssl x509 -in your_user.crt -text openssl genrsa -out your_user.key 2048 openssl req -new -key your_user.key -subj "/CN=check_cn_from_existing_certificate_crt_file" -out your_user.csr openssl x509 -req -in your_user.csr -CA /$PATH/ca.crt -CAkey /$PATH/ca.key -out your_user.crt -days 30 # Get the apiserver ip APISERVER=$(cat ~/.kube/config | grep server | cut -f 2- -d ":" | tr -d " ") # Authenticate with apiserver using curl command curl $APISERVER/api/v1/pods \ --cert your_user.crt \ --key your_user.key \ --cacert /$PATH/ca.crt apiVersion: v1 clusters: - cluster: certificate-authority: /$PATH/ca.crt server: https://192.168.0.143:8443 ($APISERVER) name: cluster_name contexts: - context: cluster: cluster_name user: your_user name: your_user@cluster_name current-context: your_user@cluster_name kind: Config preferences: {} users: - name: your_user user: client-certificate: /$PATH/your_user.crt client-key: /$PATH/your_user.key