Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/blackberry/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kubernetes 库伯内特斯:为什么';不安全跳过tls验证';在kubeconfig不工作?_Kubernetes - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Kubernetes 库伯内特斯:为什么';不安全跳过tls验证';在kubeconfig不工作?

Kubernetes 库伯内特斯:为什么';不安全跳过tls验证';在kubeconfig不工作?

kubernetes

Kubernetes 库伯内特斯:为什么';不安全跳过tls验证';在kubeconfig不工作?,kubernetes,Kubernetes,我使用自签名证书运行kube apiserver: /opt/bin/kube-apiserver \ --etcd_servers=http://master:2379,http://slave1:2379,http://slave2:2379 \ --logtostderr=false \ --v=4 \ --client-ca-file=/home/kubernetes/ssl/ca.crt \ --service-cluster-ip-range=192.168.3.0/24 \ --t

我使用自签名证书运行kube apiserver:

/opt/bin/kube-apiserver \
--etcd_servers=http://master:2379,http://slave1:2379,http://slave2:2379 \
--logtostderr=false \
--v=4 \
--client-ca-file=/home/kubernetes/ssl/ca.crt \
--service-cluster-ip-range=192.168.3.0/24 \
--tls-cert-file=/home/kubernetes/ssl/server.crt \
--tls-private-key-file=/home/kubernetes/ssl/server.key
然后我用kubeconfig运行kubelet:

/opt/bin/kubelet \
--address=0.0.0.0 \
--port=10250 \
--api_servers=https://master:6443 \
--kubeconfig=/home/kubernetes/ssl/config.yaml \
--logtostderr=false \
--v=4
config.yaml的内容如下:

apiVersion: v1
kind: Config
clusters:
- name: ubuntu
  cluster:
    insecure-skip-tls-verify: true
    server: https://master:6443
contexts:
- context:
    cluster: "ubuntu"
    user: "ubuntu"
  name: development
current-context: development
users:
- name: ubuntu
  user:
    client-certificate: /home/kubernetes/ssl/ca.crt
    client-key: /home/kubernetes/ssl/ca.key
因此,我认为kubelet不会验证apiserver的自签名证书,但日志显示:

E1009 16:48:51.919749  100724 reflector.go:136] Failed to list *api.Pod: Get https://master:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dslave1: x509: certificate signed by unknown authority
E1009 16:48:51.919876  100724 reflector.go:136] Failed to list *api.Node: Get https://master:6443/api/v1/nodes?fieldSelector=metadata.name%3Dslave1: x509: certificate signed by unknown authority
E1009 16:48:51.923153  100724 reflector.go:136] Failed to list *api.Service: Get https://master:6443/api/v1/services: x509: certificate signed by unknown authority
E1009 16:48:52.821556  100724 event.go:194] Unable to write event: 'Post https://master:6443/api/v1/namespaces/default/events: x509: certificate signed by unknown authority' (may retry after sleeping)
E1009 16:48:52.922414  100724 reflector.go:136] Failed to list *api.Node: Get https://master:6443/api/v1/nodes?fieldSelector=metadata.name%3Dslave1: x509: certificate signed by unknown authority
E1009 16:48:52.922433  100724 reflector.go:136] Failed to list *api.Pod: Get https://master:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dslave1: x509: certificate signed by unknown authority
E1009 16:48:52.924432  100724 reflector.go:136] Failed to list *api.Service: Get https://master:6443/api/v1/services: x509: certificate signed by unknown authority
因此,我对
不安全跳过tls verify
..

的含义感到困惑。当提供客户端证书/密钥时,该标志的行为存在一个未决问题()。当提供客户端证书时,将忽略不安全标志。

好的,谢谢,我找到了解决此问题的新提交。@Jordan我在Kubernetes遇到此问题,Kubernetes github打开了一个错误报告,并在此处发布了一个问题: