问题:
无法从集群内部连接到kubernetes API
杨飞
我试图在我本地minikube集群上的一个简单示例中使用fabric8io/kubernetes-client,在这里我获得了一个pod的IP
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;
public class PodLogExample {
public static void main(String[] args) throws InterruptedException {
String podName = "some-pod-name-jnfen3";
String namespace = "default";
String master = "https://localhost:32780/";
Config config = new ConfigBuilder().withMasterUrl(master).build();
KubernetesClient client = new DefaultKubernetesClient(config);
String podIP = client.pods().inNamespace(namespace).withName(podName).get().getStatus().getPodIP();
System.out.println("Pod IP is: " + podIP);
Thread.sleep(5 * 1000);
client.close();
}
}
some-pod-name-jnfen3是完成执行的pod的名称,如果执行Kubectl get pods则可见。
https://localhost:32780/是一个kubernetes API主机,我从Kubectl config view-o jsonpath=“{.clusters[?(@.name==\”minikube\“)].cluster.server}”中获得该主机。
- MiniKube只有1个节点。
- Fabric8IO/Kubernetes-客户端版本为4.9.1
- Java 11
我将此代码作为作业部署在some-pod-name-jnfen3的同一集群上。这里有个例外:
Exception in thread "main" io.fabric8.kubernetes.client.KubernetesClientException: Operation: [get] for kind: [Pod] with name: [some-pod-name-jnfen3] in namespace: [default] failed.
at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:64)
at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:72)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.getMandatory(BaseOperation.java:225)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.get(BaseOperation.java:168)
at PodLogExample.main(PodLogExample.java:16)
Caused by: java.net.ConnectException: Failed to connect to localhost/127.0.0.1:32780
at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:249)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:167)
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:258)
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:127)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at io.fabric8.kubernetes.client.utils.BackwardsCompatibilityInterceptor.intercept(BackwardsCompatibilityInterceptor.java:134)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor.intercept(ImpersonatorInterceptor.java:68)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at io.fabric8.kubernetes.client.utils.HttpClientUtils.lambda$createHttpClient$3(HttpClientUtils.java:112)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:257)
at okhttp3.RealCall.execute(RealCall.java:93)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:469)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:430)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:395)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:376)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleGet(BaseOperation.java:845)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.getMandatory(BaseOperation.java:214)
... 2 more
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at okhttp3.internal.platform.Platform.connectSocket(Platform.java:129)
at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:247)
... 34 more
出于某种原因,它无法连接到kubernetes API主机。
我该怎么修好它?
如果我不将配置传递给客户端,它将获得正确的主IP,然后失败,出现以下异常
Exception in thread "main" io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://10.96.0.1/api/v1/namespaces/default/pods/some-pod-name-jnfen3. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "some-pod-name-jnfen3" is forbidden: User "system:serviceaccount:default:default" cannot get resource "pods" in API group "" in the namespace "default".
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:568)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:505)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:471)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:430)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:395)
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleGet(OperationSupport.java:376)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleGet(BaseOperation.java:845)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.getMandatory(BaseOperation.java:214)
at io.fabric8.kubernetes.client.dsl.base.BaseOperation.get(BaseOperation.java:168)
at PodLogExample.main(PodLogExample.java:17)
共有1个答案
郑高驰
Kubectl配置视图-o jsonpath=“{.clusters[?(@.name==\”minikube\“)].cluster.server}”返回相对IP。对豆荚来说是不同的。
不传递config将使库找到正确的IP。
另外,应该在job.yaml中创建和设置一个新的服务帐户。
default服务帐户没有获取k8s实体的权限。
相关GitHub问题
类似资料:
-
我正在尝试从MAC连接到安全的Azure Service Fabric群集,但我遇到了一些SSL问题 我可以通过Web浏览器通过相同的证书验证 /Explorer,但当我尝试与我的命令行相同,我得到SSl错误。有什么建议吗? 错误: 请求中出错,SSLError:HTTPSConnectionPool(host='mylinuxx.centralindia.cloudapp.azure.com',
-
我有一个ECS集群,其中有3个EC2实例,它们都位于私有子网中。我创建了一个任务定义,使用以下环境变量运行Confluent提供的kafka-connect映像: 我在这个集群前面有一个应用程序负载均衡器,在端口8083上有一个侦听器。我已经正确地设置了目标组,以包括运行Kafka-Connect的EC2实例。因此负载均衡器应该将请求转发到集群。确实如此,但我总是得到响应。我可以ssh到EC2实例
-
我在从Lambda函数连接Elasticache时遇到问题,我已完成以下操作: 创建了一个新的安全组 Internet正常工作,我通过打开URL验证stackoverflow.com。但是Elasticache自动发现超时。是否需要进行任何额外的配置? 更新I将安全组的入站规则添加到端口6379,现在仍然超时。
-
我尝试了kafka-console-consumer.sh和kafka-console-producer.sh,它工作得很好。我能够看到生产者在消费者中发送的消息 1)我已经下载了s3连接器(https://docs.confluent.io/current/connect/kafka-connect-S3/index.html) 2)将文件解压缩到/home/ec2-user/plugins/
-
我创建了一个副本zookeeper+kafka集群,使用来自官方孵化器repo的官方kafka图表: 如果我进入动物园管理员舱: 我使用工具测试TCP连通性。我预计会出现通信错误,因为服务器没有使用HTTP,但是如果curl连都不能连接,我不得不用ctrl-C输出,那么TCP连接就不能工作了。 我可以通过访问本地pod: 但是通过服务名连接到Kafka pod不起作用,我必须ctrl-C curl
-
null NewJenkins.Values具有以下特性。 报告的错误是。 我在谷歌上搜索了一段时间,很多网站都提到了服务帐户设置,但没有任何工作。 还有别的步骤吗?