我使用RancherOS作为主机并尝试设置kubectl container . 我修改了图像,只是将kubectl版本更改为最新版本(1.8.0),并将代理设置添加到Dockerfile,因为没有它,docker build无法运行apk命令 . 此外,Kubernetes由Rancher服务器管理 . 我从Rancher UI下载了kubectl CLI配置 . 如下所示:
apiVersion: v1
kind: Config
clusters:
- cluster:
api-version: v1
server: "https://rancher.dev.abc.net/r/projects/1a6842/kubernetes:6443"
name: "test"
contexts:
- context:
cluster: "test"
user: "test"
name: "test"
current-context: "test"
users:
- name: "test"
user:
token: "QmFzaWMgTnpV9UZ3hPVVV4TXpaRFJrSTFSRFpDTkNOa2hSUTNscGNsSXpjMXAxVUdacVZUWk9NWFZaYVVGd1NqUk5UazVDUkZSM1lWZFhUZz09"
Dockerfile:
FROM docker.artifactory.abc.net/alpine:3.6
# Required for apk to install openssl
ENV http_proxy='http://proxy.abc.net:8080' \
https_proxy='http://proxy.abc.net:8080' \
no_proxy='localhost,abc.net'
ADD https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/linux/amd64/kubectl /usr/local/bin/kubectl
ENV HOME=/config
RUN set -x && \
apk add --no-cache curl ca-certificates && \
chmod +x /usr/local/bin/kubectl && \
\
# Create non-root user (with a randomly chosen UID/GUI).
adduser kubectl -Du 2342 -h /config && \
\
# Basic check it works.
kubectl version --client
USER kubectl
ENTRYPOINT ["/usr/local/bin/kubectl"]
还尝试将以下内容添加到Dockerfile但无济于事 .
COPY .kube/chain.pem /config/.kube/ca.crt
RUN cat /config/.kube/ca.crt
现在当我运行命令时,
$ docker run --rm --user $UID -v ~rancher/kubectl/.kube:/config/.kube kubectl:v1.8.0 version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority
如上所示,客户端版本显示正常,但在连接到服务器时,它会失败 . 我复制了 ~rancher/kubectl/.kube 目录中的ca.crt文件 . 还尝试将文件重命名为ca.pem但它不起作用 . 不确定必须提供什么参数,因此kubectl可以获取 crt 文件 .
1 回答
所以我终于开始工作了 . Dockerfile没有变化 . 在上面显示的
.kube/config文件中,我只需要添加以下条目:所以
.kube/config文件现在看起来如下所示:最后,我可以看到服务器版本 . 呼...