我使用kubadm和服务器的私有IP创建了一个Kubernetes集群,因此所有节点都可以通过cloudprovider网络到达它 . 我在DigitalOcean中使用了4个节点 .
kubctl-s-2vcpu-4gb-nyc3-01-master:~# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://10.132.113.68:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
我用来初始化集群的命令是:
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.132.113.68 --kubernetes-version stable-1.8
我正在尝试使用本地计算机中的kubectl连接到此群集 . admin.conf文件具有私有IP:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS********S0tLQo=
server: https://10.132.113.68:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
我尝试在master kubectl proxy 中设置代理并 Build 到服务器的SSH隧道:
ssh -L 8001:127.0.0.1:8001 -N -i test.pem root@104.236.XX.209
我可以从我的计算机登录Kubernetes仪表板,但无法执行 kubectl 命令:
$kubectl -s localhost:8001 get nodes
Unable to connect to the server: read tcp 127.0.0.1:62394->127.0.0.1:8001: read: connection reset by peer
1 回答
其中
ssh -L ...结束,sshuttle开始:):它通过ssh dest节点创建本地tcp "catch-all" DNATing,即在指定的CIDR中转发 every tcp连接 .试试看:
sshuttle -e 'ssh -vi test.pem' -r root@104.236.XX.209 10.132.113.68/32从其他终端,只需执行
kubectl ...,就像从最初的kubeadm节点本地运行一样 .利润:)
--jjo