我正在使用golang lib client-go连接到正在运行的本地kubrenets . 首先,我从示例中获取代码:out-of-cluster-client-configuration .
运行如下代码: $ KUBERNETES_SERVICE_HOST=localhost KUBERNETES_SERVICE_PORT=6443 go run ./main.go
导致以下错误:
panic: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
goroutine 1 [running]:
/var/run/secrets/kubernetes.io/serviceaccount/
我不太确定我缺少哪一部分配置 . 我研究了以下链接:
-
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
-
https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/
但没有运气 . 我想我需要让客户端知道要使用哪个令牌/ serviceAccount,或者以每个人都可以连接到其api的方式配置kubectl .
这是我的kubectl的状态,虽然一些命令结果:
$ kubectl config view
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://localhost:6443
name: docker-for-desktop-cluster
contexts:
- context:
cluster: docker-for-desktop-cluster
user: docker-for-desktop
name: docker-for-desktop
current-context: docker-for-desktop
kind: Config
preferences: {}
users:
- name: docker-for-desktop
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
$ kubectl get serviceAccounts
NAME SECRETS AGE
default 1 3d
test-user 1 1d
$ kubectl describe serviceaccount test-user
Name: test-user
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: test-user-token-hxcsk
Tokens: test-user-token-hxcsk
Events: <none>
$ kubectl get secret test-user-token-hxcsk -o yaml
apiVersion: v1
data:
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0......=
namespace: ZGVmYXVsdA==
token: ZXlKaGJHY2lPaUpTVXpJMU5pSX......=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: test-user
kubernetes.io/service-account.uid: 984b359a-6bd3-11e8-8600-XXXXXXX
creationTimestamp: 2018-06-09T10:55:17Z
name: test-user-token-hxcsk
namespace: default
resourceVersion: "110618"
selfLink: /api/v1/namespaces/default/secrets/test-user-token-hxcsk
uid: 98550de5-6bd3-11e8-8600-XXXXXX
type: kubernetes.io/service-account-token
1 回答
只是为了说清楚,万一它可以帮助你进一步调试它:问题与Go或你的代码无关,以及与Kubernetes节点无法从Kubernetes master获取令牌的一切 .
在
kubectl config view
中,clusters.cluster.server
应该指向节点可以到达的IP地址 .它需要访问CA,即主服务器,以便提供该令牌,并且我猜它没有出于这个原因 .
kubectl describe <your_pod_name>
可能会告诉你问题是获取令牌的 .既然你认为问题是Go /你的代码并专注于那个,你忽略了提供有关你的Kubernetes设置的更多信息,这使我更难以给你一个比我猜测更好的答案;-)
但我希望它有所帮助!