[英]Kubernetes. HTTPS API return `Unauthorized`
Kubernetes API request curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem
return Unauthorized
Kubernetes API请求curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem
返回Unauthorized
Request curl localhost:8080
worked good. 请求curl localhost:8080
运行良好。
My kube-proxy and kube-apiserver standart ( coreos+k8s tutorial ) 我的kube-proxy和kube-apiserver standart( coreos + k8s教程 )
How do I get data on HTTPS? 如何获取HTTPS数据?
Did you specify --token-auth-file=<file>
and/or --basic-auth-file=<otherfile>
or one of the other authentication modes? 您是否指定了--token-auth-file=<file>
和/或--basic-auth-file=<otherfile>
或其他一种身份验证模式? I don't know that https endpoint will work without one of these (maybe it should, but it doesn't, apparently). 我不知道https端点可以在没有其中之一的情况下工作(也许它应该,但显然不是)。 Check out https://kubernetes.io/docs/admin/authentication/ 查看https://kubernetes.io/docs/admin/authentication/
Hi this is what I did for token, 嗨,这就是我为令牌所做的,
A simple way to access the Kubernetes API from an external network is to create an SSH tunnel , eg 从外部网络访问Kubernetes API的一种简单方法是创建SSH隧道 ,例如
ssh -L 9000:localhost:8080 roto@master.node
This will forward connection from your local port 9000
to localhost:8080
on your server. 这将在您的服务器上将连接从本地端口9000
转发到localhost:8080
。
As long as the SSH tunnel is open, you can query the API on port 9000
of your machine. 只要SSH隧道打开,您就可以在计算机的端口9000
上查询API。
There are several ways to authenticate in the API. 有几种方法可以在API中进行身份验证。 Simplest way for you to get authorized is to send Authentication header with "bearer TOKEN_VALUE" value. 获得授权的最简单方法是发送带有“bearer TOKEN_VALUE”值的Authentication头。 You can look at Kubernetes API configuration on your server to look up defined tokens. 您可以查看服务器上的Kubernetes API配置以查找已定义的令牌。 The header can be sent with http request using web browser extension. 可以使用Web浏览器扩展通过http请求发送标头。
finally, i figured this out: 最后,我想出了这个:
lincai@pdbuddy:~/blackbox$ curl -v --cacert ./ca.pem --key ./admin-key.pem --cert ./admin.pem https://xxxx/api/v1/
* Hostname was NOT found in DNS cache
>
< HTTP/1.1 200 OK
curl https://192.168.0.139 —key ./admin-key.pem —cert ./admin.pem —cacert ./ca.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.