Kubernetes。 HTTPS API返回“未经授权”
[英]Kubernetes. HTTPS API return `Unauthorized`
问题描述
Kubernetes API request curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem return Unauthorized 
Kubernetes API请求curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem返回Unauthorized
Request curl localhost:8080 worked good. 请求curl localhost:8080运行良好。
My kube-proxy and kube-apiserver standart ( coreos+k8s tutorial ) 我的kube-proxy和kube-apiserver standart( coreos + k8s教程 )
How do I get data on HTTPS? 如何获取HTTPS数据?
6 个解决方案
解决方案1
6 已采纳 2015-12-16 23:06:25
Did you specify --token-auth-file=<file> and/or --basic-auth-file=<otherfile> or one of the other authentication modes? 您是否指定了--token-auth-file=<file>和/或--basic-auth-file=<otherfile>或其他一种身份验证模式? I don't know that https endpoint will work without one of these (maybe it should, but it doesn't, apparently). 我不知道https端点可以在没有其中之一的情况下工作(也许它应该,但显然不是)。 Check out https://kubernetes.io/docs/admin/authentication/ 查看https://kubernetes.io/docs/admin/authentication/
解决方案2
2 2017-01-25 03:37:38
Hi this is what I did for token, 嗨,这就是我为令牌所做的,
- Find address Server Api - open /etc/kubernetes/kubelet.conf ——>example : server: https://10.1.32.120:6443 查找地址服务器Api - 打开/etc/kubernetes/kubelet.conf - >示例:server: https ://10.1.32.120:6443
- Find token, open /etc/kubernetes/pki/tokens.csv ———>example : 4c95a1a22d19b20811,kubeadm-node-csr,07ccbf35-e206-11e6-ab8f-0010184e550e,system:kubelet-bootstrap 查找标记,打开/etc/kubernetes/pki/tokens.csv --->示例:4c95a1a22d19b20811,kubeadm-node-csr,07ccbf35-e206-11e6-ab8f-0010184e550e,system:kubelet-bootstrap
- In this case the token is —>4c95a1a22d19b20811 在这种情况下,令牌是 - > 4c95a1a22d19b20811
- If use postman, add header —> Authorization: Bearer 4c95a1a22d19b20811 如果使用邮递员,请添加标题 - >授权:承载4c95a1a22d19b20811
解决方案3
1 2016-10-20 16:19:32
A simple way to access the Kubernetes API from an external network is to create an SSH tunnel , eg 从外部网络访问Kubernetes API的一种简单方法是创建SSH隧道 ,例如
ssh -L 9000:localhost:8080 roto@master.node
This will forward connection from your local port 9000 to localhost:8080 on your server. 这将在您的服务器上将连接从本地端口9000转发到localhost:8080 。
As long as the SSH tunnel is open, you can query the API on port 9000 of your machine. 只要SSH隧道打开,您就可以在计算机的端口9000上查询API。
解决方案4
0
There are several ways to authenticate in the API. 有几种方法可以在API中进行身份验证。 Simplest way for you to get authorized is to send Authentication header with "bearer TOKEN_VALUE" value. 获得授权的最简单方法是发送带有“bearer TOKEN_VALUE”值的Authentication头。 You can look at Kubernetes API configuration on your server to look up defined tokens. 您可以查看服务器上的Kubernetes API配置以查找已定义的令牌。 The header can be sent with http request using web browser extension. 可以使用Web浏览器扩展通过http请求发送标头。
解决方案5
0 2017-08-23 07:30:09
finally, i figured this out: 最后,我想出了这个:
lincai@pdbuddy:~/blackbox$ curl -v --cacert ./ca.pem --key ./admin-key.pem --cert ./admin.pem https://xxxx/api/v1/
* Hostname was NOT found in DNS cache
>
< HTTP/1.1 200 OK
解决方案6
-3 2015-12-17 03:58:16
curl https://192.168.0.139 —key ./admin-key.pem —cert ./admin.pem —cacert ./ca.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.