[英]Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring
when i run this code public class test2 {当我运行此代码 public class test2 {
public static void main(String[] args) {
// TODO Auto-generated method stub
String podName = "xrdpprocan";
String namespace = "default";
String master = "https://my_ip_adress";
Config config = new ConfigBuilder().withMasterUrl(master).withTrustCerts(true).build();
try (final KubernetesClient client = new DefaultKubernetesClient(config)) {
String log = client.pods().inNamespace(namespace).withName(podName).getLog(true);
System.out.println("Log of pod " + podName + " in " + namespace + " is:");
System.out.println("------------------");
System.out.println(log);
} catch (KubernetesClientException e) {
System.out.println(e.getMessage());
}
}
i get this Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token].我从 [/var/run/secrets/kubernetes.io/serviceaccount/token] 读取服务帐户令牌时收到此错误。 Ignoring.
无视。
Where is the problem: The current type of your client configuration is incomplete, you are missing the client authentication settings/data part.问题出在哪里:您的客户端配置的当前类型不完整,您缺少客户端身份验证设置/数据部分。
Please be aware, when you are running your code from outside the cluster (this type of client configuration is called out-of-cluster client configuration ) you need to specify explicitly a bare minimum for successful connection to Kubernetes control-plane from outside.请注意,当您从集群外部运行代码时(这种类型的客户端配置称为集群外客户端配置),您需要明确指定从外部成功连接到 Kubernetes 控制平面的最低限度。
You see the problem ?你看到问题了吗? - you have specified none of these from the second condition for
>> user <<
authentication (this is a key word here: user
) - 您没有为
>> user <<
authentication 的第二个条件指定这些(这是这里的关键字: user
)
Right now Java Kubernetes client falls back into Service account based authentication strategy, thinking you are not human but robot (Pod running in context of Service Account).现在Java Kubernetes 客户端退回到基于服务帐户的身份验证策略,认为您不是人而是机器人(在服务帐户上下文中运行的 Pod)。
Putting it technically, client is resolving now to the last resort option:从技术上讲,客户现在正在解决最后的选择:
KUBERNETES_AUTH_TRYSERVICEACCOUNT
KUBERNETES_AUTH_TRYSERVICEACCOUNT
( 4th on the list of fabric8io/kubernetes-client supported configuration option, check below) (fabric8io/kubernetes-client 支持的配置选项列表中的第 4 个,请查看下面)
which involves reading in service account token placed into the filesystem inside Pod's container at following path:这涉及读取放置在 Pod 容器内文件系统中的服务帐户令牌,位于以下路径:
/var/run/secrets/kubernetes.io/serviceaccount/token
/var/run/secrets/kubernetes.io/serviceaccount/token
Officially fabric8io/kubernetes-client java client supports the following ways of configuring the client:官方fabric8io/kubernetes-client java客户端支持以下配置客户端的方式:
This will use settings from different sources in the following order of priority:
这将按以下优先级顺序使用来自不同来源的设置:
- System properties
系统属性
- Environment variables
环境变量
- Kube config file
kube 配置文件
- Service account token & mounted CA certificate <== you client code tries this
服务帐户令牌和挂载的 CA 证书 <== 您的客户端代码尝试此操作
System properties are preferred over environment variables.
系统属性优先于环境变量。 The following system properties & environment variables can be used for configuration
以下系统属性和环境变量可用于配置
The easiest solution is to rely on Kube config file
option to access cluster from outside, eg:最简单的解决方案是依靠
Kube config file
选项从外部访问集群,例如:
public class KubeConfigFileClientExample {
public static void main(String[] args) throws IOException, ApiException {
// file path to your KubeConfig
String kubeConfigPath = System.getenv("HOME") + "/.kube/config";
// loading the out-of-cluster config, a kubeconfig from file-system
ApiClient client =
ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(new FileReader(kubeConfigPath))).build();
// set the global default api-client to the in-cluster one from above
Configuration.setDefaultApiClient(client);
// the CoreV1Api loads default api-client from global configuration.
CoreV1Api api = new CoreV1Api();
// invokes the CoreV1Api client
V1PodList list =
api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null, null);
for (V1Pod item : list.getItems()) {
System.out.println(item.getMetadata().getName());
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.