[英]How to add an Azure AKS Kubernetes Cluster self-signed CA to GitLab CI/CD Kubernetes integration?
I'm trying to add my Azure AKS Kubernetes cluster to my GitLab CI/CD Kubernetes integration. 我正在尝试将我的Azure AKS Kubernetes集群添加到我的GitLab CI / CD Kubernetes集成中。
I can execute kubectl
commands on the cluster from my pc, after I ran this command: 运行此命令后,我可以从我的电脑上执行集群上的
kubectl
命令:
az aks get-credentials --resource-group <resource-group-name> --name <kubernetes-cluster-name>
It created a .kube/config
file with a content like this: 它创建了一个
.kube/config
文件,其内容如下:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <some long base64 string here>
server: https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443
name: <kubernetes-cluster-name>
contexts:
- context:
cluster: <kubernetes-cluster-name>
user: clusterUser_<resource-group-name>_<kubernetes-cluster-name>
name: <kubernetes-cluster-name>
current-context: <kubernetes-cluster-name>
kind: Config
preferences: {}
users:
- name: clusterUser_<resource-group-name>_<kubernetes-cluster-name>
user:
client-certificate-data: <some long base64 string here>
client-key-data: <some long base64 string here>
token: <some secret string of hexadecimal chars here>
In GitLab form, I have to input these fields: 在GitLab表单中,我必须输入以下字段:
I tried these values: 我试过这些值:
<kubernetes-cluster-name>
to match the name of the cluster on azure and the cluster name on the .kube/config
file. <kubernetes-cluster-name>
与azure上的集群名称和.kube/config
文件中的集群名称相.kube/config
。 https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443
copied from the .kube/config
file. .kube/config
文件中复制了url https://<resource-group-name+some-hexadecimal-chars>.hcp.westeurope.azmk8s.io:443
。 certificate-authority-data
from the .kube/config
file, but didn't work and I already tried all three base64 strings from the .kube/config
file, none worked. .kube/config
文件中的certificate-authority-data
,但是没有用,我已经尝试了.kube/config
文件中的所有三个base64字符串,没有用。 .kube/config
file. .kube/config
文件中。 In GitLab, When I try to hit the button Install
to install the Helm Tiller, I got this error: 在GitLab中,当我尝试按下
Install
按钮以安装Helm Tiller时,我收到此错误:
Something went wrong while installing Helm Tiller
Can't start installation process. nested asn1 error
And sometimes I get this error instead: 有时我会得到这个错误:
Kubernetes error: SSL_connect returned=1 errno=0 state=error: certificate verify failed
I'm trying to make this to work since yesterday, had google it a lot and doesn't find anything. 我试图让它从昨天开始工作,谷歌很多,没有找到任何东西。
I think the problem is with this 3rd field, the CA Certificate, maybe there are some other way to get this content from the command line az
or kubectl
. 我认为问题在于第三个字段,即CA证书,也许还有一些其他方法可以从命令行
az
或kubectl
获取此内容。
Are there someone here that already got this Kubernetes integration from GitLab to Azure AKS working? 这里有人从GitLab到Azure AKS的Kubernetes集成吗?
I found out later that the base64 string in the certificate-authority-data
of the .kube/config
file that I was coping its content into the CA Certificate
field of GitLab "Add Kubernetes cluster" form, it is the PEM format, but base64 encoded. 我后来发现
.kube/config
文件的certificate-authority-data
中的base64字符串我将其内容复制到GitLab“添加Kubernetes集群”的CA Certificate
字段中,它是PEM格式,但是base64编码。
The PEM format already is a base64 encoded representation of the certificate bits, but it has some line breaks in the middle. PEM格式已经是证书位的base64编码表示,但它在中间有一些换行符。 This whole content is base64 encoded again before it goes to the
.kube/config
so it is turned into a big base64 single-line string. 整个内容在进入
.kube/config
之前再次进行base64编码,因此它变成了一个很大的base64单行字符串。
I just had to base64 decode this big single-line string (I used the javascript atob("....")
in the Chrome's Console window), what gave me something like this: 我只需要对这个大的单行字符串进行base64解码(我在Chrome的控制台窗口中使用了javascript
atob("....")
),这给了我这样的东西:
-----BEGIN CERTIFICATE-----
MIIEyDCCArCgAwIBAgIRAOL3N8oMIwWIxcFTZhTkfgMwDQYJKoZIhvcNAQELBQAw
...
...
...
5gP7yoL1peZ+AWjCgcUVZYiItqrBLpWYDgY9g8btYDUIiWlqkmC0+kBaPfwCtckx
cUp3vlwRITrv0mzrxiQjTLTUpEy7EcD+U6IecA==
-----END CERTIFICATE-----
Then I just copied this content into the GitLab "CA Certificate" field and it worked. 然后我只是将这些内容复制到GitLab“CA证书”字段中并且它有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.