堆栈内存溢出
  简体   繁体   English

Spinnaker 无法与 kubernetes 集群通信

[英]Spinnaker unable to communicate with kubernetes cluster

 原文  2019-07-30 13:01:36       kubernetes/ minikube/ spinnaker

问题描述

I am trying to deploy spinnaker locally with minikube and minio, i have everything setted up, my kubernetes cluster is up and running with a composed app on it, details below:我正在尝试使用 minikube 和 minio 在本地部署 spinnaker,我已经设置了一切,我的 kubernetes 集群已启动并运行,上面有一个组合应用程序,详细信息如下:

|          NAME             | READY | UP-TO-DATE | AVAILABLE | AGE |
|---------------------------|-------|------------|-----------|-----|
| deployment.extensions/api |  1/1  |      1     |     1     | 18s |
| deployment.extensions/db  |  1/1  |      1     |     1     | 18s |

I configured both, my kubernetes and storage on my hal config, i will paste it below as well, when i try to deploy using "sudo hal deploy apply" i get the following error:我在我的 hal 配置中配置了我的 kubernetes 和存储,我也将其粘贴在下面,当我尝试使用“sudo hal deploy apply”进行部署时,我收到以下错误:

  • WARNING You have not specified a Kubernetes context in your halconfig, Spinnaker will use "minikube" instead.警告您尚未在 halconfig 中指定 Kubernetes 上下文,Spinnaker 将使用“minikube”代替。 ? ? We recommend explicitly setting a context in your halconfig, to ensure changes to your kubeconfig won't break your deployment.我们建议在您的 halconfig 中明确设置上下文,以确保对 kubeconfig 的更改不会破坏您的部署。

! ERROR Unable to communicate with your Kubernetes cluster: An error has occurred.. ?错误无法与您的 Kubernetes 集群通信:发生错误.. ? Unable to authenticate with your Kubernetes cluster.无法通过您的 Kubernetes 集群进行身份验证。 Try using kubectl to verify your credentials.尝试使用 kubectl 来验证您的凭据。

Problems in default.security: default.security 中的问题:

  • WARNING Your UI or API domain does not have override base URLs set even though your Spinnaker deployment is a Distributed deployment on a remote cloud provider.警告您的 UI 或 API 域没有设置覆盖基本 URL,即使您的 Spinnaker 部署是远程云提供商上的分布式部署。 As a result, you will need to open SSH tunnels against that deployment to access Spinnaker.因此,您需要针对该部署打开 SSH 隧道才能访问 Spinnaker。 ? ? We recommend that you instead configure an authentication mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker securely, and then register the intended Domain and IP addresses that your publicly facing services will be using.我们建议您改为配置身份验证机制(OAuth2、SAML2 或 x509),以便更轻松地安全访问 Spinnaker,然后注册您的面向公众的服务将使用的预期域和 IP 地址。

  • Failed to prep Spinnaker deployment未能准备 Spinnaker 部署

Here is my hal config:这是我的 hal 配置:

currentDeployment: default
deploymentConfigurations:
- name: default
  version: ''
  providers:
    appengine:
      enabled: false
      accounts: []
    aws:
      enabled: false
      accounts: []
      bakeryDefaults:
        baseImages: []
      defaultKeyPairTemplate: '{{name}}-keypair'
      defaultRegions:
      - name: us-west-2
      defaults:
        iamRole: BaseIAMRole
    ecs:
      enabled: false
      accounts: []
    azure:
      enabled: false
      accounts: []
      bakeryDefaults:
        templateFile: azure-linux.json
        baseImages: []
    dcos:
      enabled: false
      accounts: []
      clusters: []
    dockerRegistry:
      enabled: true
      accounts:
      - name: my-docker-registry
        requiredGroupMembership: []
        providerVersion: V1
        permissions: {}
        address: https://index.docker.io
        username: <sensitive> (this is my actual username)
        password: <sensitive> (this is my actual password)
        email: fake.email@spinnaker.io
        cacheIntervalSeconds: 30
        clientTimeoutMillis: 60000
        cacheThreads: 1
        paginateSize: 100
        sortTagsByDate: false
        trackDigests: false
        insecureRegistry: false
        repositories:
        - ericstoppel1/atixlabs
      primaryAccount: my-docker-registry
    google:
      enabled: false
      accounts: []
      bakeryDefaults:
        templateFile: gce.json
        baseImages: []
        zone: us-central1-f
        network: default
        useInternalIp: false
    kubernetes:
      enabled: true
      accounts:
      - name: my-k8s-account
        requiredGroupMembership: []
        providerVersion: V1
        permissions: {}
        dockerRegistries:
        - accountName: my-docker-registry
          namespaces: []
        configureImagePullSecrets: true
        cacheThreads: 1
        namespaces: []
        omitNamespaces: []
        kinds: []
        omitKinds: []
        customResources: []
        cachingPolicies: []
        kubeconfigFile: /home/osboxes/.kube/config
        oAuthScopes: []
        onlySpinnakerManaged: false
      primaryAccount: my-k8s-account
    oracle:
      enabled: false
      accounts: []
      bakeryDefaults:
        templateFile: oci.json
        baseImages: []
    cloudfoundry:
      enabled: false
      accounts: []
  deploymentEnvironment:
    size: SMALL
    type: Distributed
    accountName: my-k8s-account
    updateVersions: true
    consul:
      enabled: false
    vault:
      enabled: false
    customSizing: {}
    sidecars: {}
    initContainers: {}
    hostAliases: {}
    affinity: {}
    nodeSelectors: {}
    gitConfig:
      upstreamUser: spinnaker
    livenessProbeConfig:
      enabled: false
    haServices:
      clouddriver:
        enabled: false
        disableClouddriverRoDeck: false
      echo:
        enabled: false
  persistentStorage:
    persistentStoreType: s3
    azs: {}
    gcs:
      rootFolder: front50
    redis: {}
    s3:
      bucket: spin-763f86d5-10ba-497e-9348-264fc353edec
      rootFolder: front50
      pathStyleAccess: false
      endpoint: https://localhost:9001
      accessKeyId: AKIAIOSFODNN7EXAMPLE
      secretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    oracle: {}
  features:
    auth: false
    fiat: false
    chaos: false
    entityTags: false
    jobs: false
  metricStores:
    datadog:
      enabled: false
      tags: []
    prometheus:
      enabled: false
      add_source_metalabels: true
    stackdriver:
      enabled: false
    period: 30
    enabled: false
  notifications:
    slack:
      enabled: false
    twilio:
      enabled: false
      baseUrl: https://api.twilio.com/
  timezone: America/Los_Angeles
  ci:
    jenkins:
      enabled: false
      masters: []
    travis:
      enabled: false
      masters: []
    wercker:
      enabled: false
      masters: []
    concourse:
      enabled: false
      masters: []
    gcb:
      enabled: false
      accounts: []
  repository:
    artifactory:
      enabled: false
      searches: []
  security:
    apiSecurity:
      ssl:
        enabled: false
    uiSecurity:
      ssl:
        enabled: false
    authn:
      oauth2:
        enabled: false
        client: {}
        resource: {}
        userInfoMapping: {}
      saml:
        enabled: false
        userAttributeMapping: {}
      ldap:
        enabled: false
      x509:
        enabled: false
      iap:
        enabled: false
      enabled: false
    authz:
      groupMembership:
        service: EXTERNAL
        google:
          roleProviderType: GOOGLE
        github:
          roleProviderType: GITHUB
        file:
          roleProviderType: FILE
        ldap:
          roleProviderType: LDAP
      enabled: false
  artifacts:
    bitbucket:
      enabled: false
      accounts: []
    gcs:
      enabled: false
      accounts: []
    oracle:
      enabled: false
      accounts: []
    github:
      enabled: false
      accounts: []
    gitlab:
      enabled: false
      accounts: []
    http:
      enabled: false
      accounts: []
    helm:
      enabled: false
      accounts: []
    s3:
      enabled: false
      accounts: []
    maven:
      enabled: false
      accounts: []
    templates: []
  pubsub:
    enabled: false
    google:
      enabled: false
      pubsubType: GOOGLE
      subscriptions: []
      publishers: []
  canary:
    enabled: false
    serviceIntegrations:
    - name: google
      enabled: false
      accounts: []
      gcsEnabled: false
      stackdriverEnabled: false
    - name: prometheus
      enabled: false
      accounts: []
    - name: datadog
      enabled: false
      accounts: []
    - name: signalfx
      enabled: false
      accounts: []
    - name: aws
      enabled: false
      accounts: []
      s3Enabled: false
    reduxLoggerEnabled: true
    defaultJudge: NetflixACAJudge-v1.0
    stagesEnabled: true
    templatesEnabled: true
    showAllConfigsEnabled: true
  webhook:
    trust:
      enabled: false

I have my kubernetes config and can acces to it, so, separately it all seems to work, what may be wrong?我有我的 kubernetes 配置并且可以访问它,所以,单独它似乎都可以工作,可能有什么问题?

2 个解决方案

解决方案1
 0  2019-07-31 07:41:17

As per issue reported:根据报告的问题:

WARNING You have not specified a Kubernetes context in your halconfig, Spinnaker will use "minikube" instead.警告您尚未在 halconfig 中指定 Kubernetes 上下文,Spinnaker 将使用“minikube”代替。

I don't see any Kuberenetes context entry defined in your hal config, find here dedicated chapter from Spinnaker guideline document.我没有看到您的hal配置中定义了任何 Kuberenetes 上下文条目,请在此处找到 Spinnaker 指南文档中的专用章节。

解决方案2
 0  2020-01-24 12:16:46

Try adding the kubernetes details to the halyard context.尝试将 kubernetes 详细信息添加到 halyard 上下文中。

hal config provider kubernetes account add <ACCOUNT>
hal config provider kubernetes enable

This link can be used for reference: https://www.spinnaker.io/reference/halyard/commands/这个链接可以参考: https : //www.spinnaker.io/reference/halyard/commands/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 spinnaker / halyard:无法与Kubernetes集群通信 - spinnaker /halyard : Unable to communicate with the Kubernetes cluster 将Spinnaker部署到Spinnaker将管理的同一kubernetes集群是否安全/正确? - Is it safe/right to deploy Spinnaker to same kubernetes cluster which Spinnaker will manage? 在 prem 集群上的 Kubernetes 上安装 Spinnaker 时出错 - Error when installing Spinnaker on Kubernetes on prem cluster 在 Oracle Kubernetes 集群和 Object 存储上设置 Spinnaker - Spinnaker setup on Oracle Kubernetes Cluster and Object Storage 如何在本地kubernetes集群上安装Spinnaker - How to install spinnaker on local kubernetes cluster 在私有Kubernetes集群上设置大三角帆-Clouddriver证书错误 - Spinnaker setup on private Kubernetes cluster - Clouddriver cert error 在 Spinnaker 的创建服务器组中未获得 Kubernetes 集群选项 - Not getting Kubernetes cluster option in Create Server Group of Spinnaker 无法访问 kubernetes 集群 - Unable to access kubernetes cluster Kubernetes 上的 Spinnaker:无法在 Kubernetes 中启动 Spinnaker 容器 - Spinnaker on Kubernetes: Not able to start the spinnaker containers in kubernetes 大三角帆上的Kubernetes-服务间通信 - Kubernetes on Spinnaker - Interservice communication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM