获取 https://api.[mycluster]/api?timeout=32s: x509: 由未知权威签名的证书,使用 kops 和 Travis-CI 在 AWS 上创建的 Kubernetes 集群
[英]Get https://api.[mycluster]/api?timeout=32s: x509: certificate signed by unknown authority, Kubernetes cluster created on AWS using kops and Travis-CI
问题描述
I follow mainly the following article , at the end I have the following issue while trying to deploy new objects to the cluster
我主要遵循以下文章,最后在尝试将新对象部署到集群时遇到以下问题
error: unable to recognize "./[different files].yaml": Get https://api.[mycluster]/api?timeout=32s : x509: certificate signed by unknown authority
I think that I have to pass kube cert effectively some where in travis configuration file, any suggestion please我认为我必须在 travis 配置文件中的某个位置有效地传递 kube cert,请提出任何建议
1 个解决方案
解决方案1
1 2020-03-20 12:42:06
Effectively, the problem was related to cluster certificates, in the article cited previously there is a base64 encoding issue which will make fail the secrets injection.实际上,该问题与集群证书有关,在前面引用的文章中,存在一个 base64 编码问题,这会使密钥注入失败。 so we have to add information to the kubernetes config file , we find the following block in inject_secret.sh所以我们必须在kubernetes 配置文件中添加信息,我们在inject_secret.sh 中找到以下块
./kubectl config set clusters.udagramk8s.kops.ucci.uk.certificate-authority-data $CERTIFICATE_AUTHORITY_DATA
./kubectl config set users.udagramk8s.kops.ucci.uk.client-certificate-data "$CLIENT_CERTIFICATE_DATA"
./kubectl config set users.udagramk8s.kops.ucci.uk.client-key-data "$CLIENT_KEY_DATA"
./kubectl config set users.udagramk8s.kops.ucci.uk.password "$KUBE_PASSWORD"
./kubectl config set users.udagramk8s.kops.ucci.uk.net-basic-auth.password "$KUBE_PASSWORD"
And what we have to do to ensure the presence of these env variables, is to add them simply by the Travis-CI console, under project settings section为了确保这些 env 变量的存在,我们必须做的是通过 Travis-CI 控制台在项目设置部分下简单地添加它们
Note: we can get the variables values by using the following command cat ~/.kube/config注意:我们可以使用以下命令获取变量值cat ~/.kube/config
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.