[英]How can I renew the kube config file expiry date?
Today I faced an issue while running my jenkins job.今天我在运行 jenkins 作业时遇到了一个问题。 I got this error:
我收到此错误:
Unable to connect to the server: error executing access token command
"/snap/google-cloud-sdk/234/bin/gcloud config config-helper --format=json": err=fork/exec /snap/google-cloud-sdk/234/bin/gcloud:
no such file or directory output= stderr=
After when I try to run below command the issue got resolved and jenkins job will complete successfully.当我尝试在命令下运行后,问题得到解决,jenkins 作业将成功完成。
gcloud container clusters get-credentials cluster_name --region=region_name
Before run this command in my kube config file expiry date was 2022-04-25 and after running above command expiry date get changed to today (2022-05-02) only.在我的 kube 配置文件中运行此命令之前,到期日期为 2022-04-25,在运行上述命令之后,到期日期仅更改为今天 (2022-05-02)。 Here my doubt if I run my jenkins job on tomorrow (2022-05-03) my job will fail with same error right because of expiry date up to tomorrow only?
在这里,我怀疑如果我在明天 (2022-05-03) 运行我的 jenkins 工作,我的工作将失败并出现同样的错误,因为到期日期只到明天?
So How can I fix this kube config file expiry date issue permanently not on daily run command?那么我该如何永久解决这个 kube 配置文件过期日期问题,而不是在日常运行命令中?
kube config file:库配置文件:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU0rNTRkdVFYeno4NmUxQ3h1Z1YvVW93RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa1ltTTFNVGRoT0RNdE1qTmtZUzAwWXpWakxXRXpPV1F0TlRreU9XUTBOekUyTVdJMwpNQ0FYRFRJeU1ETXdPREV3TURJMU0xb1lEekl3TlRJd01qSTVNVEV3TWpVeldqQXZNUzB3S3dZRFZRUURFeVJpCll6VXhOMkU0TXkweU0yUmhMVFJqTldNdFlUTTVaQzAxT1RJNVpEUTNNVFl4WWpjd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FDTFlCMFVQUkdpM05JR1N6djdGVmpTQ1hwNTBKUXRiakxjQWdJdQpQenlBekNNUDdraEg3UC91QU5XcXlxb1ZGeVc3UmhlajlKN0xVUnBFc0EwT1ZDUXkyeVdLd090TExSSFFWQmpCCnIzanczVHBiWWNCb083MExpUzJYcy9qTkxWQ3V2NWRPam1KTUxOeXVmZk1QZ0ZIZmRIRzZNa25qQVphV0FvZTcKeGc5QjU0VXNwZ2kremYrMFpqVjhUNnozZlNZTUpObko5UE0xZmdSeDBTYWJNV3hGT0doTEJ5cUVBdm1maVR4aAphcUkyYVEzZ3BiN2lDTzU1TlA3STZ0RFp5Z2JRRm9FNThtdllDMTBNb0c3MXJVcVg0dWVkVnlwTmNnb1lKRnNICmhaTTF0SUJSYmphU3pzK3czTzhHb01aT0Z0TTk5eDUvanJwS21kNG12YkVvZGZhVnBMd1U1SjBsQjBuM0VXNzYKV2I0QWRHQTBIcHF3T000WjdaQ0ZJUHRzczNaM3piSS9zbTl3TFhYb3JvUXJndGdhOWdRTmErTCtEQmRKUUJkQwpSdnROdHdSM0ZLRk5kaEwrRHNIUkMzQmJ4bGdTYTVMU2ZrbHhYMzNYT1BDREpiS05EZmJJMEN3OGtVVk8rQ0RBCmxYbndhV0liTjc3endrRncvMUtHSGExSE4wc0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRlRCOUx6c1E0M0ZHZE9uTW91QWM3cXdyY1IxTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQXlVNkxiVVM2eFdYSEs4Q1pONUJvdXd2dm5yOWR2VlVpek9xV1llNENJCm9LMXVHR2c5eG1rQm9CTU1JcndpWko4VXN5NnFvSHdIMCt3WDhIeDhCRUYvKzg4a3BiK2YwQkdlekhGWDIvZUEKaVJabEdSdmFBN01aNkpLVjMraGhtZVI0dVY5Z3FzWUsvb2JQdGRkaVRyUWo0QUdUQTNGVDcwby9XVHJiY0k2Qgp1aWo3bnZUWmRTYjhNa2VORzZxWWY4OWZGNHJwRVZ3MGk5RkFENU5WcnpsZGlKRTZ2MmFKMldoVUlMQ1FPOWtzCkFFTFFWVi9IZU1TS28xVmZ4UUN2QmtTYUg4aW1UZlBXbTVsQUM4VnplbEw3SW1pbEpKVHQ4ZTRWZ1pxV0ljZ2kKakF1bDdTeGh0MVE2T3VqUlpMNTFkaFFqOUk5bE1OV3hCVFhTcnc0d1VSNXlUTFZFMGNGVjZWT1d0T0NOa2JKTAoySDczb1RmL2R0c2E3N0JrcVFoQkFrU0NtQlY4dEpNYm96YnM3TGFjVDZPeFNVRCtkZTB2cjc4L2hhUmx2S1MwClJ4K3JVcDgvREZ2UzRmbU5reXBHWVJZbFNHT2ozczl2OXY5UGx0N3ZLTW1tdWx1d0JObTJTKytTdlpwVUVwQlAKeVd0dzdodis2M1FUQ1VMZlRjdXYrdDg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://104.198.97.158
name: gke_oenofile_us-west1-a_oenofile-dev-cluster
contexts:
- context:
cluster: gke_oenofile_us-west1-a_oenofile-dev-cluster
user: gke_oenofile_us-west1-a_oenofile-dev-cluster
name: gke_oenofile_us-west1-a_oenofile-dev-cluster
current-context: gke_oenofile_us-west1-a_oenofile-dev-cluster
kind: Config
preferences: {}
users:
- name: gke_oenofile_us-west1-a_oenofile-dev-cluster
user:
auth-provider:
config:
access-token: ya29.c.b0AXv0zTMYzxRz5DGICZ0wdd1VKT_0qkZFOZ2j69BIEMNNu3p6XDSIyH3T-eO6lJM5JBsB3vmyQ4YeVxTl8_ky3vgRupyJvaFMQRsnu8uf1LiAzC1kuYCsVAwWJNk6Y4RcQOMCue1utIEOjON_z8fO-XxQZiGrzYVIlZUBMzMrOwQn-Aq5XwpcBgqn_iciDL7-Y7IKkZ4F3Q.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
cmd-args: config config-helper --format=json
cmd-path: /snap/google-cloud-sdk/237/bin/gcloud
expiry: "2022-05-02T11:54:40Z"
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp
The error appears to be clear: /snap/google-cloud-sdk/234/bin/gcloud
does not exist.错误似乎很清楚:
/snap/google-cloud-sdk/234/bin/gcloud
不存在。
You appear to be running gcloud
as an (Ubuntu) Snap .您似乎正在将
gcloud
作为 (Ubuntu) Snap运行。 This will benefit from automatic upgrades but, you should not hard code the Snap version ( 234
) as this folder will eventually be deleted.这将受益于自动升级,但是您不应该对 Snap 版本 (
234
) 进行硬编码,因为该文件夹最终将被删除。 I suspect that's what's happened.我怀疑这就是发生的事情。 You should:
你应该:
#1 Reference the binary through the current
folder ie /snap/google-cloud-sdk/current/bin/gcloud
. #1通过
current
文件夹引用二进制文件,即/snap/google-cloud-sdk/current/bin/gcloud
。
However, since you're attempting to authenticate to the cluster using Jenkins, you should consider using a (Google Cloud Platform) Service Account (not a Kube.netes Service Account) rather than your user credentials.但是,由于您尝试使用 Jenkins 对集群进行身份验证,因此您应该考虑使用 (Google Cloud Platform) 服务帐户(而不是 Kube.netes 服务帐户)而不是您的用户凭据。
#2 See Authenticating to the Kube.netes API within GCP and external to GCP . #2请参阅在 GCP 内部和外部对Kube.netes API 进行身份验证。
NOTE It's possible (??) that you could use Workload Identity Federation to federate credentials of eg Azure|AWS to GCP to authenticate to the GKE cluster.
注意您可以(??)使用 工作负载身份联合将 Azure|AWS 等凭证联合到 GCP 以向 GKE 集群进行身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.