[英]K8S API access with client certificate using python client
我的目的是使用python客戶端和客戶端證書從遠程服務器訪問我的k8s API,該服務器使用的curl如下所示:
curl --key /XXX/XXX.key --cert /XXX/XXX.crt --cacert /XXX/XXX.crt https://api-k8s.XXX-XXX.XXX-XXX-/api/v1/pods
我的代碼是:
configuration = client.Configuration()
configuration.host = 'https://api-XXXX'
configuration.ssl_ca_cert = '/XXX/xxx.crt'
configuration.cert_file = '/XXX/xxx.crt'
configuration.key_file = '/XXX/xxx.key'
configuration.verify_ssl = True
v1 = client.CoreV1Api(client.ApiClient(configuration))
ret = v1.list_pod_for_all_namespaces()
但得到:
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='XXX', port=443): Max retries exceeded with url: /api/v1/pods (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)'),))
如果您有任何想法,我將不勝感激!
我只是重現了您的情況,它在python 2.7上完美運行
這是代碼:
from kubernetes import client
configuration = client.Configuration()
configuration.host = 'https://10.132.0.25:6443'
configuration.ssl_ca_cert = './ca.crt'
configuration.cert_file = './client.crt'
configuration.key_file = './client.key'
configuration.verify_ssl = True
v1 = client.CoreV1Api(client.ApiClient(configuration))
ret = v1.list_pod_for_all_namespaces()
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
...結果:
$ python test.py
192.168.171.66 kube-system calico-kube-controllers-65b8787765-h7qv7
10.132.0.25 kube-system calico-node-t4r4v
10.132.0.26 kube-system calico-node-zbtjm
192.168.171.65 kube-system coredns-5c98db65d4-rm2qh
192.168.171.67 kube-system coredns-5c98db65d4-sr67s
10.132.0.25 kube-system etcd-master
10.132.0.25 kube-system kube-apiserver-master
10.132.0.25 kube-system kube-controller-manager-master
10.132.0.26 kube-system kube-proxy-759gn
10.132.0.25 kube-system kube-proxy-v5hvc
10.132.0.25 kube-system kube-scheduler-master
我用kubeadm創建了集群。 它正在運行1.15.3
$ kubectl get no
NAME STATUS ROLES AGE VERSION
master Ready master 41m v1.15.3
worker Ready worker 41m v1.15.3
最后,客戶端庫:
$ pip freeze | grep -E 'kubernetes|requests'
kubernetes==10.0.1
requests==2.22.0
要排除更多故障,需要更多信息。 關於版本。 但是您的代碼可以正常工作。
編輯:它也適用於python3:
$ python3 test.py
192.168.171.66 kube-system calico-kube-controllers-65b8787765-h7qv7
10.132.0.25 kube-system calico-node-t4r4v
10.132.0.26 kube-system calico-node-zbtjm
192.168.171.65 kube-system coredns-5c98db65d4-rm2qh
192.168.171.67 kube-system coredns-5c98db65d4-sr67s
10.132.0.25 kube-system etcd-master
10.132.0.25 kube-system kube-apiserver-master
10.132.0.25 kube-system kube-controller-manager-master
10.132.0.26 kube-system kube-proxy-759gn
10.132.0.25 kube-system kube-proxy-v5hvc
10.132.0.25 kube-system kube-scheduler-master
使用本機k8s python客戶端與k8s運算符添加的API進行交互
[英]interact with API added by k8s operator using native k8s python client
使用與 k8s python 客戶端等效的 kubectl rollout restart
[英]Using kubectl rollout restart equivalent with k8s python client
已創建 k8s 卷快照,但它在 python k8s 客戶端中返回 409 錯誤消息
[英]k8s volumesnapshot is created but it returns 409 error message in python k8s client
k8s/python:如何使用 Kubernetes Python 客戶端讀取機密?
[英]k8s/python: How do I read a secret using the Kubernetes Python client?
編碼 JSON 以便使用 Python k8s 客戶端將其創建為秘密
[英]Encode JSON in order to create it as secret with Python k8s Client
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.