小贝子编程

如何更新kube配置文件的有效期?



今天我在运行jenkins作业时遇到了一个问题。我得到了这个错误:

Unable to connect to the server: error executing access token command 
"/snap/google-cloud-sdk/234/bin/gcloud config config-helper --format=json": err=fork/exec /snap/google-cloud-sdk/234/bin/gcloud: 
no such file or directory output= stderr=

当我尝试运行以下命令后,问题得到解决,jenkins作业将成功完成。

gcloud container clusters get-credentials cluster_name --region=region_name

在我的kube配置文件中运行此命令之前,过期日期是2022-04-25,运行以上命令后,过期日期更改为今天(2022-05-02)。这里我的疑问是,如果我在明天(2022-05-03)运行我的jenkins作业,我的作业将以相同的错误失败,因为有效期只有明天?

那么我如何解决这个kube配置文件过期日期问题永久不在每日运行命令?

配置文件:

apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU0rNTRkdVFYeno4NmUxQ3h1Z1YvVW93RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa1ltTTFNVGRoT0RNdE1qTmtZUzAwWXpWakxXRXpPV1F0TlRreU9XUTBOekUyTVdJMwpNQ0FYRFRJeU1ETXdPREV3TURJMU0xb1lEekl3TlRJd01qSTVNVEV3TWpVeldqQXZNUzB3S3dZRFZRUURFeVJpCll6VXhOMkU0TXkweU0yUmhMVFJqTldNdFlUTTVaQzAxT1RJNVpEUTNNVFl4WWpjd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FDTFlCMFVQUkdpM05JR1N6djdGVmpTQ1hwNTBKUXRiakxjQWdJdQpQenlBekNNUDdraEg3UC91QU5XcXlxb1ZGeVc3UmhlajlKN0xVUnBFc0EwT1ZDUXkyeVdLd090TExSSFFWQmpCCnIzanczVHBiWWNCb083MExpUzJYcy9qTkxWQ3V2NWRPam1KTUxOeXVmZk1QZ0ZIZmRIRzZNa25qQVphV0FvZTcKeGc5QjU0VXNwZ2kremYrMFpqVjhUNnozZlNZTUpObko5UE0xZmdSeDBTYWJNV3hGT0doTEJ5cUVBdm1maVR4aAphcUkyYVEzZ3BiN2lDTzU1TlA3STZ0RFp5Z2JRRm9FNThtdllDMTBNb0c3MXJVcVg0dWVkVnlwTmNnb1lKRnNICmhaTTF0SUJSYmphU3pzK3czTzhHb01aT0Z0TTk5eDUvanJwS21kNG12YkVvZGZhVnBMd1U1SjBsQjBuM0VXNzYKV2I0QWRHQTBIcHF3T000WjdaQ0ZJUHRzczNaM3piSS9zbTl3TFhYb3JvUXJndGdhOWdRTmErTCtEQmRKUUJkQwpSdnROdHdSM0ZLRk5kaEwrRHNIUkMzQmJ4bGdTYTVMU2ZrbHhYMzNYT1BDREpiS05EZmJJMEN3OGtVVk8rQ0RBCmxYbndhV0liTjc3endrRncvMUtHSGExSE4wc0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRlRCOUx6c1E0M0ZHZE9uTW91QWM3cXdyY1IxTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQXlVNkxiVVM2eFdYSEs4Q1pONUJvdXd2dm5yOWR2VlVpek9xV1llNENJCm9LMXVHR2c5eG1rQm9CTU1JcndpWko4VXN5NnFvSHdIMCt3WDhIeDhCRUYvKzg4a3BiK2YwQkdlekhGWDIvZUEKaVJabEdSdmFBN01aNkpLVjMraGhtZVI0dVY5Z3FzWUsvb2JQdGRkaVRyUWo0QUdUQTNGVDcwby9XVHJiY0k2Qgp1aWo3bnZUWmRTYjhNa2VORzZxWWY4OWZGNHJwRVZ3MGk5RkFENU5WcnpsZGlKRTZ2MmFKMldoVUlMQ1FPOWtzCkFFTFFWVi9IZU1TS28xVmZ4UUN2QmtTYUg4aW1UZlBXbTVsQUM4VnplbEw3SW1pbEpKVHQ4ZTRWZ1pxV0ljZ2kKakF1bDdTeGh0MVE2T3VqUlpMNTFkaFFqOUk5bE1OV3hCVFhTcnc0d1VSNXlUTFZFMGNGVjZWT1d0T0NOa2JKTAoySDczb1RmL2R0c2E3N0JrcVFoQkFrU0NtQlY4dEpNYm96YnM3TGFjVDZPeFNVRCtkZTB2cjc4L2hhUmx2S1MwClJ4K3JVcDgvREZ2UzRmbU5reXBHWVJZbFNHT2ozczl2OXY5UGx0N3ZLTW1tdWx1d0JObTJTKytTdlpwVUVwQlAKeVd0dzdodis2M1FUQ1VMZlRjdXYrdDg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://104.198.97.158
name: gke_oenofile_us-west1-a_oenofile-dev-cluster
contexts:
- context:
cluster: gke_oenofile_us-west1-a_oenofile-dev-cluster
user: gke_oenofile_us-west1-a_oenofile-dev-cluster
name: gke_oenofile_us-west1-a_oenofile-dev-cluster
current-context: gke_oenofile_us-west1-a_oenofile-dev-cluster
kind: Config
preferences: {}
users:
- name: gke_oenofile_us-west1-a_oenofile-dev-cluster
user:
auth-provider:
config:
access-token: ya29.c.b0AXv0zTMYzxRz5DGICZ0wdd1VKT_0qkZFOZ2j69BIEMNNu3p6XDSIyH3T-eO6lJM5JBsB3vmyQ4YeVxTl8_ky3vgRupyJvaFMQRsnu8uf1LiAzC1kuYCsVAwWJNk6Y4RcQOMCue1utIEOjON_z8fO-XxQZiGrzYVIlZUBMzMrOwQn-Aq5XwpcBgqn_iciDL7-Y7IKkZ4F3Q.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
cmd-args: config config-helper --format=json
cmd-path: /snap/google-cloud-sdk/237/bin/gcloud
expiry: "2022-05-02T11:54:40Z"
expiry-key: '{.credential.token_expiry}'
token-key: '{.credential.access_token}'
name: gcp

上面的截图

错误似乎很清楚:/snap/google-cloud-sdk/234/bin/gcloud不存在。

您似乎将gcloud作为(Ubuntu) Snap运行。这将从自动升级中受益,但是,您不应该硬编码Snap版本(234),因为该文件夹最终将被删除。我怀疑这就是发生的事情。你应该:

# 1通过current文件夹(即/snap/google-cloud-sdk/current/bin/gcloud)引用二进制文件。

然而,由于你正在尝试使用Jenkins对集群进行身份验证,你应该考虑使用(Google Cloud Platform)服务帐户(不是Kubernetes服务帐户)而不是你的用户凭据。

# 2参见在GCP内部和GCP外部验证Kubernetes API。

注意这是可能的(!?),你可以使用Workload Identity Federation来联合凭证,例如Azure|AWS到GCP来验证到GKE集群。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium