我正在使用RancherOS作为主机并尝试设置kubectl容器。我已经修改了映像,只是将 kubectl 版本更改为最新版本 (1.8.0),并将代理设置添加到 Dockerfile,因为没有它,docker 构建将无法运行 apk 命令。此外,Kubernetes由Rancher服务器管理。我从Rancher UI下载了kubectl CLI配置。如下所示:
apiVersion: v1
kind: Config
clusters:
- cluster:
api-version: v1
server: "https://rancher.dev.abc.net/r/projects/1a6842/kubernetes:6443"
name: "test"
contexts:
- context:
cluster: "test"
user: "test"
name: "test"
current-context: "test"
users:
- name: "test"
user:
token: "QmFzaWMgTnpV9UZ3hPVVV4TXpaRFJrSTFSRFpDTkNOa2hSUTNscGNsSXpjMXAxVUdacVZUWk9NWFZaYVVGd1NqUk5UazVDUkZSM1lWZFhUZz09"
Dockerfile:
FROM docker.artifactory.abc.net/alpine:3.6
# Required for apk to install openssl
ENV http_proxy='http://proxy.abc.net:8080'
https_proxy='http://proxy.abc.net:8080'
no_proxy='localhost,abc.net'
ADD https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/linux/amd64/kubectl /usr/local/bin/kubectl
ENV HOME=/config
RUN set -x &&
apk add --no-cache curl ca-certificates &&
chmod +x /usr/local/bin/kubectl &&
# Create non-root user (with a randomly chosen UID/GUI).
adduser kubectl -Du 2342 -h /config &&
# Basic check it works.
kubectl version --client
USER kubectl
ENTRYPOINT ["/usr/local/bin/kubectl"]
还尝试将以下内容添加到 Dockerfile 中,但无济于事。
COPY .kube/chain.pem /config/.kube/ca.crt
RUN cat /config/.kube/ca.crt
现在当我运行命令时,
$ docker run --rm --user $UID -v ~rancher/kubectl/.kube:/config/.kube kubectl:v1.8.0 version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority
如上所示,客户端版本显示正常,但在连接到服务器时失败。我将 ca.crt 文件复制到~rancher/kubectl/.kube目录中。还尝试将文件重命名为 ca.pem,但它不起作用。不确定必须提供什么参数才能 kubectl 获取crt文件。
所以我
终于让它工作了。Dockerfile 中没有变化。在上面显示的.kube/config文件中,我只需要添加以下条目:
certificate-authority: /config/.kube/ca.crt
因此,.kube/config文件现在如下所示:
apiVersion: v1
kind: Config
clusters:
- cluster:
api-version: v1
certificate-authority: /config/.kube/ca.crt
server: "https://rancher.dev.abc.net/r/projects/1a6842/kubernetes:6443"
name: "test"
contexts:
- context:
cluster: "test"
user: "test"
name: "test"
current-context: "test"
users:
- name: "test"
user:
token: "QmFzaWMgTnpV9UZ3hPVVV4TXpaRFJrSTFSRFpDTkNOa2hSUTNscGNsSXpjMXAxVUdacVZUWk9NWFZaYVVGd1NqUk5UazVDUkZSM1lWZFhUZz09"
最后,我可以看到服务器版本。唷。。。
$ docker run --rm --user $UID -v ~rancher/kubectl/.kube:/config/.kube kubectl:v1.8.0 version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"7+", GitVersion:"v1.7.2-rancher1", GitCommit:"eda266858c448156b6d6fee372ff43ffb458a70c", GitTreeState:"clean", BuildDate:"2017-08-03T17:22:27Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}