我正在尝试使用kubernetes-incubator/client-python库连接到我的 gke 集群。我只运行基本查询:
from kubernetes import client, config
# Configs can be set in Configuration class directly or using helper utility
config.load_kube_config()
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%st%st%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
我收到一个错误:
--------------------------------------------------------------------------
RefreshError Traceback (most recent call last)
<ipython-input-1-40695f414daf> in <module>()
2
3 # Configs can be set in Configuration class directly or using helper utility
----> 4 config.load_kube_config()
5
6 v1 = client.CoreV1Api()
/usr/local/lib/python2.7/distpackages/kubernetes/config/kube_config.pyc in
load_kube_config(config_file, context, client_configuration,
persist_config)
359 config_file, active_context=context,
360 client_configuration=client_configuration,
--> 361 config_persister=config_persister).load_and_set()
362
363
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in load_and_set(self)
251
252 def load_and_set(self):
--> 253 self._load_authentication()
254 self._load_cluster_info()
255 self._set_config()
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in
_load_authentication(self)
174 if not self._user:
175 return
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _load_gcp_token(self)
194 _is_expired(provider['config']['expiry']))):
195 # token is not available or expired, refresh it
--> 196 self._refresh_gcp_token()
197
198 self.token = "Bearer %s" % provider['config']['access-token']
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _refresh_gcp_token(self)
203 self._user['auth-provider'].value['config'] = {}
204 provider = self._user['auth-provider']['config']
--> 205 credentials = self._get_google_credentials()
206 provider.value['access-token'] = credentials.token
207 provider.value['expiry'] = format_rfc3339(credentials.expiry)
/usr/local/lib/python2.7/dist-packages/kubernetes/config/kube_config.pyc in _refresh_credentials()
133 credentials, project_id = google.auth.default()
134 request = google.auth.transport.requests.Request()
--> 135 credentials.refresh(request)
136 return credentials
137
/usr/local/lib/python2.7/dist-packages/google/oauth2/service_account.pyc in refresh(self, request)
320 assertion = self._make_authorization_grant_assertion()
321 access_token, expiry, _ = _client.jwt_grant(
--> 322 request, self._token_uri, assertion)
323 self.token = access_token
324 self.expiry = expiry
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in jwt_grant(request, token_uri, assertion)
141 }
142
--> 143 response_data = _token_endpoint_request(request, token_uri, body)
144
145 try:
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in _token_endpoint_request(request, token_uri, body)
107
108 if response.status != http_client.OK:
--> 109 _handle_error_response(response_body)
110
111 response_data = json.loads(response_body)
/usr/local/lib/python2.7/dist-packages/google/oauth2/_client.pyc in _handle_error_response(response_body)
57
58 raise exceptions.RefreshError(
---> 59 error_details, response_body)
60
61
RefreshError: ('invalid_scope: Empty or missing scope not allowed.', u'{n "error" : "invalid_scope",n "error_description" : "Empty or missing scope not allowed."n}')
我认为我的 kube.config 文件有问题。所以我删除了它并再次创建了集群,以便重新创建一个新的 kube.config 文件。问题依然存在。你能帮我这个吗?
这是您的 Google Cloud Platform 凭据的问题。它们未被发现,并且您无法与服务交互。以下是有关如何设置这些设置的一些说明。将GOOGLE_APPLICATION_CREDENTIALS环境变量指向凭证文件或通过 SDK 进行身份验证。