当我尝试使用时出现此错误:kubectl --kubeconfig=kubeconfig logs service-76486594c6-gl2l6
我在 AWS 上运行 EKS 集群并对其应用了角色:kubectl --kubeconfig=kubeconfig describe configmap -n kube-system aws-auth
Name: aws-auth
Namespace: kube-system
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","data":{"mapAccounts":"","mapRoles":"- rolearn: arn:aws:iam::1111:role/rolen u...
Data
====
mapUsers:
----
- userarn: arn:aws:iam::1111:user/username
username: username
groups:
- system:masters
mapAccounts:
----
mapRoles:
----
- rolearn: arn:aws:iam::1111:role/role
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
- rolearn: arn:aws:iam::1111:role/role
username: role/1560432619067016189
groups:
- system:masters
我的部署.yaml
apiVersion: v1
kind: Service
metadata:
name: myservice
labels:
app: myservice
spec:
ports:
- port: 80
targetPort: 5000
name: http
- port: 443
targetPort: 5000
name: https
selector:
app: myservice
type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myservice
spec:
replicas: 1
template:
metadata:
labels:
app: myservice
version: v1
spec:
containers:
- name: myservice
image: my_image_to_default_app
resources:
requests:
cpu: "100m"
imagePullPolicy: IfNotPresent #Always
ports:
- containerPort: 5000
我能解决这个问题吗?
我尝试使用以下方法将自签名证书上传到群集:"创建证书",但我仍然不知道如何将其附加到现有的 kubernetes 服务
在 Kubernetes 上设置 TLS 证书,你必须使用 Cert-Manager 设置入口和入口控制器。
使用证书管理器,您可以申请 let's-encrypt 证书,也可以将此证书用作应用程序的 TLS 证书。
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes
如果要设置 SSL 和 tls 证书,可以按照本指南进行操作,并从本教程中获得帮助。 它来自数字海洋。