代理背后的 kubectl [英] kubectl behind a proxy

问题描述

我已按照此处的说明使用 minikube 安装了本地 Kubernetes 集群.

I have installed a local Kubernetes cluster using minikube following the instructions here.

我是公司代理人.因此我设置了 http_proxy 和 https_proxy 环境变量.在 minikube start 命令之后启动集群后，我还将 minikube ip 的值添加到 no_proxy 环境变量中.但是 kubectl 仍然无法连接到集群.

I'm under a corporate proxy. Therefore I have set the http_proxy and https_proxy env vars. Once the cluster is started after minikube start command I also added the value of minikube ip to the no_proxy env var. However still kubectl cannot connect to the cluster.

ubuntu@ros-2:~$ kubectl -v=7 get pods
I0105 10:31:47.773801   17607 loader.go:354] Config loaded from file /home/ubuntu/.kube/config
I0105 10:31:47.775151   17607 round_trippers.go:296] GET https://192.168.42.22:8443/api
I0105 10:31:47.778533   17607 round_trippers.go:303] Request Headers:
I0105 10:31:47.778606   17607 round_trippers.go:306]     Accept: application/json, */*
I0105 10:31:47.778676   17607 round_trippers.go:306]     User-Agent: kubectl/v1.5.1 (linux/amd64) kubernetes/82450d0
I0105 10:31:47.783069   17607 round_trippers.go:321] Response Status:  in 4 milliseconds
I0105 10:31:47.783166   17607 helpers.go:221] Connection error: Get https://192.168.42.22:8443/api: Forbidden port
F0105 10:31:47.783181   17607 helpers.go:116] Unable to connect to the server: Forbidden port

我假设这是因为 kubectl 不知道 no_proxy 设置.对集群进行简单的 curl 就可以了.

I'm assuming this is because of kubectl not being aware of the no_proxy settings. A simple curl to the cluster goes through fine.

ubuntu@ros-2:~$ curl -v -k https://192.168.42.22:8443/api
* Hostname was NOT found in DNS cache
*   Trying 192.168.42.22...
* Connected to 192.168.42.22 (192.168.42.22) port 8443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*        subject: CN=minikube
*        start date: 2017-01-04 16:04:47 GMT
*        expire date: 2018-01-04 16:04:47 GMT
*        issuer: CN=minikubeCA
*        SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /api HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 192.168.42.22:8443
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Thu, 05 Jan 2017 10:33:45 GMT
< Content-Length: 13
<
Unauthorized
* Connection #0 to host 192.168.42.22 left intact

关于如何解决这个问题有什么想法吗?

Any ideas on how to fix this?

推荐答案

修复了这个问题.修复方法是在 NO_PROXY 中也包含 no_proxy 详细信息.

Fixed this. The fix was to have the no_proxy details in NO_PROXY as well.

export NO_PROXY=$no_proxy,$(minikube ip)

相关线程.希望这对某人有用.

这篇关于代理背后的 kubectl的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！