在验证kubernetes python客户端时遇到问题 [英] Having problem in authenticating kubernetes python client

问题描述

我的lisNamespaces.py文件

my lisNamespaces.py file

from __future__ import print_function
import time
import kubernetes.client
from kubernetes.client.rest import ApiException

configuration = kubernetes.client.Configuration()
configuration.ssl_ca_cert = 'LS0XXXXXXXXXS0tLQo='
configuration.api_key['authorization'] = 'ZXXXXXXXXXXdw=='
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.host = 'https://aaaaaaaaaaaaaaa.gr7.us-east-1.eks.amazonaws.com'
#configuration.verify_ssl = False


api_instance = kubernetes.client.CoreV1Api(kubernetes.client.ApiClient(configuration))
api_response = api_instance.list_namespace()
for i in api_response.items:
    print(i.metadata.name)

对于 ssl_ca_cert 值，我做了kubectl edit secret nameofsa-token-xyze -n default并使用了ca.crt值.用户具有集群级别的管理员权限

For ssl_ca_cert value i did kubectl edit secret nameofsa-token-xyze -n default and used ca.crt value. user has cluster level admin permissions

对于不记名令牌，我使用了相同的用户令牌.

For bearer token i have used same user TOKEN.

如果我通过设置configuration.verify_ssl = False禁用ssl验证，则我的代码可以正常运行，但会发出警告.

If i disable ssl verification by setting configuration.verify_ssl = False my code works fine but with an warining.

我想知道我在通过ssl_ca_cert时犯了什么错误.请帮助我.

i want to know what mistake i am doing here in passing ssl_ca_cert. please help me with this.

推荐答案

我做过的错误是要传递我直接从kubectl edit secret nameofsa-token-xyze -n default获得的 ca.crt 数据到代码中的configuration.ssl_ca_cert.

Mistake i did was to pass data of ca.crt which i got from kubectl edit secret nameofsa-token-xyze -n default directly to configuration.ssl_ca_cert in the code.

相反，应该做的是使用base64 --decode解码数据，这是我从上述命令(kubectl edit secret nameofsa-token-xyze -n default)获得的，这就是我的方法.

Instead what should be done is to decode the data using base64 --decode, which i got from above command(kubectl edit secret nameofsa-token-xyze -n default), this is how i did it.

kubectl get secrets default-token-nqkdv -n default -o jsonpath='{.data.ca\.crt}' | base64 --decode > ca.crt.

然后我需要在代码中传递ca.crt文件的路径，因此最终代码如下所示:

Then i need to pass the path of ca.crt file in the code, so final code look like below

from __future__ import print_function
import time
import kubernetes.client
from kubernetes.client.rest import ApiException

configuration = kubernetes.client.Configuration()
configuration.ssl_ca_cert = 'ca.crt'
configuration.api_key['authorization'] = 'ZXXXXXXXXXXdw=='
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.host = 'https://aaaaaaaaaaaaaaa.gr7.us-east-1.eks.amazonaws.com'

api_instance = kubernetes.client.CoreV1Api(kubernetes.client.ApiClient(configuration))
api_response = api_instance.list_namespace()
for i in api_response.items:
    print(i.metadata.name)

这篇关于在验证kubernetes python客户端时遇到问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！