问题描述
我曾经能够卷曲
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1beta3/namespaces/default/
作为我的基本 URL,但在 kubernetes 0.18.0 中它给了我未经授权".奇怪的是,如果我使用API机器的外部IP地址(http://172.17.8.101:8080/api/v1beta3/namespaces/default/
),它工作得很好.
as my base URL, but in kubernetes 0.18.0 it gives me "unauthorized". The strange thing is that if I used the external IP address of the API machine (http://172.17.8.101:8080/api/v1beta3/namespaces/default/
), it works just fine.
推荐答案
在官方文档中我找到了这个:
In the official documentation I found this:
显然我遗漏了一个在 Kubernetes 的先前版本中不需要的安全令牌.从那以后,我设计了一个我认为比在我的容器上运行代理或安装 golang 更简单的解决方案.请参阅此示例,该示例从 api 获取当前容器的信息:
Apparently I was missing a security token that I didn't need in a previous version of Kubernetes. From that, I devised what I think is a simpler solution than running a proxy or installing golang on my container. See this example that gets the information, from the api, for the current container:
KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
curl -sSk -H "Authorization: Bearer $KUBE_TOKEN"
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/default/pods/$HOSTNAME
我还使用了一个简单的二进制文件 jq (http://stedolan.github.io/jq/download/),解析用于 bash 脚本的 json.
I also use include a simple binary, jq (http://stedolan.github.io/jq/download/), to parse the json for use in bash scripts.
这篇关于如何从 pod 容器中访问 Kubernetes api?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!