dtsps2098 2018-09-11 15:15
浏览 51
已采纳

Google容器集群作为配置

I am trying to use the kubernetes go-client with cloud.google.com/go/container. I create the cluster using the google cloud go container package, then I want to deploy on that cluster using go-client. The out of cluster example given by the go-client uses the kube config file to get the credentials for the cluster. But since I just created this cluster within my application I don’t have that config file.

How can I setup a “k8s.io/client-go/rest” config with a "google.golang.org/genproto/googleapis/container/v1" Cluster? What are the required fields? The code below is what I currently have (without showing the actual CA certificate).

func getConfig(cluster *containerproto.Cluster) *rest.Config {
    return &rest.Config{
        Host:     "https://" + cluster.GetEndpoint(),
        TLSClientConfig: rest.TLSClientConfig{
            Insecure: false,
            CAData: []byte(`-----BEGIN CERTIFICATE-----
                ...
                -----END CERTIFICATE-----`),
        },
    }

It results in this error: x509: certificate signed by unknown authority. So there is obviously something missing. Any other approach is more than welcome! Thanks in advance

  • 写回答

2条回答 默认 最新

  • 普通网友 2018-09-18 21:15
    关注

    The ClientCertificate, ClientKey and ClusterCaCertificate need to be decoded as described here

    func CreateK8sClientFromCluster(cluster *gkev1.Cluster) {
    decodedClientCertificate, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClientCertificate)
    if err != nil {
        fmt.Println("decode client certificate error:", err)
        return
    }
    decodedClientKey, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClientKey)
    if err != nil {
        fmt.Println("decode client key error:", err)
        return
    }
    decodedClusterCaCertificate, err := base64.StdEncoding.DecodeString(cluster.MasterAuth.ClusterCaCertificate)
    if err != nil {
        fmt.Println("decode cluster CA certificate error:", err)
        return
    }

    config := &rest.Config{
        Username: cluster.MasterAuth.Username,
        Password: cluster.MasterAuth.Password,
        Host:     "https://" + cluster.Endpoint,
        TLSClientConfig: rest.TLSClientConfig{
            Insecure: false,
            CertData: decodedClientCertificate,
            KeyData:  decodedClientKey,
            CAData:   decodedClusterCaCertificate,
        },
    }

    clientset, err := kubernetes.NewForConfig(config)
    if err != nil {
        fmt.Printf("failed to get k8s client set from config: %s
", err)
        return
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 ogg dd trandata 报错
  • ¥15 高缺失率数据如何选择填充方式
  • ¥50 potsgresql15备份问题
  • ¥15 Mac系统vs code使用phpstudy如何配置debug来调试php
  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错