kubernetes - 错误：服务器没有资源类型“svc”

Question

error: the server doesn't have a resource type "svc"在遵循本指南的同时测试kubectl配置时获取：

https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html

详细错误

$ kubectl get svc -v=8

I0712 15:30:24.902035   93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test
I0712 15:30:24.902741   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:24.902762   93745 round_trippers.go:390] Request Headers:
I0712 15:30:24.902768   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:24.902773   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.425614   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 522 milliseconds
I0712 15:30:25.425651   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.425657   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.425662   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.425670   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.426757   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.428104   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.428239   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.428258   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.428268   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.428278   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.577788   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.577818   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.577838   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.577854   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.577868   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.578876   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.579492   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.579851   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.579864   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.579873   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.579879   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.729513   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.729541   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.729547   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.729552   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.729557   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.730606   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.731228   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.731254   93745 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0712 15:30:25.731493   93745 helpers.go:119] error: the server doesn't have a resource type "svc"

AWS 中 EKS 集群的屏幕截图

版本

kubectl version

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:03:09Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client to provide credentials)

配置

Kubctl 配置

$ kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

AWS 配置

cat .aws/config

[profile personal]
source_profile = personal 

AWS 凭证

$ cat .aws/credentials

[personal]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

 ~/.kube/config-test

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACETED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

类似问题

• 错误-服务器-没有资源-类型-svc
• the-connection-to-the-server-localhost8080-was-refused-did-you-specify-the-ri

Answer 1

我刚刚遇到了一个类似的问题，我设法通过 aws 支持解决了这个问题。我遇到的问题是集群是使用用户承担的角色创建的，但 kubectl 并没有使用 aws-cli 创建的默认 kube 配置承担此角色。

我通过在 kube 配置的用户部分提供角色解决了这个问题

users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      - -r
      - <arn::of::your::role>
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: personal

我相信 heptio-aws-authenticator 现在已更改为 aws-iam-authenticator，但这种更改使我能够使用集群。

Answer 2

401 看起来像是权限问题。您的用户是否创建了集群？在文档中：“当您创建 Amazon EKS 集群时，IAM 实体（用户或角色）在集群的 RBAC 配置中被自动授予 system:master 权限。要授予其他 AWS 用户与您的集群交互的能力，您必须编辑Kubernetes 中的 aws-auth ConfigMap。”

如果它是由其他用户创建的，则需要使用该用户，并在 CLI 中对其进行配置以执行 kubectl

Answer 3

只需删除 .kube 文件夹中的缓存和 http-cache 并尝试运行命令 kubectl get svc 还要确保您的配置文件正确缩进。由于语法错误，有时它可能会抛出该错误。

Answer 4

需要确保用于在 CLI 中创建集群和执行 kubectl 的凭据相同。就我而言，我通过控制台创建了集群，该集群采用了已过期的 AWS 临时自动售货机凭证，而 kubectl 使用了实际的永久凭证。
为了修复错误，我还从 AWS CLI 创建了集群。

Answer 5

我遇到了这个问题，我的 KUBECONFIG 环境变量有多个值，它看起来像：：/Users/my-user/.kube/config-firstcluster:/Users/my-user/.kube/config-secondcluster

尝试取消设置并将环境变量重置为只有 1 个值，看看是否适合您。

Answer 6

我有一个类似的问题，无法使用kubectl. 我尝试了以下命令，但我得到了相同的“错误：服务器没有资源类型object_name”

kubectl get pod
kubectl get service
kubectl get configmap
kubectl get namespace

我检查了我的 k8s 仪表板，它对我来说工作正常。因此，我了解到当kubectl尝试与kube-apiserver建立连接时存在问题。我决定curl使用现有证书进行 apiserver，但它需要证书密钥和 crt 文件。默认情况下，kubectl 会从中读取配置$HOME/.kube/config并查找上下文。如果有多个集群，请检查 的值current-context: your_user@cluster_name。在该users部分中，检查并按照以下步骤将和your_user的值保存在文件中。client-certificate/client-certificate-dataclient-key/client-key-data

echo "value of client-certificate-data" | base64 --decode > your_user.crt
echo "value of client-key-data" | base64 --decode > your_user.key

#check the validality of certificate
openssl x509 -in your_user.crt -text 

如果证书已过期，则创建一个新证书并尝试进行身份验证

openssl genrsa -out your_user.key 2048
openssl req -new -key your_user.key -subj "/CN=check_cn_from_existing_certificate_crt_file" -out your_user.csr
openssl x509 -req -in your_user.csr -CA /$PATH/ca.crt -CAkey /$PATH/ca.key -out your_user.crt -days 30

# Get the apiserver ip
APISERVER=$(cat ~/.kube/config | grep server | cut -f 2- -d ":" | tr -d " ")

# Authenticate with apiserver using curl command
curl $APISERVER/api/v1/pods \
            --cert your_user.crt \
            --key your_user.key \
            --cacert /$PATH/ca.crt

如果您能够看到 pod，则更新配置文件中的证书

$HOME/.kube/config 的最终输出

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /$PATH/ca.crt
    server: https://192.168.0.143:8443 ($APISERVER)
  name: cluster_name
contexts:
- context:
    cluster: cluster_name
    user: your_user
  name: your_user@cluster_name
current-context: your_user@cluster_name
kind: Config
preferences: {}
users:
- name: your_user
  user:
    client-certificate: /$PATH/your_user.crt
    client-key: /$PATH/your_user.key

现在，您应该能够成功地列出 pod 或其他资源使用kubectl

Answer 7

我遇到了这个错误，这是一个不同的kube配置问题，所以

error: the server doesn't have a resource type “svc”

错误可能很笼统。

我的情况是，解决方案是删除证书授权数据周围的引号

例子

（不工作）

certificate-authority-data:"xyxyxyxyxyxy"

（在职的）

certificate-authority-data: xyxyxyxyxyxy

Answer 8

如果您在 UI 中创建集群，可能的解决方案

如果您在 UI 中创建了集群，则可能是 AWSroot用户创建了集群。根据文档，“创建 Amazon EKS 集群时，创建集群的 IAM 实体（用户或角色）将作为管理员（具有 system:master）权限添加到 Kubernetes RBAC 授权表中。最初，只有那个 IAM用户可以使用 kubectl 调用 Kubernetes API 服务器。"

您需要首先以root用户身份登录 AWS CLI，以便更新您希望访问集群的 IAM 用户的权限。

1. 您需要获取 root 用户的访问密钥并将此信息放在.aws/credentials默认用户下。您可以使用命令执行此操作aws configure

   现在kubectl get svc可以工作了，因为您以最初创建集群的 root 用户身份登录。

2. 将 aws-auth ConfigMap 应用到集群。按照这些文档中的第 2 步，使用NodeInstanceRole您Output从第 3 步中获得的值：启动和配置 Amazon EKS 工作节点

3. 要将非根 IAM 用户或角色添加到 Amazon EKS 集群，请按照这些文档中的步骤 3 操作。在该部分中编辑configmap/aws-auth并添加其他需要kubectl访问权限的用户mapUsers。

4. 再次运行aws configure并添加非 root 用户的访问密钥信息。

现在，您可以从 AWS CLI 并使用 kubectl 访问您的集群。