10

error: the server doesn't have a resource type "svc"在遵循本指南的同时测试kubectl配置时获取:

https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html

详细错误

$ kubectl get svc -v=8

I0712 15:30:24.902035   93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test
I0712 15:30:24.902741   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:24.902762   93745 round_trippers.go:390] Request Headers:
I0712 15:30:24.902768   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:24.902773   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.425614   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 522 milliseconds
I0712 15:30:25.425651   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.425657   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.425662   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.425670   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.426757   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.428104   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.428239   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.428258   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.428268   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.428278   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.577788   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.577818   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.577838   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.577854   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.577868   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.578876   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.579492   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.579851   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.579864   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.579873   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.579879   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.729513   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.729541   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.729547   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.729552   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.729557   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.730606   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.731228   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.731254   93745 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0712 15:30:25.731493   93745 helpers.go:119] error: the server doesn't have a resource type "svc"

AWS 中 EKS 集群的屏幕截图

在此处输入图像描述

版本

kubectl version

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:03:09Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client to provide credentials)

配置

Kubctl 配置

$ kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

AWS 配置

cat .aws/config

[profile personal]
source_profile = personal 

AWS 凭证

$ cat .aws/credentials

[personal]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

 ~/.kube/config-test

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACETED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

类似问题

4

8 回答 8

6

我刚刚遇到了一个类似的问题,我设法通过 aws 支持解决了这个问题。我遇到的问题是集群是使用用户承担的角色创建的,但 kubectl 并没有使用 aws-cli 创建的默认 kube 配置承担此角色。

我通过在 kube 配置的用户部分提供角色解决了这个问题

users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      - -r
      - <arn::of::your::role>
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: personal

我相信 heptio-aws-authenticator 现在已更改为 aws-iam-authenticator,但这种更改使我能够使用集群。

于 2018-11-06T09:49:45.490 回答
3

401 看起来像是权限问题。您的用户是否创建了集群?在文档中:“当您创建 Amazon EKS 集群时,IAM 实体(用户或角色)在集群的 RBAC 配置中被自动授予 system:master 权限。要授予其他 AWS 用户与您的集群交互的能力,您必须编辑Kubernetes 中的 aws-auth ConfigMap。”

如果它是由其他用户创建的,则需要使用该用户,并在 CLI 中对其进行配置以执行 kubectl

于 2018-07-20T14:00:51.183 回答
2

只需删除 .kube 文件夹中的缓存和 http-cache 并尝试运行命令 kubectl get svc 还要确保您的配置文件正确缩进。由于语法错误,有时它可能会抛出该错误。

于 2018-07-31T13:23:21.767 回答
2

需要确保用于在 CLI 中创建集群和执行 kubectl 的凭据相同。就我而言,我通过控制台创建了集群,该集群采用了已过期的 AWS 临时自动售货机凭证,而 kubectl 使用了实际的永久凭证。
为了修复错误,我还从 AWS CLI 创建了集群。

于 2018-11-16T16:06:22.010 回答
1

我遇到了这个问题,我的 KUBECONFIG 环境变量有多个值,它看起来像::/Users/my-user/.kube/config-firstcluster:/Users/my-user/.kube/config-secondcluster

尝试取消设置并将环境变量重置为只有 1 个值,看看是否适合您。

于 2018-07-12T20:01:45.373 回答
0

我有一个类似的问题,无法使用kubectl. 我尝试了以下命令,但我得到了相同的“错误:服务器没有资源类型object_name

kubectl get pod
kubectl get service
kubectl get configmap
kubectl get namespace

我检查了我的 k8s 仪表板,它对我来说工作正常。因此,我了解到当kubectl尝试与kube-apiserver建立连接时存在问题。我决定curl使用现有证书进行 apiserver,但它需要证书密钥和 crt 文件。默认情况下,kubectl 会从中读取配置$HOME/.kube/config并查找上下文。如果有多个集群,请检查 的值current-context: your_user@cluster_name。在该users部分中,检查并按照以下步骤将和your_user的值保存在文件中。client-certificate/client-certificate-dataclient-key/client-key-data

echo "value of client-certificate-data" | base64 --decode > your_user.crt
echo "value of client-key-data" | base64 --decode > your_user.key

#check the validality of certificate
openssl x509 -in your_user.crt -text 

如果证书已过期,则创建一个新证书并尝试进行身份验证

openssl genrsa -out your_user.key 2048
openssl req -new -key your_user.key -subj "/CN=check_cn_from_existing_certificate_crt_file" -out your_user.csr
openssl x509 -req -in your_user.csr -CA /$PATH/ca.crt -CAkey /$PATH/ca.key -out your_user.crt -days 30

# Get the apiserver ip
APISERVER=$(cat ~/.kube/config | grep server | cut -f 2- -d ":" | tr -d " ")

# Authenticate with apiserver using curl command
curl $APISERVER/api/v1/pods \
            --cert your_user.crt \
            --key your_user.key \
            --cacert /$PATH/ca.crt

如果您能够看到 pod,则更新配置文件中的证书

$HOME/.kube/config 的最终输出

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /$PATH/ca.crt
    server: https://192.168.0.143:8443 ($APISERVER)
  name: cluster_name
contexts:
- context:
    cluster: cluster_name
    user: your_user
  name: your_user@cluster_name
current-context: your_user@cluster_name
kind: Config
preferences: {}
users:
- name: your_user
  user:
    client-certificate: /$PATH/your_user.crt
    client-key: /$PATH/your_user.key

现在,您应该能够成功地列出 pod 或其他资源使用kubectl

于 2020-09-25T06:36:59.557 回答
0

我遇到了这个错误,这是一个不同的kube配置问题,所以

error: the server doesn't have a resource type “svc”

错误可能很笼统。

我的情况是,解决方案是删除证书授权数据周围的引号

例子

(不工作)

certificate-authority-data:"xyxyxyxyxyxy"

(在职的)

certificate-authority-data: xyxyxyxyxyxy
于 2018-08-14T16:05:30.403 回答
0

如果您在 UI 中创建集群,可能的解决方案

如果您在 UI 中创建了集群,则可能是 AWSroot用户创建了集群。根据文档,“创建 Amazon EKS 集群时,创建集群的 IAM 实体(用户或角色)将作为管理员(具有 system:master)权限添加到 Kubernetes RBAC 授权表中。最初,只有那个 IAM用户可以使用 kubectl 调用 Kubernetes API 服务器。"

您需要首先以root用户身份登录 AWS CLI,以便更新您希望访问集群的 IAM 用户的权限。

  1. 您需要获取 root 用户的访问密钥并将此信息放在.aws/credentials默认用户下。您可以使用命令执行此操作aws configure

    现在kubectl get svc可以工作了,因为您以最初创建集群的 root 用户身份登录。

  2. 将 aws-auth ConfigMap 应用到集群。按照这些文档中的第 2 步,使用NodeInstanceRoleOutput第 3 步中获得的值:启动和配置 Amazon EKS 工作节点

  3. 要将非根 IAM 用户或角色添加到 Amazon EKS 集群,请按照这些文档中的步骤 3 操作。在该部分中编辑configmap/aws-auth并添加其他需要kubectl访问权限的用户mapUsers

  4. 再次运行aws configure并添加非 root 用户的访问密钥信息。

现在,您可以从 AWS CLI 并使用 kubectl 访问您的集群。

于 2018-11-28T21:52:47.933 回答