couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server

huangapple go评论106阅读模式
英文:

couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server

问题

我创建了eks集群,试图将其与本地cli连接,为此,我安装了aws-cli,并提供了正确的'aws configure'凭据。我用来连接aws的用户具有与EKS相关的策略。但我仍然收到以下错误...

E0209 21:09:44.893284 2465691 memcache.go:238] 无法获取当前服务器API组列表:服务器要求客户端提供凭据
E0209 21:09:45.571635 2465691 memcache.go:238] 无法获取当前服务器API组列表:服务器要求客户端提供凭据
E0209 21:09:46.380542 2465691 memcache.go:238] 无法获取当前服务器API组列表:服务器要求客户端提供凭据
E0209 21:09:47.105407 2465691 memcache.go:238] 无法获取当前服务器API组列表:服务器要求客户端提供凭据
E0209 21:09:47.869614 2465691 memcache.go:238] 无法获取当前服务器API组列表:服务器要求客户端提供凭据
错误:您必须登录到服务器(服务器要求客户端提供凭据)
英文:

I created the eks cluster trying to connect it with local cli, for that, I installed the aws-cli and also provide the right 'aws configure' credentials. The user which I am using to connect with the aws have the EKS related policy. Still I am getting the following Error ...

E0209 21:09:44.893284 2465691 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0209 21:09:45.571635 2465691 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0209 21:09:46.380542 2465691 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0209 21:09:47.105407 2465691 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
E0209 21:09:47.869614 2465691 memcache.go:238] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)

答案1

得分: 3

以下是您要翻译的内容:

"Well in my case, the aws keys with which I created the cluster and with which I configured the kubectl were different. The two of them were different aws identities."

我的情况是,我用来创建集群和配置 kubectl 的 AWS 密钥是不同的。它们代表了两个不同的 AWS 身份。

"To give another user permission to access the control pane follow this"

要授予另一个用户访问控制面板的权限,请按照以下步骤操作:

How do I resolve the error You must be logged in to the server Unauthorized when I connect to the Amazon EKS API server.

这解决了我的问题。

英文:

Well in my case, the aws keys with which I created the cluster and with which I configured the kubectl were different. The two of them were different aws identities.

To give another user permission to access the control pane follow this

How do I resolve the error You must be logged in to the server Unauthorized when I connect to the Amazon EKS API server.

This solved my problem

答案2

得分: 0

我成功地按照文档指南解决了这个问题:https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html

英文:

I successfully resolve it via following the document guide: https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html

答案3

得分: 0

我的问题通过在AWS配置文件中删除cli_auto_prompt得以解决。

vi ~/.aws/config

[default]
region = us-west-2
# cli_auto_prompt = on

[profile <X>]
region = us-west-2
# cli_auto_prompt = on

另外,在进行上述更改后,请确保再次更新kubeconfig。请确保使用正确的集群名称,区域,并确保CLI中登录的用户在EKS RBACK上具有管理员权限。

aws eks update-kubeconfig --name <EKS_CLUSTER_NAME> --region us-west-2
英文:

My problem got solved by removing cli_auto_prompt in the AWS profile

vi ~/.aws/config

[default]
region = us-west-2
# cli_auto_prompt = on

[profile <X>]
region = us-west-2
# cli_auto_prompt = on

Also, make sure to update the kubeconfig one more time after the above change. Please be sure to use the correct cluster name as well as region and also make sure the logged in user in your CLI do have admin permissions on EKS RBACK.

aws eks update-kubeconfig --name <EKS_CLUSTER_NAME> --region us-west-2

答案4

得分: 0

你可能没有设置到相关的 AWS 帐户,其中所需的 EKS 已设置。

使用 "aws configure list" 来验证您是否连接到正确的配置文件(很可能不正确)。

使用 "aws configure" 来设置正确的帐户。
或者使用相关的 AWS 环境参数。

英文:

You are probably not set to the correct AWS account where the relevant EKS is set.

Use "aws configure list" to verify you are connected to the correct profile (which is probably not correct).

Use "aws configure" to set the correct account.
Or use relevant AWS env parameters instead.

答案5

得分: 0

请查看此链接:
https://repost.aws/knowledge-center/eks-api-server-unauthorized-error

这对我有用,是因为 AWS CLI 用户与创建集群的用户不一致导致的问题,当使用相同的用户解决时。

英文:

Check this link
https://repost.aws/knowledge-center/eks-api-server-unauthorized-error

this worked for me, it was due to aws cli user is not the user used to create the cluster
solved when same user used for both

答案6

得分: 0

在我的情况下,我遇到了类似的错误,因为我使用了“default” systemd cgroup 驱动器(这是 Kubernetes 现在的默认值)。然而,如果您不使用 Docker,而是使用 containerd + runc, 将默认使用 cgroupfs cgroup 驱动器。这个差异不会显示为实际错误,但会导致上述错误。

所以基本上我没有执行这个操作:https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd

英文:

In my case, I got a similar error by having the "default" systemd cgroup driver (that is Kubernetes' default nowadays). However, if you don't use docker but containerd + runc, this will default to using cgroupfs cgroup driver. This difference will not show up as an actual error BUT it will lead to above error.

So basically I did not do THIS: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd

答案7

得分: 0

我在使用不同于平常的AWS帐户时设置了环境变量:

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=

我不需要它们来从我的计算机访问其他AWS帐户 - 凭证是以不同的方式管理的,但我不得不删除这些变量,以使通常的连接再次工作。

在类似的情况下,您可能需要:

  1. 也删除它们,
  2. 将它们更改为正确的值。
英文:

I was working with a different AWS account than usual, so I set the environment variables:

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=

I do not need them to access other AWS accounts from my computer - credentials are managed differently, but I had to remove those variables to make the usual connection work again.

In similar scenarios you may need to:

  1. Remove them as well,
  2. Change them to correct values.

答案8

得分: -2

相同的错误发生在我的k3d上。看起来证书已经过期。我尝试了这个并且它有效:

k3d kubeconfig get <name_of_cluster>
k3d kubeconfig merge <name_of_cluster> -d -u
k3d cluster stop <name_of_cluster>
k3d cluster start <name_of_cluster>
英文:

The same error happened to me on k3d. Seems like the certificates were expired. I tried this and it worked

k3d kubeconfig get &lt;name_of_cluster&gt;
k3d kubeconfig merge &lt;name_of_cluster&gt; -d –u 
k3d cluster stop &lt;name_of_cluster&gt; 
k3d cluster start &lt;name_of_cluster&gt; 

huangapple
  • 本文由 发表于 2023年2月10日 10:13:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/75406313.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定