使用kubeconfig(而不是使用gcloud)从DO集群连接到GKE集群。

huangapple
go评论66阅读模式
英文:

Connect GKE cluster from DO cluster by using kubeconfig (not using gcloud)

问题

我在Digital Ocean上有一个集群。我的项目的API在DO上。我的镜像来自google/cloud-sdk:alpine,我还使用以下命令安装了gke-gcloud-auth-plugin:

gcloud components install gke-gcloud-auth-plugin

我在Google Kubernetes Engine上还有另一个集群。我想从我的在DO上的API上创建、列出、删除gke集群上的pod。我使用kubernetes go客户端。我将gke集群的kubeconfig文件提供给go客户端。但是当我尝试执行操作(比如列出pod)时,我收到以下错误:

 cred.go:145] print credential failed with error: Failed to retrieve access token:: failure while executing gcloud, with args [config config-helper --format=json]: exit status 1
2023/04/04 07:28:21 code: get_pod_error, error: Get "https://..../api/v1/namespaces/default/pods/cloud-flow-80117068-9715-4374-b91b-799472d647be": getting credentials: exec: executable gke-gcloud-auth-plugin failed with exit code 1

我使用相同的方法在DO的另一个集群上创建或删除pod,并且成功工作。

简而言之,我想通过使用GKE的kubeconfig文件从DO集群连接到GKE集群。有没有遇到相同问题的人?
谢谢。

英文:

<br/>
I have a cluster on Digital Ocean. The API of my project is in DO. My image is from google/cloud-sdk:alpine and also I installed gke-gcloud-auth-plugin with the following command

gcloud components install gke-gcloud-auth-plugin

I have another cluster on Google Kubernetes Engine. I want to create, list, delete pods on gke cluster from my api which is in DO. I use kubernetes go client. I give the kubeconfig file of gke cluster to go client. But when I try to do an operation (like listing pods) I get the following error:

 cred.go:145] print credential failed with error: Failed to retrieve access token:: failure while executing gcloud, with args [config config-helper --format=json]: exit status 1
2023/04/04 07:28:21 code: get_pod_error, error: Get &quot;https://..../api/v1/namespaces/default/pods/cloud-flow-80117068-9715-4374-b91b-799472d647be&quot;: getting credentials: exec: executable gke-gcloud-auth-plugin failed with exit code 1

I used the same method to create or delete pods on another cluster in DO and worked successfuly.

Briefly I want to connect GKE cluster from DO cluster by using kubeconfig file of GKE
Is there anyone who encounter with the same problem?
Thanks..

答案1

得分: 2

最后我像下面这样解决了:

1:创建一个带有令牌和服务帐号的密钥。然后将它们关联起来。
2:创建一个集群角色(授予必要的权限)和集群角色绑定。将它们关联起来。
3:将服务帐号和集群角色绑定关联起来。

现在你可以使用令牌连接到 GKE 集群,而无需使用 gke-gcloud-auth-plugin。
如果我不使用令牌参数,输出结果如下:

使用kubeconfig(而不是使用gcloud)从DO集群连接到GKE集群。

但是,如果我使用令牌,它可以成功工作。
使用kubeconfig(而不是使用gcloud)从DO集群连接到GKE集群。

同时,使用令牌并打印 Pod 的 Go 代码如下:

package main

import (
	"context"
	"fmt"
	"os"

	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/tools/clientcmd"
)

func main() {
	// kubeconfig 文件的路径
	kubeconfigPath := "/home/latif/.kube/config"

	// 从 kubeconfig 文件构建配置
	config, err := clientcmd.BuildConfigFromFlags("", kubeconfigPath)
	if err != nil {
		fmt.Printf("Error building config from kubeconfig: %v", err)
		os.Exit(1)
	}

	// 设置认证令牌
	config.BearerToken = "my_token"

	// 创建一个新的 Kubernetes 客户端
	clientset, err := kubernetes.NewForConfig(config)
	if err != nil {
		fmt.Printf("Error creating Kubernetes client: %v", err)
		os.Exit(1)
	}

	// 获取默认命名空间中的 Pod 列表
	pods, err := clientset.CoreV1().Pods("default").List(context.Background(), v1.ListOptions{})
	if err != nil {
		fmt.Printf("Error getting pods: %v", err)
		os.Exit(1)
	}

	// 打印每个 Pod 的名称
	for _, pod := range pods.Items {
		fmt.Println(pod.Name)
	}
}




<details>
<summary>英文:</summary>

Finally I solved like following:

1: Create a secret with a token and service account. Then associate them.&lt;br/&gt;
2: Create a clusterrole (give necessary permissions) and clusterrolebinding. Associate them. &lt;br/&gt;
3: Associate the service account and clusterrolebinding. 

Now you can use the token to connect gke cluster without using gke-gcloud-auth-plugin. &lt;br/&gt;
If I dont use the token argument, the output is: &lt;br/&gt;

 [![enter image description here][1]][1]

But , if I use the token, it works successfully
[![enter image description here][2]][2]


  [1]: https://i.stack.imgur.com/v31lx.png
  [2]: https://i.stack.imgur.com/fYyfo.png
&lt;br/&gt;&lt;br/&gt;

Also the go code that uses token and prints the pods is like following:

    package main
    
    import (
    	&quot;context&quot;
    	&quot;fmt&quot;
    	&quot;os&quot;
    
    	v1 &quot;k8s.io/apimachinery/pkg/apis/meta/v1&quot;
    	&quot;k8s.io/client-go/kubernetes&quot;
    	&quot;k8s.io/client-go/tools/clientcmd&quot;
    )
    
    func main() {
    	// Path to the kubeconfig file
    	kubeconfigPath := &quot;/home/latif/.kube/config&quot;
    
    	// Build the configuration from the kubeconfig file
    	config, err := clientcmd.BuildConfigFromFlags(&quot;&quot;, kubeconfigPath)
    	if err != nil {
    		fmt.Printf(&quot;Error building config from kubeconfig: %v&quot;, err)
    		os.Exit(1)
    	}
    
    	// Set the authentication token
    	config.BearerToken = &quot;my_token&quot;
    
    	// Create a new Kubernetes client
    	clientset, err := kubernetes.NewForConfig(config)
    	if err != nil {
    		fmt.Printf(&quot;Error creating Kubernetes client: %v&quot;, err)
    		os.Exit(1)
    	}
    
    	// Get the list of pods in the default namespace
    	pods, err := clientset.CoreV1().Pods(&quot;default&quot;).List(context.Background(), v1.ListOptions{})
    	if err != nil {
    		fmt.Printf(&quot;Error getting pods: %v&quot;, err)
    		os.Exit(1)
    	}
    
    	// Print the name of each pod
    	for _, pod := range pods.Items {
    		fmt.Println(pod.Name)
    	}
    }



</details>

huangapple
  • 本文由 发表于 2023年4月4日 15:54:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/75926824.html
  • digital-ocean
  • go
  • google-kubernetes-engine
  • kubernetes
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定