英文:
parsed kubeconfig is invalid for incluster kube-rs usage
问题
我正试图在k8s部署中从kube-rs/kube内部使用它,如下所示:
```rust
let client = Client::try_default().await?;
但在尝试将JWT令牌作为kubeconfig文件处理时出现错误:
kubeconfig:(解析的kubeconfig结构无效:无效类型:字符串“XXX”
其中XXX是一个b64令牌。
我找不到任何文档来解释如何在incluster与独立模式下不同实例化客户端(独立模式正常工作,因为它在我的开发机器上找到~/.kube/config
)。
K8s集群由Digital Ocean管理。
我的图表创建了一个服务帐户,该服务帐户在解码的令牌中被命名,kube-rs调用以实例化客户端,它尝试将令牌处理为kubeconfig
文件时出现问题。
<details>
<summary>英文:</summary>
I am trying to use kube-rs/kube from within a k8s deployment as:
let client = Client::try_default().await?;
but get errors as it tries to process a JWT token as a kubeconfig file:
kubeconfig: (the structure of the parsed kubeconfig is invalid: invalid type: string "XXX"
where XXX is a b64 token.
I can't find any docs explaining how to instantiate the client differently incluster vs standalone (standalone works as it finds `~/.kube/config` on my dev machine).
The k8s cluster is managed k8s at Digital Ocean.
My chart creates a service account which is named in the decoded token the kube-rs call to instantiate the client is choking on as it tries to process the token as a `kubeconfig` file.
</details>
# 答案1
**得分**: 0
问题与 kube-rs 的使用无关。我的服务帐户在我的图表中被错误地指定,并且错误地定义了 `KUBECONFIG` 环境变量,告诉我的应用程序将令牌文件视为 `kubeconfig`。
移除 `KUBECONFIG` 环境变量,并移除服务帐户的显式卷挂载解决了这个问题,现在代码足够智能,能够识别它是否处于 `incluster` 上下文中。
<details>
<summary>英文:</summary>
Issue was not related to kube-rs usage. My service account was improperly specified in my chart and a `KUBECONFIG` env var was erroneously defined telling my app to think the token file was a `kubeconfig`.
Removing the `KUBECONFIG` env var and removing the explicit volume mounts for the service account solved this issue and the code is now smart enough to recognize when it is in `incluster` context.
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论