error: the server doesn't have a resource type "svc"

error: the server doesn't have a resource type "svc"

在按照本指南测试 kubectl 配置时获得 error: the server doesn't have a resource type "svc"

https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html

详细错误

$ kubectl get svc -v=8

I0712 15:30:24.902035   93745 loader.go:357] Config loaded from file /Users/matt.canty/.kube/config-test
I0712 15:30:24.902741   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:24.902762   93745 round_trippers.go:390] Request Headers:
I0712 15:30:24.902768   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:24.902773   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.425614   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 522 milliseconds
I0712 15:30:25.425651   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.425657   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.425662   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.425670   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.426757   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.428104   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.428239   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.428258   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.428268   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.428278   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.577788   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.577818   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.577838   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.577854   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.577868   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.578876   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.579492   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.579851   93745 round_trippers.go:383] GET https://REDACTED.yl4.us-east-1.eks.amazonaws.com/api
I0712 15:30:25.579864   93745 round_trippers.go:390] Request Headers:
I0712 15:30:25.579873   93745 round_trippers.go:393]     Accept: application/json, */*
I0712 15:30:25.579879   93745 round_trippers.go:393]     User-Agent: kubectl/v1.10.3 (darwin/amd64) kubernetes/2bba012
I0712 15:30:25.729513   93745 round_trippers.go:408] Response Status: 401 Unauthorized in 149 milliseconds
I0712 15:30:25.729541   93745 round_trippers.go:411] Response Headers:
I0712 15:30:25.729547   93745 round_trippers.go:414]     Content-Type: application/json
I0712 15:30:25.729552   93745 round_trippers.go:414]     Content-Length: 129
I0712 15:30:25.729557   93745 round_trippers.go:414]     Date: Thu, 12 Jul 2018 14:30:25 GMT
I0712 15:30:25.730606   93745 request.go:874] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
I0712 15:30:25.731228   93745 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0712 15:30:25.731254   93745 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0712 15:30:25.731493   93745 helpers.go:119] error: the server doesn't have a resource type "svc"

AWS 中 EKS 集群的屏幕截图

版本

kubectl version

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-28T20:03:09Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
error: You must be logged in to the server (the server has asked for the client to provide credentials)

配置

Kubctl 配置

$ kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

AWS 配置

cat .aws/config

[profile personal]
source_profile = personal

AWS 凭证

$ cat .aws/credentials

[personal]
aws_access_key_id = REDACTED
aws_secret_access_key = REDACTED

~/.kube/config-test

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACETED
    server: https://REDACTED.yl4.us-east-1.eks.amazonaws.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      command: heptio-authenticator-aws
      env:
      - name: AWS_PROFILE
        value: personal

类似问题

我有一个问题,我的 KUBECONFIG 环境变量有多个值,它看起来像: :/Users/my-user/.kube/config-firstcluster:/Users/my-user/.kube/config-secondcluster

尝试取消设置并将环境变量重置为只有 1 个值,看看是否适合您。

401 看起来像是权限问题。您的用户是否创建了集群? 在文档中:"When you create an Amazon EKS cluster, the IAM entity (user or role) is automatically granted system:master permissions in the cluster's RBAC configuration. To grant additional AWS users the ability to interact with your cluster, you must edit the aws-auth ConfigMap within Kubernetes."

如果它是由不同的用户创建的,您将需要使用该用户,在 CLI 中将其配置为执行 kubectl

只需删除 .kube 文件夹中的缓存和 http-缓存,然后尝试 运行 命令 kubectl 获取 svc 还要确保您的配置文件正确缩进。由于语法错误,有时它可能会抛出该错误。

我 运行 遇到了这个错误,这是一个 不同 kube 配置问题,所以 

error: the server doesn't have a resource type “svc”

错误可能非常普遍。

就我而言,解决方案是删除 certificate-authority-data 周围的引号

例子

(不工作)

certificate-authority-data:"xyxyxyxyxyxy"

(工作)

certificate-authority-data: xyxyxyxyxyxy

我刚刚遇到了一个类似的问题,我通过 aws 支持设法解决了该问题。我遇到的问题是集群是使用用户承担的角色创建的,但是 kubectl 没有使用 aws-cli 创建的默认 kube 配置承担这个角色。

我通过在 kube 配置的用户部分提供角色解决了这个问题

users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      args:
      - token
      - -i
      - test
      - -r
      - <arn::of::your::role>
      command: aws-iam-authenticator
      env:
      - name: AWS_PROFILE
        value: personal

我相信 heptio-aws-authenticator 现在已经更改为 aws-iam-authenticator,但这一更改使我能够使用集群。

需要确保用于在 CLI 中创建集群和执行 kubectl 的凭据相同。在我的例子中,我通过控制台创建了集群,该控制台采用了 AWS 临时自动售货机凭证,该凭证已过期,而 kubectl 使用实际的永久凭证。
为了修复错误,我还从 AWS CLI 创建了集群。

如果您在 UI

中创建集群,可能的解决方案

如果您在 UI 中创建了集群,则可能是 AWS root 用户创建了集群。根据文档,"When an Amazon EKS cluster is created, the IAM entity (user or role) that creates the cluster is added to the Kubernetes RBAC authorization table as the administrator (with system:master) permissions. Initially, only that IAM user can make calls to the Kubernetes API server using kubectl. "

您需要首先以 root 用户身份登录 AWS CLI,以便更新您希望访问集群的 IAM 用户的权限。

  1. 您需要获取 access key for the root user 并将此信息放入默认用户下的 .aws/credentials 中。您可以使用命令 aws configure

    执行此操作

    现在 kubectl get svc 可以工作了,因为您是作为最初创建集群的 root 用户登录的。

  2. Apply the aws-auth ConfigMap to the cluster. Follow step 2 from these docs, using the NodeInstanceRole value you got as the Output from Step 3: Launch and Configure Amazon EKS Worker Nodes

  3. To add a non-root IAM user or role to an Amazon EKS cluster,按照这些文档中的步骤 3 进行操作。 编辑 configmap/aws-auth 并在 mapUsers 部分添加其他需要 kubectl 访问权限的用户。

  4. 运行 aws configure 并添加非根用户的访问密钥信息。

现在您可以从 AWS CLI 和使用 kubectl 访问您的集群。

我有一个类似的问题,无法使用 kubectl 列出任何 kubernetes 对象。我尝试了以下命令,但我得到了相同的“错误:服务器没有资源类型 object_name

kubectl get pod
kubectl get service
kubectl get configmap
kubectl get namespace

我检查了我的 k8s 仪表板,它对我来说工作正常。因此,我了解到 kubectl 尝试与 kube-apiserver 建立连接时出现问题。我决定 curl 带有现有证书的 apiserver,但它需要证书密钥和 crt 文件。默认情况下,kubectl 从 $HOME/.kube/config 读取配置并查找上下文。如果有多个集群,请检查 current-context: your_user@cluster_name 的值。在 users 部分,检查 your_user 并按照以下步骤将 client-certificate/client-certificate-dataclient-key/client-key-data 的值保存在文件中。

echo "value of client-certificate-data" | base64 --decode > your_user.crt
echo "value of client-key-data" | base64 --decode > your_user.key

#check the validality of certificate
openssl x509 -in your_user.crt -text

如果证书已过期,则创建一个新证书并尝试进行身份验证

openssl genrsa -out your_user.key 2048
openssl req -new -key your_user.key -subj "/CN=check_cn_from_existing_certificate_crt_file" -out your_user.csr
openssl x509 -req -in your_user.csr -CA /$PATH/ca.crt -CAkey /$PATH/ca.key -out your_user.crt -days 30

# Get the apiserver ip
APISERVER=$(cat ~/.kube/config | grep server | cut -f 2- -d ":" | tr -d " ")

# Authenticate with apiserver using curl command
curl $APISERVER/api/v1/pods \
            --cert your_user.crt \
            --key your_user.key \
            --cacert /$PATH/ca.crt

如果您能够看到 pods 则更新配置文件中的证书

$HOME/.的最终输出。kube/config

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /$PATH/ca.crt
    server: https://192.168.0.143:8443 ($APISERVER)
  name: cluster_name
contexts:
- context:
    cluster: cluster_name
    user: your_user
  name: your_user@cluster_name
current-context: your_user@cluster_name
kind: Config
preferences: {}
users:
- name: your_user
  user:
    client-certificate: /$PATH/your_user.crt
    client-key: /$PATH/your_user.key

现在,您应该能够使用 kubectl

成功列出 pod 或其他资源