ADO 管道环境 Kubernetes On-Prem 资源连接因 x509 失败:由未知授权机构签名的证书
ADO Pipeline Environment Kubernetes On-Prem Resource Connection failing with x509: certificate signed by unknown authority
我正在尝试使用 ADO 管道环境功能设置多级 ADO 管道。
第 1 阶段:使用 Maven 构建基于 Spring-boot 的 Java 微服务。
第 2 阶段:使用 Helm 3 部署上述内容。HelmDeploy@0 任务使用环境,其中有一个名为 tools-dev 的资源(一个 kubernetes 命名空间),我希望在其中使用 Helm chart 部署此服务。
它在最后一步失败并出现此错误:
/usr/local/bin/helm upgrade --install --values /azp/agent/_work/14/a/values.yaml --wait --set ENV=dev --set-file appProperties=/azp/agent/_work/14/a/properties.yaml --history-max 2 --stderrthreshold 3 java-rest-template k8s-common-helm/rest-template-helm-demo
Error: Kubernetes cluster unreachable: Get "https://rancher.msvcprd.windstream.com/k8s/clusters/c-gkffz/version?timeout=32s": x509: certificate signed by unknown authority
##[error]Error: Kubernetes cluster unreachable: Get "https://rancher.msvcprd.windstream.com/k8s/clusters/c-gkffz/version?timeout=32s": x509: certificate signed by unknown authority**
完成:Helm 部署
我使用设置部分中指定的 kubectl 命令在环境中创建了 Kubernetes 资源。
部署阶段流水线摘录:
- stage: Deploy
displayName: kubernetes deployment
dependsOn: Build
condition: succeeded('Build')
jobs:
- deployment: deploy
pool: $(POOL_NAME)
displayName: Deploy
environment: dev-az-s-central-k8s2.tools-dev
strategy:
runOnce:
deploy:
steps:
- bash: |
helm repo add \
k8s-common-helm \
http://nexus.windstream.com/repository/k8s-helm/
helm repo update
displayName: 'Add and Update Helm repo'
failOnStderr: false
- task: HelmDeploy@0
inputs:
command: 'upgrade'
releaseName: '$(RELEASE_NAME)'
chartName: '$(HELM_CHART_NAME)'
valueFile: '$(Build.ArtifactStagingDirectory)/values.yaml'
arguments: '--set ENV=$(ENV) --set-file appProperties=$(Build.ArtifactStagingDirectory)/properties.yaml --history-max 2 --stderrthreshold 3'
displayName: 'Helm Deploy'
环境设置:
名称:dev-az-s-central-k8s2
资源:tools-dev(注意:这是我尝试连接的本地 k8s 集群)。
你能告诉我解决这个 x509 证书问题需要什么额外的配置吗?
检查 this 文档:
The issue is that your local Kubernetes config file must have the
correct credentials.
When you create a cluster on GKE, it will give you credentials,
including SSL certificates and certificate authorities. These need to
be stored in a Kubernetes config file (Default: ~/.kube/config) so
that kubectl and helm can access them.
此外,检查答案以防
Helm looks for kubeconfig at this path $HOME/.kube/config.
Please run this command
microk8s.kubectl config view --raw > $HOME/.kube/config
This will save the config at required path in your directory and shall
work
我正在尝试使用 ADO 管道环境功能设置多级 ADO 管道。
第 1 阶段:使用 Maven 构建基于 Spring-boot 的 Java 微服务。
第 2 阶段:使用 Helm 3 部署上述内容。HelmDeploy@0 任务使用环境,其中有一个名为 tools-dev 的资源(一个 kubernetes 命名空间),我希望在其中使用 Helm chart 部署此服务。
它在最后一步失败并出现此错误:
/usr/local/bin/helm upgrade --install --values /azp/agent/_work/14/a/values.yaml --wait --set ENV=dev --set-file appProperties=/azp/agent/_work/14/a/properties.yaml --history-max 2 --stderrthreshold 3 java-rest-template k8s-common-helm/rest-template-helm-demo
Error: Kubernetes cluster unreachable: Get "https://rancher.msvcprd.windstream.com/k8s/clusters/c-gkffz/version?timeout=32s": x509: certificate signed by unknown authority
##[error]Error: Kubernetes cluster unreachable: Get "https://rancher.msvcprd.windstream.com/k8s/clusters/c-gkffz/version?timeout=32s": x509: certificate signed by unknown authority**
完成:Helm 部署
我使用设置部分中指定的 kubectl 命令在环境中创建了 Kubernetes 资源。
部署阶段流水线摘录:
- stage: Deploy
displayName: kubernetes deployment
dependsOn: Build
condition: succeeded('Build')
jobs:
- deployment: deploy
pool: $(POOL_NAME)
displayName: Deploy
environment: dev-az-s-central-k8s2.tools-dev
strategy:
runOnce:
deploy:
steps:
- bash: |
helm repo add \
k8s-common-helm \
http://nexus.windstream.com/repository/k8s-helm/
helm repo update
displayName: 'Add and Update Helm repo'
failOnStderr: false
- task: HelmDeploy@0
inputs:
command: 'upgrade'
releaseName: '$(RELEASE_NAME)'
chartName: '$(HELM_CHART_NAME)'
valueFile: '$(Build.ArtifactStagingDirectory)/values.yaml'
arguments: '--set ENV=$(ENV) --set-file appProperties=$(Build.ArtifactStagingDirectory)/properties.yaml --history-max 2 --stderrthreshold 3'
displayName: 'Helm Deploy'
环境设置: 名称:dev-az-s-central-k8s2 资源:tools-dev(注意:这是我尝试连接的本地 k8s 集群)。
你能告诉我解决这个 x509 证书问题需要什么额外的配置吗?
检查 this 文档:
The issue is that your local Kubernetes config file must have the correct credentials.
When you create a cluster on GKE, it will give you credentials, including SSL certificates and certificate authorities. These need to be stored in a Kubernetes config file (Default:
~/.kube/config) so thatkubectlandhelmcan access them.
此外,检查答案以防
Helm looks for kubeconfig at this path $HOME/.kube/config.
Please run this command
microk8s.kubectl config view --raw > $HOME/.kube/configThis will save the config at required path in your directory and shall work