"current-context" 是 kubeconfig 文件中的强制键吗?
Is "current-context" a mandatory key in a kubeconfig file?
剧情:
我正在 kubernetes 环境中工作,我们在其中设置了 PROD 和 ITG。 ITG 设置具有多集群环境,而 PROD 设置是单集群环境。
我正在尝试使用 Python 自动执行某些过程,我必须在其中处理 kubeconfig 文件,并且我正在使用 kubernetes 库。
问题:
PROD 的 kubeconfig 文件具有可用的“当前上下文”密钥,但 ITG 的 kubeconfig 文件缺少。
prdconfig:
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://cluster3.url.com:3600
name: cluster-ABC
contexts:
- context:
cluster: cluster-LMN
user: cluster-user
name: cluster-LMN-context
current-context: cluster-LMN-context
kind: Config
preferences: {}
users:
- name: cluster-user
user:
exec:
command: kubectl
apiVersion: <clientauth/version>
args:
- kubectl-custom-plugin
- authenticate
- https://cluster.url.com:8080
- --user=user
- --token=/api/v2/session/xxxx
- --token-expiry=1000000000
- --force-reauth=false
- --insecure-skip-tls-verify=true
itgconfig:
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://cluster1.url.com:3600
name: cluster-ABC
- cluster:
insecure-skip-tls-verify: true
server: https://cluster2.url.com:3601
name: cluster-XYZ
contexts:
- context:
cluster: cluster-ABC
user: cluster-user
name: cluster-ABC-context
- context:
cluster: cluster-XYZ
user: cluster-user
name: cluster-XYZ-context
kind: Config
preferences: {}
users:
- name: cluster-user
user:
exec:
command: kubectl
apiVersion: <clientauth/version>
args:
- kubectl-custom-plugin
- authenticate
- https://cluster.url.com:8080
- --user=user
- --token=/api/v2/session/xxxx
- --token-expiry=1000000000
- --force-reauth=false
- --insecure-skip-tls-verify=true
当我尝试使用 config.load_kube_config(os.path.expanduser('~/.kube/prdconfig')) 为 PROD 加载 kubeconfig 文件时,它起作用了。
当我尝试使用 config.load_kube_config(os.path.expanduser('~/.kube/itgconfig')) 加载 ITG 的 kubeconfig 文件时,我收到以下错误:
ConfigException: Invalid kube-config file. Expected key
current-context in C:\Users<username>/.kube/itgconfig
尽管从错误消息中可以清楚地看出它正在将 kubeconfig 文件视为无效,因为它没有“current-context”键。
次要情节:
使用 kubectl 时,缺少的“当前上下文”没有任何区别,因为我们始终可以在命令中指定上下文。但是 'load_kube_config()' 函数强制要求“当前上下文”可用。
问题:
那么,"current-context" 是 kubeconfig 文件中的强制键吗?
免责声明:
我对 kubernetes 很陌生,使用它的经验很少。
如评论中所述:
如果我们想默认使用 kubeconfig 文件开箱即用,对于使用 kubectl 或 python 脚本的特定集群,我们可以将 kubeconfig 文件中的上下文之一标记为默认通过指定 current-context.
关于 Context 的注释:
A context element in a kubeconfig file is used to group access parameters under a convenient name. Each context has three parameters: cluster, namespace, and user. By default, the kubectl command-line tool uses parameters from the current context to communicate with the cluster.
为了在我们的 kubeconfig 文件中将我们的上下文之一 (f.e.dev-fronted) 标记为默认上下文,请 运行:
kubectl config use-context dev-fronted
Now whenever you run a kubectl command, the action will apply to the cluster, and namespace listed in the dev-frontend context. And the command will use the credentials of the user listed in the dev-frontend context
请看:
determine the context to use based on the first hit in this chain:
Use the --context command-line flag if it exists.
Use the current-context from the merged kubeconfig files.
An empty context is allowed at this point.
determine the cluster and user. At this point, there might or might not be a context. Determine the cluster and user based on the first hit in this chain, which is run twice: once for user and once for cluster:
Use a command-line flag if it exists: --user or --cluster.
If the context is non-empty, take the user or cluster from the context.
The user and cluster can be empty at this point.
每当我们 运行 kubectl 命令没有指定 current-context 时,我们应该提供额外的配置参数来告诉 kubectl 使用哪个配置,在你的例子中它可能是 f.e .:
kubectl --kubeconfig=/your_directory/itgconfig get pods --context cluster-ABC-context
如前所述 - 为了简化此任务,我们可以在 kubeconfig 文件配置中使用配置 current-context:
kubectl config --kubeconfig=c/your_directory/itgconfig use-context cluster-ABC-context
进一步研究脚本生成的错误,我们应该注意到来自 config/kube_config.py:
的错误
config/kube_config.py", line 257, in set_active_context context_name = self._config['current-context']
kubernetes.config.config_exception.ConfigException:: Invalid kube-config file. Expected key current-context in ...
这是一个带有附加 context="cluster-ABC-context" 参数的示例:
from kubernetes import client, config
config.load_kube_config(config_file='/example/data/merged/itgconfig', context="cluster-ABC-context")
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
...
Listing pods with their IPs:
10.200.xxx.xxx kube-system coredns-558bd4d5db-qpzb8
192.168.xxx.xxx kube-system etcd-debian-test
...
附加信息
剧情:
我正在 kubernetes 环境中工作,我们在其中设置了 PROD 和 ITG。 ITG 设置具有多集群环境,而 PROD 设置是单集群环境。 我正在尝试使用 Python 自动执行某些过程,我必须在其中处理 kubeconfig 文件,并且我正在使用 kubernetes 库。
问题:
PROD 的 kubeconfig 文件具有可用的“当前上下文”密钥,但 ITG 的 kubeconfig 文件缺少。
prdconfig:
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://cluster3.url.com:3600
name: cluster-ABC
contexts:
- context:
cluster: cluster-LMN
user: cluster-user
name: cluster-LMN-context
current-context: cluster-LMN-context
kind: Config
preferences: {}
users:
- name: cluster-user
user:
exec:
command: kubectl
apiVersion: <clientauth/version>
args:
- kubectl-custom-plugin
- authenticate
- https://cluster.url.com:8080
- --user=user
- --token=/api/v2/session/xxxx
- --token-expiry=1000000000
- --force-reauth=false
- --insecure-skip-tls-verify=true
itgconfig:
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://cluster1.url.com:3600
name: cluster-ABC
- cluster:
insecure-skip-tls-verify: true
server: https://cluster2.url.com:3601
name: cluster-XYZ
contexts:
- context:
cluster: cluster-ABC
user: cluster-user
name: cluster-ABC-context
- context:
cluster: cluster-XYZ
user: cluster-user
name: cluster-XYZ-context
kind: Config
preferences: {}
users:
- name: cluster-user
user:
exec:
command: kubectl
apiVersion: <clientauth/version>
args:
- kubectl-custom-plugin
- authenticate
- https://cluster.url.com:8080
- --user=user
- --token=/api/v2/session/xxxx
- --token-expiry=1000000000
- --force-reauth=false
- --insecure-skip-tls-verify=true
当我尝试使用 config.load_kube_config(os.path.expanduser('~/.kube/prdconfig')) 为 PROD 加载 kubeconfig 文件时,它起作用了。
当我尝试使用 config.load_kube_config(os.path.expanduser('~/.kube/itgconfig')) 加载 ITG 的 kubeconfig 文件时,我收到以下错误:
ConfigException: Invalid kube-config file. Expected key current-context in C:\Users<username>/.kube/itgconfig
尽管从错误消息中可以清楚地看出它正在将 kubeconfig 文件视为无效,因为它没有“current-context”键。
次要情节:
使用 kubectl 时,缺少的“当前上下文”没有任何区别,因为我们始终可以在命令中指定上下文。但是 'load_kube_config()' 函数强制要求“当前上下文”可用。
问题:
那么,"current-context" 是 kubeconfig 文件中的强制键吗?
免责声明:
我对 kubernetes 很陌生,使用它的经验很少。
如评论中所述:
如果我们想默认使用 kubeconfig 文件开箱即用,对于使用 kubectl 或 python 脚本的特定集群,我们可以将 kubeconfig 文件中的上下文之一标记为默认通过指定 current-context.
关于 Context 的注释:
A
contextelement in a kubeconfig fileis used to group access parametersunder a convenient name. Each context has three parameters: cluster, namespace, and user.By default, the kubectl command-line tool uses parameters from the current context to communicate with the cluster.
为了在我们的 kubeconfig 文件中将我们的上下文之一 (f.e.dev-fronted) 标记为默认上下文,请 运行:
kubectl config use-context dev-fronted
Now whenever you run a kubectl command, the action will apply to the cluster, and namespace listed in the dev-frontend context. And the command will use the credentials of the user listed in the dev-frontend context
请看:
determine the context to use based on the first hit in this chain:
Use the --context command-line flag if it exists. Use the current-context from the merged kubeconfig files.
An empty context is allowed at this point.
determine the cluster and user. At this point, there might or might not be a context. Determine the cluster and user based on the first hit in this chain, which is run twice: once for user and once for cluster:
Use a command-line flag if it exists: --user or --cluster. If the context is non-empty, take the user or cluster from the context.
The user and cluster can be empty at this point.
每当我们 运行 kubectl 命令没有指定 current-context 时,我们应该提供额外的配置参数来告诉 kubectl 使用哪个配置,在你的例子中它可能是 f.e .:
kubectl --kubeconfig=/your_directory/itgconfig get pods --context cluster-ABC-context
如前所述 - 为了简化此任务,我们可以在 kubeconfig 文件配置中使用配置 current-context:
kubectl config --kubeconfig=c/your_directory/itgconfig use-context cluster-ABC-context
进一步研究脚本生成的错误,我们应该注意到来自 config/kube_config.py:
的错误config/kube_config.py", line 257, in set_active_context context_name = self._config['current-context']
kubernetes.config.config_exception.ConfigException:: Invalid kube-config file. Expected key current-context in ...
这是一个带有附加 context="cluster-ABC-context" 参数的示例:
from kubernetes import client, config
config.load_kube_config(config_file='/example/data/merged/itgconfig', context="cluster-ABC-context")
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
...
Listing pods with their IPs:
10.200.xxx.xxx kube-system coredns-558bd4d5db-qpzb8
192.168.xxx.xxx kube-system etcd-debian-test
...
附加信息