k8s集群由三个master构成,后续新创建virtual-kubelet节点对接openstack zun
# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-m1 Ready master 42h v1.17.0 172.0.2.139 <none> CentOS Linux 7 (Core) 3.10.0-1062.el7.x86_64 docker://19.3.6
k8s-m2 Ready master 42h v1.17.0 172.0.2.146 <none> CentOS Linux 7 (Core) 3.10.0-1062.el7.x86_64 docker://19.3.6
k8s-m3 Ready master 42h v1.17.0 172.0.2.234 <none> CentOS Linux 7 (Core) 3.10.0-1062.el7.x86_64 docker://19.3.6
对接OpenStack Train版本
# cat keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD=keystone
export OS_AUTH_URL=192.168.32.90:5000/v3
export PS1='[u@h W(keystone_admin)]$ 'export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3export OS_PROJECT_ID=d57f7ea9b3b94d9a87321807ec453ca8
export OS_REGION_NAME=RegionOne
export OS_DOMAIN_ID=default
./virtual-kubelet --provider openstack --nodename virtual-kubelet --disable-taint
FATA[0000] Unable to get provider: Post 192.168.32.90:5000/v3/auth/tokens: x509: certificate signed by unknown authority
此问题是因为go http客户端默认设置了双向认证,认为服务端的证书授权有问题,不是正规机构认证的证书
一般内部调试都是自己创建证书
所以,可以将双向认证改为单向认证,即客户端不去认证服务端的证书
#ls virtual-kubelet
func NewZunProvider(config string, rm *manager.ResourceManager, nodeName string, operatingSystem string, daemonEndpointPort int32) (*ZunProvider, error) {
...Provider, err := openstack.AuthenticatedClient(AuthOptions)if err != nil {return nil, fmt.Errorf("Unable to get provider: %s", err)}
# ls gophercloud/
AuthenticatedClient -> NewClient
增加如下代码:
tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true},}p.HTTPClient = http.Client{Transport: tr}
本文发布于:2024-02-03 04:42:29,感谢您对本站的认可!
本文链接:https://www.4u4v.net/it/170690654948720.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
| 留言与评论(共有 0 条评论) |
