我已经设置了启用了“私有访问”的EKS cluser,并在同一VPC中设置了一个实例以与EKS通信。问题是,如果我启用了“公共访问”,则可以访问api端点。但是,如果我禁用了公共访问权限并启用了私有访问权限,则无法访问api端点。
启用私有访问后:
kubectl get svc
Unable to connect to the server: dial tcp: lookup randomstring.region.eks.amazonaws.com on 127.0.0.53:53: no such host
启用公共访问后:
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 57m
我已经使用集群AWS控制台创建的EKS,同时创造我用我的预创建的VPC和子网的集群中,我创建了一个角色eks-role,其具有AmazonEKSClusterPolicy与AmazonEKSServicePolicy连接到它。
我已kubeconfig使用以下文件添加了文件:
aws eks update-kubeconfig --name eks-cluster --role-arn "arn:aws:iam::############:role/eks-role"
当我使用kubectl get svc命令时,出现以下错误:
调用AssumeRole操作时发生错误(AccessDenied):访问被拒绝
我不知道这可能是什么问题。
在我的用户中,我添加了以下策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::############:role/eks-role"
}
]
}
在角色中,我添加了信任关系:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::############:user/test"
},
"Action": "sts:AssumeRole"
}
]
}
我的~/.aws/credentials文件如下所示:
**[default]**
aws_access_key_id = ##############
aws_secret_access_key = #############################
region=us-west-1
**[test]**
aws_access_key_id = ###########
aws_secret_access_key = #############################
region=ap-southeast-1 …在kubectl和kubernetes配置的世界中,上下文和集群之间有什么区别?例如,我看到以下命令:
Available Commands:
current-context Displays the current-context
delete-cluster Delete the specified cluster from the kubeconfig
delete-context Delete the specified context from the kubeconfig
get-clusters Display clusters defined in the kubeconfig
get-contexts Describe one or many contexts
rename-context Renames a context from the kubeconfig file.
set Sets an individual value in a kubeconfig file
set-cluster Sets a cluster entry in kubeconfig
set-context Sets a context entry in kubeconfig
在.kube / config中,我看到:
- context:
cluster: arn:aws:eks:us-west-2:91XXXXXXX71:cluster/ignitecluster
namespace: ignite
user: arn:aws:eks:us-west-2:91XXXXXXX71:cluster/ignitecluster
name: arn:aws:eks:us-west-2: …我尝试了以下命令:
kubectl logs --tail
我收到此错误/帮助输出:
Error: flag needs an argument: --tail
Aliases:
logs, log
Examples:
# Return snapshot logs from pod nginx with only one container
kubectl logs nginx
# Return snapshot logs for the pods defined by label app=nginx
kubectl logs -lapp=nginx
# Return snapshot of previous terminated ruby container logs from pod web-1
kubectl logs -p -c ruby web-1
# Begin streaming the logs of the ruby container in pod web-1
kubectl logs -f -c ruby web-1
# …Say we have a simple deployment.yml file:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: ikg-api-demo
name: ikg-api-demo
spec:
selector:
matchLabels:
app: ikg-api-demo
replicas: 3
template:
metadata:
labels:
app: ikg-api-demo
spec:
containers:
- name: ikg-api-demo
imagePullPolicy: Always
image: 913xxx371.dkr.ecr.us-west-2.amazonaws.com/main_api:c56cefbd0c81142558cf814cba7d7cd75d7cb6a7
ports:
- containerPort: 80
the problem is that this image/container depends on another image/container - it needs to cp data from the other image, or use some shared volume.
How can I tell kubernetes to download another image, run it as a container, …