我在DigitalOcean上托管的coreOs集群上使用KUbernetes.并使用此 repo进行设置.我使用以下行启动apiserver:
/opt/bin/kube-apiserver --runtime-config=api/v1 --allow-privileged=true \
--insecure-bind-address=0.0.0.0 --insecure-port=8080 \
--secure-port=6443 --etcd-servers=http://127.0.0.1:2379 \
--logtostderr=true --advertise-address=${COREOS_PRIVATE_IPV4} \
--service-cluster-ip-range=10.100.0.0/16 --bind-address=0.0.0.0
问题是它接受任何人的请求!我希望能够提供简单的用户/密码身份验证.我一直在读这个和这个似乎我必须做类似下面的事情,但是我不能长时间地关闭集群,所以我需要你的帮助这个.Btw,mt pods不要创建另一个pod,所以我只需要一些用户,比如1/2 for devs和1 for CI.
我正在考虑做一些类似于包括授权模式和授权策略文件标志的东西,因为它似乎需要并使insecure-bind-address localhost使其仅在本地可用.我错过了什么?
/opt/bin/kube-apiserver --runtime-config=api/v1 --allow-privileged=true \
--authorization-mode=ABAC --authorization-policy-file=/access.json \
--insecure-bind-address=127.0.0.1 --insecure-port=8080 \
--secure-port=6443 --etcd-servers=http://127.0.0.1:2379 \
--logtostderr=true --advertise-address=${COREOS_PRIVATE_IPV4} \
--service-cluster-ip-range=10.100.0.0/16 --bind-address=0.0.0.0
{"user":"admin"}
{"user":"wercker"}
{"user":"dev1"}
{"user":"dev2"}
但是密码在哪里?如何使用kubectl和curl或httpie实际发出请求?
我已经在我的kubernetes api-server上实现了基本身份验证,现在我尝试以./kube/config一种我可以简单运行的方式配置我的文件,kubectl get pods
kubectl config set-cluster digitalocean \
--server=https://SERVER:6443 \
--insecure-skip-tls-verify=true \
--api-version="v1"
kubectl config set-context digitalocean --cluster=digitalocean --user=admin
kubectl config set-credentials admin --password="PASSWORD"
kubectl config use-context digitalocean
但现在,它要求两次凭证:
dev@desktop: ~/code/go/src/bitbucket.org/cescoferraro
$ kubectl get pods
Please enter Username: admin
enter Password: PASSWORD
Please enter Username: admin
Please enter Password: PASSWORD
NAME READY STATUS RESTARTS AGE
或者我需要传递旗帜
kubectl get pods --username=admin --password=PASSWORD
这是默认行为吗?我希望我的配置能够了解我.我能做什么?
我使用tmuxinator生成一个tmux窗口,该窗口监视一些kubectl命令的输出,例如:
watch -n 5 kubectl get pods/rc/svc/pv/pvc
但是有时候Kubectl的输出变得太宽,即滚动更新后的选择器列,我不想在我的设置中显示它。我该如何单独使用kubectl?
awk或cut也可以完成这项工作,但是我无法在不失去表格格式的情况下找到解决方法。
我在事件网格上发送事件。我可以看到他们到达了蔚蓝的仪表板
NomeEmailChange yay = new NomeEmailChange
{
Nome = "cesco",
Email = "cesco"
};
var primaryTopicKey = _config["EventGridConfig:AcessKey"];
var primaryTopic = _config["EventGridConfig:Endpoint"];
var primaryTopicHostname = new Uri(primaryTopic).Host;
var topicCredentials = new TopicCredentials(primaryTopicKey);
var client = new EventGridClient(topicCredentials);
var id = Guid.NewGuid().ToString();
var hey = new List<EventGridEvent>
{
new EventGridEvent()
{
Id = id,
EventType = "cesco-cesco",
Data = (yay),
EventTime = DateTime.Now,
Subject = "MS_Clientes",
DataVersion = "1.0",
}
};
;
client.PublishEventsAsync(primaryTopicHostname, hey);
然后我创建了一个事件网格订阅。我可以确认到达事件网格订阅的事件网格消息。
在另一个项目中,我订阅了如下所示的服务总线。它适用于使用直接发送到总线的消息。
public static IServiceCollection AddBus(this IServiceCollection …我一直在使用kubernetes一段时间了.
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"3", GitVersion:"v1.3.0+2831379", GitCommit:"283137936a
498aed572ee22af6774b6fb6e9fd94", GitTreeState:"not a git tree", BuildDate:"2016-07-05T15:40:25Z", GoV
ersion:"go1.6.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"2", GitVersion:"v1.2.0", GitCommit:"5cb86ee022267586db
386f62781338b0483733b3", GitTreeState:"clean", BuildDate:"", GoVersion:"", Compiler:"", Platform:""}
我通常为每个项目设置一个Ingress,Service和Replication Controller.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: portifolio
name: portifolio-ingress
spec:
rules:
- host: www.cescoferraro.xyz
http:
paths:
- path: /
backend:
serviceName: portifolio
servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
namespace: portifolio
name: portifolio
labels:
name: portifolio
spec:
selector:
name: portifolio
ports:
- name: web
port: …我得到了这个测试
func (t *DeviceTests) CreatePublicDevice() {
registerRegularDevice := tester.TableTest{
Method: "POST",
Path: "/iot/devices",
Status: http.StatusOK,
Name: "CreatePublicDevice",
Description: "register Regular Device has to return 200",
Body: PublicDevice,
}
resp := registerRegularDevice.DoubleSpin(t.Test)
log.Println(resp.(types.Device).ID)
}
我想将其保存在一个单独的包中,以便我可以在不同的项目中重用。
func (test TableTest) DoubleSpin(t *testing.T) interface{} {
actualBody := test.innnerSpin(t)
log.Print(string(actualBody))
thetype := reflect.TypeOf(test.Body)
log.Println(thetype)
receivedev := reflect.Zero(thetype)
err := json.Unmarshal(actualBody, receivedev.Interface())
assert.NoError(t, err)
log.Println(receivedev)
return receivedev.Interface()
}
日志说:
2016/11/06 16:54:01 {"id":"581f7c49b2c79a543c627474","hostname":"Shriekersolar","alias":"my PublicDevice","channels":8,"owner":"public","location":{}}
2016/11/06 16:54:01 types.Device
2016/11/06 16:54:01 {ObjectIdHex("") 0 map[]}
2016/11/06 16:54:01 ObjectIdHex("")
设备看起来像:
type …我正在将一个巨大的云集群从 AWS 迁移到 GKE。但是我在使用 Docker Hub 进行身份验证时遇到问题,我不断收到
Failed to pull image "myorg/mycontainer": rpc error: code = Unknown desc = Error response from daemon: repository myorg/mycontainer not found: does not exist or no pull access
似乎最近使用 docker 对 gcloud 进行身份验证的方式发生了变化,那么正确的方法是什么?
如何使用Go获取自己的ssh指纹?
Finger, err := ssh.**
log.Println(Finger)
// 12:f8:7e:78:61:b4:bf:e2:de:24:15:96:4e:d4:72:53
kubernetes ×4
coreos ×3
go ×2
.net ×1
azure ×1
containers ×1
docker ×1
dockerhub ×1
reflection ×1
ssh ×1
tdd ×1
testing ×1