kubernetes SSLError

邱秋 • 2024年05月10日 • 阅读:22 • k8s kubernetes

调用 kubernetes api 报错 SSLError, 这个错误很明显, 证书错误.

from kubernetes import client, config
from kubernetes.client.rest import ApiException

config.load_kube_config_from_dict(conf) 
# config.load_kube_config(config_path)

v1 = client.AppsV1Api()

解决方式: 加上sa 证书 , 在rancher Global 里找到证书. 搞下来.配置上去 , 像这样

from kubernetes import client
from kubernetes.client import Configuration, ApiClient

config = Configuration()
config.api_key = {'authorization': 'Bearer <api_key>'}
config.host = 'https://my-kubernetes-cluster'
config.ssl_ca_cert = "/path/to/ca_chain.crt"

api_client = ApiClient(configuration=config)
v1 = client.CoreV1Api(api_client)

v1.list_pod_for_all_namespaces(watch=False)

你也可以直接修改 k8s 配置 ,像这样 ~/.kube/config

apiVersion: v1
clusters:
- cluster:
    api-version: v1
    certificate-authority: /path/to/ca_chain.crt
    server: "https://my-kubernetes-cluster"
    ...

当然还可关掉 SSL , 跳过验证(不推荐,因为它违背了 SSL 的目的),像这样

from kubernetes import client, config
from kubernetes.client.rest import ApiException

config.load_kube_config_from_dict(conf) 
# config.load_kube_config(config_path)

v1 = client.AppsV1Api()
v1.api_client.configuration.verify_ssl = False

我,秦始皇,打钱!