kubectl exec上的tls错误

sqserrrh  于 2021-06-21  发布在  Mesos
关注(0)|答案(1)|浏览(316)

我在mesos v1.0.5/go 1.5上使用kubernetes
我面临的问题是kubectl命令返回错误
我按照文档中的示例启动了busybox:
http://kubernetes.io/v1.0/docs/getting-started-guides/mesos.html
'kubectl exec busybox--nslookup kubernetes'[所有exec命令都有相同的错误]
来自服务器的错误:tls:握手未验证证书链的-
我如何解决这个问题,我正在寻找执行结果

--- output for the DEBUG=1
I0914 01:27:30.041603    4183 debugging.go:101] curl -k -v -XGET  -H "User-Agent: kubectl/v1.1.0 (linux/amd64) kubernetes/c28b68d" http://10.25.40.221:8888/api
I0914 01:27:30.044219    4183 debugging.go:120] GET http://10.25.40.221:8888/api 200 OK in 2 milliseconds
I0914 01:27:30.044331    4183 debugging.go:126] Response Headers:
I0914 01:27:30.044357    4183 debugging.go:129]     Content-Type: application/json
I0914 01:27:30.044376    4183 debugging.go:129]     Date: Mon, 14 Sep 2015 08:27:30 GMT
I0914 01:27:30.044393    4183 debugging.go:129]     Content-Length: 32
I0914 01:27:30.044649    4183 request.go:755] Response Body: {
  "versions": [
    "v1"
  ]
}
I0914 01:27:30.045514    4183 debugging.go:101] curl -k -v -XGET  -H "User-Agent: kubectl/v1.1.0 (linux/amd64) kubernetes/c28b68d" http://10.25.40.221:8888/api/v1/namespaces/default/pods/busybox
I0914 01:27:30.048836    4183 debugging.go:120] GET http://10.25.40.221:8888/api/v1/namespaces/default/pods/busybox 200 OK in 3 milliseconds
I0914 01:27:30.048915    4183 debugging.go:126] Response Headers:
I0914 01:27:30.048925    4183 debugging.go:129]     Content-Type: application/json
I0914 01:27:30.048935    4183 debugging.go:129]     Date: Mon, 14 Sep 2015 08:27:30 GMT
I0914 01:27:30.048944    4183 debugging.go:129]     Content-Length: 1630
I0914 01:27:30.049197    4183 request.go:755] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"busybox","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/busybox","uid":"b716427c-5aa1-11e5-8178-74dbd130ddeb","resourceVersion":"2137","creationTimestamp":"2015-09-14T05:30:31Z","annotations":{"k8s.mesosphere.io/bindingHost":"cisomacompute-5137.ccg21.dev.paypalcorp.com","k8s.mesosphere.io/executorId":"e0a3dec3f59d772c_k8sm-executor","k8s.mesosphere.io/offerId":"20150906-214842-3582466314-5050-22021-33","k8s.mesosphere.io/slaveId":"20150904-000208-3481278730-5050-29023-0","k8s.mesosphere.io/taskId":"pod.b75a4917-5aa1-11e5-ae98-74dbd130ddeb"}},"spec":{"containers":[{"name":"busybox","image":"busybox","command":["sleep","3600"],"resources":{},"terminationMessagePath":"/dev/termination-log","imagePullPolicy":"IfNotPresent"}],"restartPolicy":"Always","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","nodeName":"cisomacompute-5137.ccg21.dev.paypalcorp.com"},"status":{"phase":"Running","conditions":[{"type":"Ready","status":"True"}],"hostIP":"10.25.112.243","podIP":"172.17.0.4","startTime":"2015-09-14T05:30:31Z","containerStatuses":[{"name":"busybox","state":{"running":{"startedAt":"2015-09-14T07:30:50Z"}},"lastState":{"terminated":{"exitCode":0,"startedAt":"2015-09-14T06:30:46Z","finishedAt":"2015-09-14T07:30:46Z","containerID":"docker://027ce959e09c9c24af56df3c8c30a70bf878f8fbfe49ac2c998c122b6e90f25a"}},"ready":true,"restartCount":2,"image":"busybox","imageID":"docker://8c2e06607696bd4afb3d03b687e361cc43cf8ec1a4a725bc96e39f05ba97dd55","containerID":"docker://086327d05bf82a5bfa2a3fa3a9e966c3d8628c46e32f850feeddf0d3e1198a94"}]}}
I0914 01:27:30.051189    4183 exec.go:175] defaulting container name to busybox
I0914 01:27:30.132117    4183 helpers.go:117] server response object: [{
  "metadata": {},
  "status": "Failure",`enter code here`
  "message": "tls: handshake did not verify certificate chain",
  "code": 500
}]
F0914 01:27:30.132316    4183 helpers.go:71] Error from server: tls: handshake did not verify certificate chain
ndh0cuux

ndh0cuux1#

我没有看到这个确切的问题,但我有两个建议:
尝试使用Go1.4.2构建,这是我们的ci当前正在使用的。
尝试升级和链接openssl( brew update && brew upgrade openssl && brew link --force openssl )并确保go使用它而不是系统openssl(这是古老的)。
github相关问题:
https://github.com/agl/xmpp-client/issues/94
https://github.com/golang/go/issues/12024
https://github.com/docker/compose/issues/890
https://github.com/homebrew/homebrew-php/issues/1181
如何在mac yosemite上撤消“brew链接--强制openssl”

相关问题