使用Ansible行动手册创建Kubernetes资源时需要授权

vlf7wbxs  于 2023-01-08  发布在  Kubernetes
关注(0)|答案(1)|浏览(125)

我创建了一个Ansible行动手册来创建部署和服务:

---
- hosts: master
  user: ubuntu

  tasks:
    - name: check version
      command: kubectl version

    - name: create deployment
      command: kubectl apply -f abc-deployment.yml

      args:
        chdir: /project/abc-technologies/kubernetes-files

    - name: create service
      command: kubectl apply -f abc-service.yml

      args:
        chdir: /project/abc-technologies/kubernetes-files

    - name: update deployment if pods updated in container repository
      command: kubectl rollout restart deployment.apps/abc-deploy

运行时,我得到了以下错误:

TASK [Gathering Facts] *********************************************************
[DEPRECATION WARNING]: Distribution ubuntu 18.04 on host 172.31.0.85 should use
 /usr/bin/python3, but is using /usr/bin/python for backward compatibility with
 prior Ansible releases. A future Ansible release will default to using the 
discovered platform python for this host. See https://docs.ansible.com/ansible/
2.9/reference_appendices/interpreter_discovery.html for more information. This 
feature will be removed in version 2.12. Deprecation warnings can be disabled 
by setting deprecation_warnings=False in ansible.cfg.
ok: [172.31.0.85]

TASK [check version] ***********************************************************
fatal: [172.31.0.85]: FAILED! => {"changed": true, "cmd": ["kubectl", "version"], "delta": "0:00:04.594314", "end": "2023-01-05 19:34:16.947789", "msg": "non-zero return code", "rc": 1, "start": "2023-01-05 19:34:12.353475", "stderr": "Error from server (Forbidden): <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fversion%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>\n\n\nAuthentication required\n<!--\n-->\n\n</body></html>", "stderr_lines": ["Error from server (Forbidden): <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fversion%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>", "", "", "Authentication required", "<!--", "-->", "", "</body></html>"], "stdout": "Client Version: version.Info{Major:\"1\", Minor:\"18\", GitVersion:\"v1.18.3\", GitCommit:\"2e7996e3e2712684bc73f0dec0200d64eec7fe40\", GitTreeState:\"clean\", BuildDate:\"2020-05-20T12:52:00Z\", GoVersion:\"go1.13.9\", Compiler:\"gc\", Platform:\"linux/amd64\"}", "stdout_lines": ["Client Version: version.Info{Major:\"1\", Minor:\"18\", GitVersion:\"v1.18.3\", GitCommit:\"2e7996e3e2712684bc73f0dec0200d64eec7fe40\", GitTreeState:\"clean\", BuildDate:\"2020-05-20T12:52:00Z\", GoVersion:\"go1.13.9\", Compiler:\"gc\", Platform:\"linux/amd64\"}"]}

PLAY RECAP *********************************************************************
172.31.0.85                : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

另外请注意,我可以以用户“ubuntu”的身份在终端上运行kubectl命令,但是当使用ansible playbook运行时,我会遇到上面提到的错误。
我尝试以ubuntu用户身份在终端上运行kubectl命令,还尝试在playbook上提升权限,但得到了相同的错误

nhn9ugyo

nhn9ugyo1#

我已经找到了解决方案,我必须使用--kubeconfig标志显式地为剧本中的每个命令指定配置文件。

---
    - hosts: master
      #  become: true
      user: ubuntu
    
      tasks:
        - name: check version
          command: kubectl --kubeconfig /home/ubuntu/.kube/admin.conf version
    
        - name: create deployment
          command: kubectl --kubeconfig /home/ubuntu/.kube/admin.conf apply -f abc-deployment.yaml
    
          args:
            chdir: /project/abc-technologies/kubernetes-files
    
        - name: create service
          command: kubectl --kubeconfig /home/ubuntu/.kube/admin.conf apply -f abc-service.yaml
    
          args:
            chdir: /project/abc-technologies/kubernetes-files
    
        - name: update deployment if pods updated in container repository
          command: kubectl --kubeconfig /home/ubuntu/.kube/admin.conf rollout restart deployment.apps/abc-deploy

相关问题