error: the server doesn't have resource type “

2019-06-15 05:28发布

问题:

Admins-MacBook-Pro:~ Harshin$ kubectl cluster-info Kubernetes master is running at http://localhost:8080

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. error: the server doesn't have a resource type "services"

i am following this document

https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html?refid=gs_card

while i am trying to test my configuration in step 11 of configure kubectl for amazon eks

apiVersion: v1
clusters:
- cluster:
    server: ...
    certificate-authority-data: ....
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
        - "token"
        - "-i"
        - "kunjeti"
        # - "-r"
        # - "<role-arn>"
      # env:
        # - name: AWS_PROFILE
        #   value: "<aws-profile>"

回答1:

Change "name: kubernetes" to actual name of your cluster.

Here is what I did to work it through....

1.Enabled verbose to make sure config files are read properly.

kubectl get svc --v=10

2.Modified the file as below:

apiVersion: v1
clusters:
- cluster:
    server: XXXXX
    certificate-authority-data: XXXXX
  name: abc-eks
contexts:
- context:
    cluster: abc-eks
    user: aws
  name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: aws-iam-authenticator
      args:
        - "token"
        - "-i"
        - "abc-eks"
        # - "-r"
        # - "<role-arn>"
      env:
        - name: AWS_PROFILE
          value: "aws"


回答2:

I have faced a similar issue, however this is not a direct solution but workaround. Use AWS cli commands to create cluster rather than console. As per documentation, the user or role which creates cluster will have master access.

aws eks create-cluster --name <cluster name> --role-arn <EKS Service Role> --resources-vpc-config subnetIds=<subnet ids>,securityGroupIds=<security group id>

Make sure that EKS Service Role has IAM access(I have given Full however AssumeRole will do I guess).

The EC2 machine Role should have eks:CreateCluster and IAM access. Worked for me :)



回答3:

I had this issue and found it was caused default key setting in ~/.aws/credentials. We have a few AWS accounts for different customers plus a sandbox account for our own testing and research. So our credentials file looks something like this:

[default]

aws_access_key_id = abc

aws_secret_access_key = xyz

region=us-east-1


[cpproto]

aws_access_key_id = abc

aws_secret_access_key = xyz

region=us-east-1

[sandbox]

aws_access_key_id = abc

aws_secret_access_key = xyz

region=us-east-1

I was messing around our sandbox account but the [default] section was pointing to another account. Once I put the keys for sandbox into the default section the "kubectl get svc" command worked fine.

Seems we need a way to tell aws-iam-authenticator which keys to use same as --profile in the aws cli.



回答4:

I guess you should uncomment "env" item and change your refer to ~/.aws/credentials Because your aws_iam_authenticator requires exact AWS credentials.

Refer this document: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html

To have the AWS IAM Authenticator for Kubernetes always use a specific named AWS credential profile (instead of the default AWS credential provider chain), uncomment the env lines and substitute with the profile name to use.



标签: kubernetes