个人中心
gpt4 book ai didi

kubernetes - 从 Ansible 剧本运行 k8s_exec 导致握手状态 403 Forbidden 错误

转载 作者:行者123 更新时间:2023-12-02 11:32:09 25 4
gpt4 key购买 nike

我需要能够通过 Ansible 剧本在我的容器内执行一些 shell 脚本。 Ansible play 在我的集群中的另一个容器中运行。集群在 RedHat OpenShift 4.3 中。

我正在使用 community.kubernetes 中的 k8s_exec 来执行此操作:

- name: k8s_exec Execute {{ script }} {{ script_args }} command in pod {{ the_pod }} 
  k8s_exec:
    namespace: "{{ meta.name }}"
    pod: "{{ the_pod }}"
    command: "{{ script }} {{ script_args }}" 
  register: call_result
  when: the_pod is defined

- name: The result of running {{ script }} {{ script_args }} in {{ the_pod }} 
  debug:
    var: call_result

但我得到以下信息:

--------------------------- Ansible Task StdOut -------------------------------

 TASK [The result of running /elm/server/containerState.sh setup in ibmjazz-jts-854b4dd7bc-ptdgw] ******************************** 
 [0;32mok: [localhost] => { [0m
 [0;32m    "call_result": { [0m
 [0;32m        "changed": false, [0m
 [0;32m        "exception": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 254, in websocket_call\n    client = WSClient(configuration, get_websocket_url(url), headers)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 77, in __init__\n    self.sock.connect(url, header=header)\n  File \"/usr/local/lib/python3.6/site-packages/websocket/_core.py\", line 226, in connect\n    self.handshake_response = handshake(self.sock, *addrs, **options)\n  File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 80, in handshake\n    status, resp = _get_resp_headers(sock)\n  File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 165, in _get_resp_headers\n    raise WebSocketBadStatusException(\"Handshake status %d %s\", status, status_message, resp_headers)\nwebsocket._exceptions.WebSocketBadStatusException: Handshake status 403 Forbidden\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.community.kubernetes.plugins.modules.k8s_exec', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 148, in <module>\n  File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 135, in main\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 36, in stream\n    return func(*args, **kwargs)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 835, in connect_get_namespaced_pod_exec\n    (data) = self.connect_get_namespaced_pod_exec_with_http_info(name, namespace, **kwargs)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 935, in connect_get_namespaced_pod_exec_with_http_info\n    collection_formats=collection_formats)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 344, in call_api\n    _return_http_data_only, collection_formats, _preload_content, _request_timeout)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 178, in __call_api\n    _request_timeout=_request_timeout)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 31, in _intercept_request_call\n    return ws_client.websocket_call(config, *args, **kwargs)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 260, in websocket_call\n    raise ApiException(status=0, reason=str(e))\nkubernetes.client.rest.ApiException: (0)\nReason: Handshake status 403 Forbidden\n\n", [0m
 [0;32m        "failed": true, [0m
 [0;32m        "module_stderr": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 254, in websocket_call\n    client = WSClient(configuration, get_websocket_url(url), headers)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 77, in __init__\n    self.sock.connect(url, header=header)\n  File \"/usr/local/lib/python3.6/site-packages/websocket/_core.py\", line 226, in connect\n    self.handshake_response = handshake(self.sock, *addrs, **options)\n  File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 80, in handshake\n    status, resp = _get_resp_headers(sock)\n  File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 165, in _get_resp_headers\n    raise WebSocketBadStatusException(\"Handshake status %d %s\", status, status_message, resp_headers)\nwebsocket._exceptions.WebSocketBadStatusException: Handshake status 403 Forbidden\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 94, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 40, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.community.kubernetes.plugins.modules.k8s_exec', init_globals=None, run_name='__main__', alter_sys=True)\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n    return _run_module_code(code, init_globals, run_name, mod_spec)\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n    mod_name, mod_spec, pkg_name, script_name)\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n    exec(code, run_globals)\n  File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 148, in <module>\n  File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 135, in main\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 36, in stream\n    return func(*args, **kwargs)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 835, in connect_get_namespaced_pod_exec\n    (data) = self.connect_get_namespaced_pod_exec_with_http_info(name, namespace, **kwargs)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 935, in connect_get_namespaced_pod_exec_with_http_info\n    collection_formats=collection_formats)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 344, in call_api\n    _return_http_data_only, collection_formats, _preload_content, _request_timeout)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 178, in __call_api\n    _request_timeout=_request_timeout)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 31, in _intercept_request_call\n    return ws_client.websocket_call(config, *args, **kwargs)\n  File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 260, in websocket_call\n    raise ApiException(status=0, reason=str(e))\nkubernetes.client.rest.ApiException: (0)\nReason: Handshake status 403 Forbidden\n\n", [0m
 [0;32m        "module_stdout": "", [0m
 [0;32m        "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", [0m
 [0;32m        "rc": 1 [0m
 [0;32m    } [0m
 [0;32m} [0m
 [0;32m [

该角色拥有 pods/exec 的所有正确权限(动词:创建、获取)。我添加了第二个明确的 apiGroups 权限 block ;最初它只是第一个。不过没有任何区别。

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: null
  name: my-operator
rules:
- apiGroups:
  - "*"
  resources:
  - "*"
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - pods
  - pods/exec
  - pods/log
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch

我错过了什么?

提前致谢

亚历克斯

最佳答案

我发现了问题,{{ meta.name }} 的值有错字。

关于kubernetes - 从 Ansible 剧本运行 k8s_exec 导致握手状态 403 Forbidden 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62160435/

25 4 0
文章推荐: Kubernetes AntiAffinity - 限制每个节点的相同 Pod 的最大数量
文章推荐: java - 自定义 CellFactory 添加新节点
文章推荐: java - Spinner 无法与 Firestore 的 document.getId 配合良好
文章推荐: spring - Nginx HTTPS-> HTTP 使用 Spring 获取 403 "SSL required"错误
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com