urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘172.16.50.134’, port=6443): Max retries exceeded with url: /apis/apps/v1/namespaces/default/deployments/xnginx-deployment (Cause
d by SSLError(SSLCertVerificationError(“hostname ‘172.16.50.134’ doesn’t match either of ‘k8s-master.novalocal’, ‘kubernetes’, ‘kubernetes.default’, ‘kubernetes.default.svc’, ‘kubernetes.d
efault.svc.cluster.local’, ‘10.96.0.1’, ‘192.168.6.22’”)))
筆者使用SSL+Token進行python連接kubernetes(k8s)時出現以上錯誤信息,python連接k8s參考該鏈接:http://www.showerlee.com/archives/2804
以上錯誤的大致意思爲主機名172.16.50.134不匹配其中一個(k8s-master.novalocal’, ‘kubernetes’, ‘kubernetes.default’, ‘kubernetes.default.svc’, 'kubernetes.default.svc.cluster.local)
查看相關連接源碼
assert_hostname默認爲None,需要設置K8s主機名驗證,完整連接代碼如下:
class PodCrud(object):
def __init__(self):
token_file = os.path.join(settings.TOKEN_DIR, 'token')
ca_file = os.path.join(settings.TOKEN_DIR, 'ca.crt')
with open(token_file, 'r') as file:
Token = file.read().strip('\n')
APISERVER = 'https://172.16.50.134:6443'
configuration = client.Configuration()
configuration.host = APISERVER
configuration.verify_ssl = True
configuration.ssl_ca_cert = ca_file
configuration.api_key = {"authorization": "Bearer " + Token}
configuration.assert_hostname = "k8s-master.novalocal"
client.Configuration.set_default(configuration)
self.v1 = client.CoreV1Api()
def get_target_pod(self, name, namespace):
try:
resp = self.v1.read_namespaced_pod(name=name, namespace=namespace)
data = resp.to_dict()
data = json.dumps(data,cls=DateEncoder)
data = json.loads(data)
except ApiException as e:
data = json.loads(e.body)
return data
def main():
pc = PodCrud()
print(pc.get_target_pod(name='xnginx-deployment-649766b884-b8pcz', namespace='default'))
if __name__ == '__main__':
main()