You need to enable JavaScript to run this app.
导航
分布式云原生平台
  • 文档首页
    • /
  • 分布式云原生平台

腾讯云 TKE 集群查看部分资源报错 “OtherError:HTTP request failed”,该如何处理?

最近更新时间2023.10.30 15:47:57

首次发布时间2023.10.30 15:47:57

我的收藏

问题现象

通过直连连接方式注册腾讯云 TKE 集群到分布式云原生平台,但查看部分资源报错 “OtherError:HTTP request failed”,查看日志显示 shuttle IP 不通。

原因分析

腾讯云 TKE 集群的身份伪装功能,导致分布式云原生平台与腾讯云 TKE 集群访问不通。

解决方案

  1. 从 Kubeconfig 中获取客户端证书的client-certificate-data,示例如下:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURERENDQWZTZ0F3SUJBZ0lJUEJhWVAwa1IwUjB3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBM01UTXhNekExTWpKYUZ3MDBNekEzTVRNeE16QTFNakphTURZeApFakFRQmdOVkJBb1RDWFJyWlRwMWMyVnljekVnTUI0R0ExVUVBeE1YTVRBd01ESTRPVEUxTVRJMUxURTJPRGt5Ck5UTTFNakl3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFQyZUJWTHpyUzk3VkkKQnljcmlqWFlZZmVFNXRrQmU5MEViQXJuMmlJUUVyZkh6YlJzWVlndyt6ZitrRTdnODZOV1NvRERNcm5hQU9ESwpQeFlHbm83OGJQVEcwb05mazFDeE9IOFF1ZXFOanM5cEpONjFrUzRPRTBQQ1NhTkdjZXBjRUFJd0xRY2JmL1pyCndrM0NlUzE1VjNjemVwOGdUUmNGRUVPZDRISHVFVkpvdlp1Q0ttMlVBWGZkN1JLek9lTjBLLzF5QmJXaVBlVXEKMlJBVWVXZnJPeFM3UjFJaFVNbzhnTTZzN1NHWWZYdGFUN0prQWMraExxWjdWcTJMZ1FXU3lBWTBrSElrd2ZHVgpVY0w0Yll4eWJGYnVHL1Y5NC9ZLytIRnd5MG9uR3VHSTU1QjQ3K1JKcE5obnNuUXJZZUJsVVVCbHlxMElPUmg0CkV3bzhxcHp2QWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUNoREFkQmdOVkhTVUVGakFVQmdnckJnRUYKQlFjREFnWUlLd1lCQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpPdDJjL2g4S1E1b2U0UndMK05pVFNMWlZTWitzKzFCV0RvenMrbXJSTUJDWnl6cGpsYkVZN2FoSnkrVXBhb2lrCndMcUZVK0FPY1pzaEYxak9uY3hXSytLTWtzY1cwcVVJZVBKTUxNNlNxR3pyRzE1YUtpL1lha1kvMzgydDFiSlkKTWdYbDFPbE00bEptZUZWcE5nNGhtM0lHd2xXMWgvVkNqRVpUQ3lNWnNZcTNORzFZRHlmSy9zTVowM2xJOFpFRAovNFEyMlUzRk42bW9zc1NKNnN5QkZETWNSdXpPNXlLVmQ0ZDc1cjVTVGVrdmluT0VLZXpjOFhWOFIwdUtEd1dOClFjZkxlNEt6REs4dzZuVU1xSkxSeXcxUmJnd1lEei9hWUs2VHB5OVNvZFNUNDNsQW1jZXRYV0tuTFE5VTlhM04KY2QxMi9BanNlaVo0OGduWURGMm1Ddz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
  1. 使用 base64 解码工具,将client-certificate-data进行 base64 解码,并保存在tke.crt文件中,示例如下:
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIIPBaYP0kR0R0wDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE
AxMKa3ViZXJuZXRlczAeFw0yMzA3MTMxMzA1MjJaFw00MzA3MTMxMzA1MjJaMDYx
EjAQBgNVBAoTCXRrZTp1c2VyczEgMB4GA1UEAxMXMTAwMDI4OTE1MTI1LTE2ODky
NTM1MjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT2eBVLzrS97VI
BycrijXYYfeE5tkBe90EbArn2iIQErfHzbRsYYgw+zf+kE7g86NWSoDDMrnaAODK
PxYGno78bPTG0oNfk1CxOH8QueqNjs9pJN61kS4OE0PCSaNGcepcEAIwLQcbf/Zr
wk3CeS15V3czep8gTRcFEEOd4HHuEVJovZuCKm2UAXfd7RKzOeN0K/1yBbWiPeUq
2RAUeWfrOxS7R1IhUMo8gM6s7SGYfXtaT7JkAc+hLqZ7Vq2LgQWSyAY0kHIkwfGV
UcL4bYxybFbuG/V94/Y/+HFwy0onGuGI55B47+RJpNhnsnQrYeBlUUBlyq0IORh4
Ewo8qpzvAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEF
BQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
Ot2c/h8KQ5oe4RwL+NiTSLZVSZ+s+1BWDozs+mrRMBCZyzpjlbEY7ahJy+Upaoik
wLqFU+AOcZshF1jOncxWK+KMkscW0qUIePJMLM6SqGzrG15aKi/YakY/382t1bJY
MgXl1OlM4lJmeFVpNg4hm3IGwlW1h/VCjEZTCyMZsYq3NG1YDyfK/sMZ03lI8ZED
/4Q22U3FN6mossSJ6syBFDMcRuzO5yKVd4d75r5STekvinOEKezc8XV8R0uKDwWN
QcfLe4KzDK8w6nUMqJLRyw1RbgwYDz/aYK6Tpy9SodST43lAmcetXWKnLQ9U9a3N
cd12/AjseiZ48gnYDF2mCw==
-----END CERTIFICATE-----
  1. 使用 openssl x509 解析获取 CN,示例如下:
[localhost]> openssl x509 -in tke.crt -noout -subject    # openssl x509 解析命令
subject= /0=tke:users/CN=100028915125-1689253522        # 回显结果,获取 CN 序列为 100028915125-1689253522
  1. 执行命令kubectl edit deployment kubernetes-proxy更新 Kubernetes-proxy , 添加如下参数即可。
--trusted-impersonation-users=<CN>