Агент Prefect kubernetes выдает ошибку AuthorizationError при запуске
Я пытаюсь запустить поток префектов в кластере IBM Cloud Kubernetes. Итак, я настраиваю агента Kubernetes. Я вижу ошибки, когда делаю:
kubectl apply -f prefect_agent.yaml
kubectl logs prefect-agent-778f997b7-hnsk2
[2021-12-07 12:34:14,399] INFO - agent | Registering agent...
Traceback (most recent call last):
File "/usr/local/bin/prefect", line 8, in <module>
sys.exit(cli())
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 829, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1259, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/prefect/cli/agent.py", line 331, in start
start_agent(KubernetesAgent, image_pull_secrets=image_pull_secrets, **kwargs)
File "/usr/local/lib/python3.6/site-packages/prefect/cli/agent.py", line 140, in start_agent
agent.start()
File "/usr/local/lib/python3.6/site-packages/prefect/agent/agent.py", line 189, in start
self._setup_api_connection()
File "/usr/local/lib/python3.6/site-packages/prefect/agent/agent.py", line 910, in _setup_api_connection
self.client.attach_headers({"X-PREFECT-AGENT-ID": self._register_agent()})
File "/usr/local/lib/python3.6/site-packages/prefect/agent/agent.py", line 858, in _register_agent
agent_config_id=self.agent_config_id,
File "/usr/local/lib/python3.6/site-packages/prefect/client/client.py", line 2101, in register_agent
tenant_id=self.tenant_id,
File "/usr/local/lib/python3.6/site-packages/prefect/client/client.py", line 329, in tenant_id
self._tenant_id = self._get_auth_tenant()
File "/usr/local/lib/python3.6/site-packages/prefect/client/client.py", line 214, in _get_auth_tenant
response = self.graphql({"query": {"auth_info": "tenant_id"}})
File "/usr/local/lib/python3.6/site-packages/prefect/client/client.py", line 561, in graphql
raise AuthorizationError(result["errors"])
prefect.exceptions.AuthorizationError: [{'path': ['auth_info'], 'message': 'AuthenticationError: Forbidden', 'extensions': {'code': 'UNAUTHENTICATED'}}]
Прикрепите prefect_agent.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: prefect-agent
name: prefect-agent
spec:
replicas: 1
selector:
matchLabels:
app: prefect-agent
template:
metadata:
labels:
app: prefect-agent
spec:
containers:
- args:
- prefect agent kubernetes start
command:
- /bin/bash
- -c
env:
- name: PREFECT__CLOUD__AGENT__AUTH_TOKEN
value: ''
- name: PREFECT__CLOUD__API
value: https://api.prefect.io
- name: NAMESPACE
value: prefect
- name: IMAGE_PULL_SECRETS
value: ''
- name: PREFECT__CLOUD__AGENT__LABELS
value: '["k8s"]'
- name: JOB_MEM_REQUEST
value: ''
- name: JOB_MEM_LIMIT
value: ''
- name: JOB_CPU_REQUEST
value: ''
- name: JOB_CPU_LIMIT
value: ''
- name: IMAGE_PULL_POLICY
value: ''
- name: SERVICE_ACCOUNT_NAME
value: ''
- name: PREFECT__BACKEND
value: cloud
- name: PREFECT__CLOUD__AGENT__AGENT_ADDRESS
value: http://:8080
- name: PREFECT__CLOUD__API_KEY
value: {myapikey}
- name: PREFECT__CLOUD__TENANT_ID
value: ''
image: prefecthq/prefect:0.15.6-python3.6
imagePullPolicy: Always
livenessProbe:
failureThreshold: 2
httpGet:
path: /api/health
port: 8080
initialDelaySeconds: 40
periodSeconds: 40
name: agent
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prefect-agent-rbac
namespace: prefect
rules:
- apiGroups:
- batch
- extensions
resources:
- jobs
verbs:
- '*'
- apiGroups:
- ''
resources:
- events
- pods
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: prefect-agent-rbac
namespace: prefect
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prefect-agent-rbac
subjects:
- kind: ServiceAccount
name: default
Я вижу, как создаются роли и привязки ролей:
(venv) xxxtorage % kubectl get roles
NAME CREATED AT
prefect-agent-rbac 2021-12-07T12:34:57Z
(venv) xxxtorage % kubectl get rolebindings
NAME ROLE AGE
prefect-agent-rbac Role/prefect-agent-rbac 22m
Перед запуском команд я отправил пространство имен по умолчанию в «префект». Я создал пространство имен «префект», чтобы организовать все ресурсы, связанные с префектом.
1 ответ
Я обнаружил, что
- name: PREFECT__CLOUD__API_KEY value: {myapikey}это сгенерировано: https://docs.prefect.io/orchestration/concepts/api.html#authentication
Я использовал ключ API кластера Kubernetes. Таким образом ошибка.