无法为 Rancher kubernetes 集群添加 ArgoCD 的集群配置

2024-6-2 • tag-icon

无法为 Rancher kubernetes 集群添加 ArgoCD 的集群配置

我曾尝试在 ArgoCD 中添加 Rancher kubernetes 集群，但从 ArgoCD CLI 收到以下错误：

./argocd-linux-amd64 cluster add test01 --server=localhost:8080 --insecure
WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `test01` with full cluster level privileges. Do you want to continue [y/N]? y
INFO[0001] ServiceAccount "argocd-manager" already exists in namespace "kube-system"
INFO[0001] ClusterRole "argocd-manager-role" updated
INFO[0001] ClusterRoleBinding "argocd-manager-role-binding" updated
FATA[0002] rpc error: code = Unauthenticated desc = the server has asked for the client to provide credentials

这是我的 kube 配置：

apiVersion: v1
kind: Config
clusters:
- name: "test01"
  cluster:
    server: "https://192.168.1.11/k8s/clusters/c-m-lfrjf4s5"
    certificate-authority-data: ...

users:
- name: "test01"
  user:
    token: "kubeconfig-user-kpwhv778s7:REDACTED"


contexts:
- name: "test01"
  context:
    user: "test01"
    cluster: "test01"

current-context: "test01"

ArgoCD 本身在集群中运行，而 Rancher 似乎需要为集群 URL 使用不同的证书https://kubernetes.default.svc和 https://rancher-ip/k8s/clusters/cluster-name。

我无法在 ArgoCD 中看到集群。

我的声明性秘密配置如下所示：

apiVersion: v1
kind: Secret
metadata:
  name: test01
  labels:
    argocd.argoproj.io/secret-type: cluster
type: Opaque
stringData:
  name: test01
  server: "https://192.168.1.11/k8s/clusters/c-m-lfrjf4s5"
  config: |
    {
      bearerToken: "kubeconfig-user-kpwhv778s7:REDACTED"
      "tlsClientConfig": {
        "insecure": true,
        "caData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ2RENDQVdPZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQkdNUnd3R2dZRFZRUUtFeE5rZVc1aGJXbGoKYkdsemRHVnVaWEl0YjNKbk1TWXdKQVlEVlFRRERCMWtlVzVoYldsamJHbHpkR1Z1WlhJdFkyRkFNVFkzTURNNQpOakUwT1RBZUZ3MHlNakV5TURjd05qVTFORGxhRncwek1qRXlNRFF3TmpVMU5EbGFNRVl4SERBYUJnTlZCQW9UCkUyUjVibUZ0YVdOc2FYTjBaVzVsY2kxdmNtY3hKakFrQmdOVkJBTU1IV1I1Ym1GdGFXTnNhWE4wWlc1bGNpMWoKWVVBeE5qY3dNemsyTVRRNU1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRWhobVVwb2VlNjlNYgpmeEhKTnVwcFhFWDJLRDR4K1Z0TG9jLzRiUjduTmNZNTVTQmwyNytpd0VOM1FIMzdoS1o1VnR3dU0rclg1S0tMCnEvTDQzQVhqZHFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWUQKVlIwT0JCWUVGSTF0UjdBbVZtdGExM2didEFEUGtnQXVSOS9iTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUVSbApnSjA3V282NWhKclZPelo1REw3Y1VQSlpWUFhYNHlsQ0hGRWRoNlZyQWlBWVVrSy93SnNITjFaYW9zSnRwTDNJCjVHblNMYnozUEI5K2YzaUNOUVJVZHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
      }
    }

我正在使用隧道访问 ArgoCD kubectl port-forward。

我究竟做错了什么？

相关内容