Centos
安裝和設置 kubectl - Kubernetes
我正在嘗試關注Install and Set Up kubectl - Kubernetes,但不斷收到錯誤消息:
# yum --quiet install kubectl https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." Trying other mirror. It was impossible to connect to the CentOS servers. This could mean a connectivity issue in your environment, such as the requirement to configure a proxy, or a transparent proxy that tampers with TLS security, or an incorrect system clock. You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors If above article doesn't help to resolve this issue please use https://bugs.centos.org/. One of the configured repositories failed (Kubernetes), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=kubernetes ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable kubernetes or subscription-manager repos --disable=kubernetes 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try. https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." #我還嘗試使用
curl訪問相同的 URL 並得到以下資訊:# curl https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. #有沒有辦法以
-k/--insecure某種方式在 yum 的 repo 文件中使用?請指教。
看起來您有某種代理可以攔截您的 tls 連接。
但是,可以繞過 yum 中的證書檢查,您可以將此行放在 Kubernetes 儲存庫配置中:
ssl驗證 = 0
希望能幫助到你。
從文件中刪除這兩行
kubernetes.repo:gpgcheck=1 repo_gpgcheck=1它對我有用。這些在下載後驗證包簽名。