Centos

安裝和設置 kubectl - Kubernetes

  • March 22, 2019

我正在嘗試關注Install and Set Up kubectl - Kubernetes,但不斷收到錯誤消息:

# yum --quiet install kubectl
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.



One of the configured repositories failed (Kubernetes),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

    1. Contact the upstream for the repository and get them to fix the problem.

    2. Reconfigure the baseurl/etc. for the repository, to point to a working
       upstream. This is most often useful if you are using a newer
       distribution release than is supported by the repository (and the
       packages for the previous distribution release still work).

    3. Run the command with the repository temporarily disabled
           yum --disablerepo=kubernetes ...

    4. Disable the repository permanently, so yum won't use it by default. Yum
       will then just ignore the repository until you permanently enable it
       again or use --enablerepo for temporary usage:

           yum-config-manager --disable kubernetes
       or
           subscription-manager repos --disable=kubernetes

    5. Configure the failing repository to be skipped, if it is unavailable.
       Note that yum will try to contact the repo. when it runs most commands,
       so will have to try and fail each time (and thus. yum will be be much
       slower). If it is a very temporary problem though, this is often a nice
       compromise:

           yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true

failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
# 

我還嘗試使用curl訪問相同的 URL 並得到以下資訊:

# curl https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
# 

有沒有辦法以-k/--insecure某種方式在 yum 的 repo 文件中使用?

請指教。

看起來您有某種代理可以攔截您的 tls 連接。

但是,可以繞過 yum 中的證書檢查,您可以將此行放在 Kubernetes 儲存庫配置中:

ssl驗證 = 0

希望能幫助到你。

從文件中刪除這兩行kubernetes.repo

gpgcheck=1
repo_gpgcheck=1

它對我有用。這些在下載後驗證包簽名。

引用自:https://serverfault.com/questions/932387