# python
Python 2.7.5 (default, Nov 6 2016, 00:28:07)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-11)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from kubernetes import client, config
>>> core_v1 = client.CoreV1Api()
>>> config.load_incluster_config()
>>> core_v1.list_node()
2017-06-14 13:52:41,486 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x36c0e50>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/nodes
2017-06-14 13:52:41,487 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x36b5b50>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/nodes
2017-06-14 13:52:41,487 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x36b5c90>: Failed to establish a new connection: [Errno 111] Connection refused',)': /api/v1/nodes
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "build/bdist.linux-x86_64/egg/kubernetes/client/apis/core_v1_api.py", line 13284, in list_node
File "build/bdist.linux-x86_64/egg/kubernetes/client/apis/core_v1_api.py", line 13377, in list_node_with_http_info
File "build/bdist.linux-x86_64/egg/kubernetes/client/api_client.py", line 329, in call_api
File "build/bdist.linux-x86_64/egg/kubernetes/client/api_client.py", line 153, in __call_api
File "build/bdist.linux-x86_64/egg/kubernetes/client/api_client.py", line 361, in request
File "build/bdist.linux-x86_64/egg/kubernetes/client/rest.py", line 240, in GET
File "build/bdist.linux-x86_64/egg/kubernetes/client/rest.py", line 214, in request
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/request.py", line 66, in request
**urlopen_kw)
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/poolmanager.py", line 321, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/connectionpool.py", line 678, in urlopen
**response_kw)
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/connectionpool.py", line 678, in urlopen
**response_kw)
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/connectionpool.py", line 678, in urlopen
**response_kw)
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/connectionpool.py", line 649, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /api/v1/nodes (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x36b5d90>: Failed to establish a new connection: [Errno 111] Connection refused',))
For some reason HTTPSConnectionPool is trying to access localhost instead of API server, though API url in kubernetes configuration seems to be correct:
>>> from kubernetes.client import configuration
>>> configuration.host
'https://10.0.0.1:443'
What you expected to happen:
get a list of nodes
How to reproduce it (as minimally and precisely as possible):
described above
Anything else we need to know:
@magescher supposedly it is fixed in 3.0 . As a workaround I used following:
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
config.load_incluster_config()
@magescher supposedly it is fixed in 3.0 . As a workaround I used following:
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
config.load_incluster_config()
import os.path
import yaml
import boto3
from kubernetes import client, config
from auth import EKSAuth
from os import path
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
config.load_incluster_config()
Configure your cluster name and region here
KUBE_FILEPATH = '/tmp/rconfig'
CLUSTER_NAME = 'pre-imputation'
REGION = 'us-east-1'
We assume that when the Lambda container is reused, a kubeconfig file exists.
If it does not exist, it creates the file.
with open("./rconfig", 'r') as c:
job = yaml.safe_load(c)
with open(KUBE_FILEPATH, 'w') as outfile:
yaml.dump(job, outfile, default_flow_style=False)
def handler(event, context):
#def handler():
# Get Token
eks = EKSAuth(CLUSTER_NAME)
token = eks.get_token()
# Configure
print("configure")
config.load_kube_config(KUBE_FILEPATH)
configuration = client.Configuration()
configuration.api_key['authorization'] = token
configuration.api_key_prefix['authorization'] = 'Bearer'
# API
print("api call")
api = client.ApiClient(configuration)
v1 = client.CoreV1Api(api)
with open("./job.yaml",'r') as f:
job = yaml.safe_load(f)
k8s_apps_v1 = client.BatchV1Api(api)
resp = k8s_apps_v1.create_namespaced_job(
body=job,namespace="default")
print("job created. name='%s'" % resp.metadata.name)
#handler()
i m getting below error
Response:
"errorMessage": "Service host/port is not set.",
"errorType": "ConfigException",
"stackTrace": [
" File "/var/lang/lib/python3.8/imp.py", line 234, in load_module\n return load_source(name, filename, file)\n",
" File "/var/lang/lib/python3.8/imp.py", line 171, in load_source\n module = _load(spec)\n",
" File "", line 702, in _load\n",
" File "", line 671, in _load_unlocked\n",
" File "", line 783, in exec_module\n",
" File "", line 219, in _call_with_frames_removed\n",
" File "/var/task/main.py", line 9, in \n config.load_incluster_config()\n",
" File "/opt/python/kubernetes/config/incluster_config.py", line 118, in load_incluster_config\n InClusterConfigLoader(\n",
" File "/opt/python/kubernetes/config/incluster_config.py", line 54, in load_and_set\n self._load_config()\n",
" File "/opt/python/kubernetes/config/incluster_config.py", line 62, in _load_config\n raise ConfigException("Service host/port is not set.")\n"
There seems to be some problem with your config file. Check it once if it
has the API endpoint correctly defined.
On Fri, 20 Nov 2020, 23:08 Riyaj Kazi, ***@***.***> wrote:
@magescher <
https://github.com/magescher> supposedly it is fixed in 3.0 .
As a workaround I used following:
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
config.load_incluster_config()
import os.path
import yaml
import boto3
from kubernetes import client, config
from auth import EKSAuth
from os import path
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
config.load_incluster_config()
Configure your cluster name and region here
KUBE_FILEPATH = '/tmp/rconfig'
CLUSTER_NAME = 'pre-imputation'
REGION = 'us-east-1'
We assume that when the Lambda container is reused, a kubeconfig file
exists. If it does not exist, it creates the file.
with open("./rconfig", 'r') as c:
job = yaml.safe_load(c)
with open(KUBE_FILEPATH, 'w') as outfile:
yaml.dump(job, outfile, default_flow_style=False)
def handler(event, context):
#def handler():
# Get Token
eks = EKSAuth(CLUSTER_NAME)
token = eks.get_token()
# Configure
print("configure")
config.load_kube_config(KUBE_FILEPATH)
configuration = client.Configuration()
configuration.api_key['authorization'] = token
configuration.api_key_prefix['authorization'] = 'Bearer'
# API
print("api call")
api = client.ApiClient(configuration)
v1 = client.CoreV1Api(api)
with open("./job.yaml",'r') as f:
job = yaml.safe_load(f)
k8s_apps_v1 = client.BatchV1Api(api)
resp = k8s_apps_v1.create_namespaced_job(
body=job,namespace="default")
print("job created. name='%s'" % resp.metadata.name)
#handler()
i m getting below error
Response:
"errorMessage": "Service host/port is not set.",
"errorType": "ConfigException",
"stackTrace": [
" File "/var/lang/lib/python3.8/imp.py", line 234, in load_module\n return
load_source(name, filename, file)\n",
" File "/var/lang/lib/python3.8/imp.py", line 171, in load_source\n module
= _load(spec)\n",
" File "", line 702, in _load\n",
" File "", line 671, in _load_unlocked\n",
" File "", line 783, in exec_module\n",
" File "", line 219, in _call_with_frames_removed\n",
" File "/var/task/main.py", line 9, in \n
config.load_incluster_config()\n",
" File "/opt/python/kubernetes/config/incluster_config.py", line 118, in
load_incluster_config\n InClusterConfigLoader(\n",
" File "/opt/python/kubernetes/config/incluster_config.py", line 54, in
load_and_set\n self._load_config()\n",
" File "/opt/python/kubernetes/config/incluster_config.py", line 62, in
_load_config\n raise ConfigException("Service host/port is not set.")\n"
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<
#47520 (comment)>,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/ABRUTWXECJFPGPWLWRUGCV3SQ2SRBANCNFSM4DPHYPWA>
I am talking about KUBE_FILEPATH = '/tmp/rconfig' . Please check this file
there seems to some error with it , it generally holds a endpoint for the
api server to which your kubectl connects.
On Mon, Nov 23, 2020 at 4:42 PM Riyaj Kazi ***@***.***> wrote:
Kind: config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <>
server: <>
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
users:
- name: aws
user:
name: lambda
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
#47520 (comment)>,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/ABRUTWUVNCENQE5QPJLKD3TSRI7TFANCNFSM4DPHYPWA>
Given below is the sample config file for eks. Also have a look at
https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html for
how to generate the eks config.
apiVersion: v1
clusters:
- cluster:
server: <endpoint-url>
certificate-authority-data: <base64-encoded-ca-cert>
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
kind: Config
preferences: {}
users:
- name: aws
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: aws
args:
- "eks"
- "get-token"
- "--cluster-name"
- "<cluster-name>"
# - "--role"
# - "<role-arn>"
# env:
# - name: AWS_PROFILE
# value: "<aws-profile>"
On Mon, Nov 23, 2020 at 4:47 PM Riyaj Kazi ***@***.***> wrote:
This is the file i m passing as rconfig
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
#47520 (comment)>,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/ABRUTWUSMBC6MMSDACFKL7LSRJAETANCNFSM4DPHYPWA>
certificate-authority-data:
server: https://.gr7.us-east-1.eks.amazonaws.com
name: pre-imputation.us-east-1.eksctl.io
cluster:
certificate-authority-data:
server: https://.gr7.us-east-1.eks.amazonaws.com
name: arn:aws:eks:us-east-1::cluster/pre-imputation
contexts:
context:
cluster: pre-imputation.us-east-1.eksctl.io
user: <instance_id>@pre-imputation.us-east-1.eksctl.io
name: <[email protected]
context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
context:
cluster: arn:aws:eks:us-east-1::cluster/pre-imputation
user: arn:aws:eks:us-east-1::cluster/pre-imputation
name: arn:aws:eks:us-east-1::cluster/pre-imputation
current-context: arn:aws:eks:us-east-1::cluster/pre-imputation
kind: Config
preferences: {}
users:
name: aws
user: lambda
name: <instance_id>@pre-imputation.us-east-1.eksctl.io
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- token
- pre-imputation
command: aws-iam-authenticator
- name: AWS_STS_REGIONAL_ENDPOINTS
value: regional
- name: AWS_DEFAULT_REGION
value: us-east-1
name: arn:aws:eks:us-east-1::cluster/pre-imputation
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- us-east-1
- eks
- get-token
- --cluster-name
- pre-imputation
command: aws
Now looks fine should connect , can you try connecting with kubectl first
and then try the python version.
On Mon, Nov 23, 2020 at 5:06 PM Riyaj Kazi ***@***.***> wrote:
below is my current config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
server: https://.gr7.us-east-1.eks.amazonaws.com
name: pre-imputation.us-east-1.eksctl.io
- cluster:
certificate-authority-data:
server: https://.gr7.us-east-1.eks.amazonaws.com
name: arn:aws:eks:us-east-1::cluster/pre-imputation
contexts:
- context:
cluster: pre-imputation.us-east-1.eksctl.io
user: ***@***.***
name: ***@***.***
- context:
cluster: kubernetes
user: aws
name: aws
current-context: aws
- context:
cluster: arn:aws:eks:us-east-1::cluster/pre-imputation
user: arn:aws:eks:us-east-1::cluster/pre-imputation
name: arn:aws:eks:us-east-1::cluster/pre-imputation
current-context: arn:aws:eks:us-east-1::cluster/pre-imputation
kind: Config
preferences: {}
users:
- name: aws
user: lambda
- name: ***@***.***
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- token
- pre-imputation
command: aws-iam-authenticator
- name: AWS_STS_REGIONAL_ENDPOINTS
value: regional
- name: AWS_DEFAULT_REGION
value: us-east-1
- name: arn:aws:eks:us-east-1::cluster/pre-imputation
user:
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
args:
- --region
- us-east-1
- eks
- get-token
- --cluster-name
- pre-imputation
command: aws
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
#47520 (comment)>,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/ABRUTWXWAKE3SVAYEAH6CA3SRJCL7ANCNFSM4DPHYPWA>
apiGroups: [""]
resources: ["pods", "jobs"]
verbs: ["create", "get", "watch", "list", "delete"]
RoleBinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: lambda-user-role-binding
namespace: default
subjects:
kind: User
name: lambda
apiGroup: rbac.authorization.k8s.io
kind: ServiceAccount
name: job-ops # Name of the ServiceAccount
namespace: default
roleRef:
kind: Role
name: lambda-access
apiGroup: rbac.authorization.k8s.io
below is awsauth detail in which i have added lamba execution role arn
apiVersion: v1
data:
mapRoles: |
- rolearn: arn:aws:iam:::role/service-role/eks-pre-lambda-role-osen863c
username: lambda
what are you trying to do exactly ? Using lambda functions to syncronize
the iam user roles to eks rbac ? If that is true I think you are on
the right track, kindly tell me what kind of error are you facing now.
On Mon, Nov 23, 2020 at 5:10 PM Riyaj Kazi ***@***.***> wrote:
role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: lambda-access
namespace: default
rules:
- apiGroups: [""]
resources: ["pods", "jobs"]
verbs: ["create", "get", "watch", "list", "delete"]
RoleBinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: lambda-user-role-binding
namespace: default
subjects:
- kind: User
name: lambda
apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount
name: job-ops # Name of the ServiceAccount
namespace: default
roleRef:
kind: Role
name: lambda-access
apiGroup: rbac.authorization.k8s.io
below is awsauth detail in which i have added lamba execution role arn
apiVersion: v1
data:
mapRoles: |
- rolearn: arn:aws:iam:::role/service-role/eks-pre-lambda-role-osen863c
username: lambda
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
#47520 (comment)>,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/ABRUTWXR5CCCQ6GR4HCRR7LSRJC3FANCNFSM4DPHYPWA>
i want to execute eks jobs using lambda. Hence i created user called lambda and given him only permission for pod and job.
when i add os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
config.load_incluster_config()
i am getting below error now
Traceback (most recent call last):
File "main.py", line 50, in
handler()
File "main.py", line 33, in handler
config.load_incluster_config(KUBE_FILEPATH)
File "/home/ec2-user/eks-lambda/lib/python3.8/site-packages/kubernetes/config/incluster_config.py", line 118, in load_incluster_config
InClusterConfigLoader(
File "/home/ec2-user/eks-lambda/lib/python3.8/site-packages/kubernetes/config/incluster_config.py", line 54, in load_and_set
self._load_config()
File "/home/ec2-user/eks-lambda/lib/python3.8/site-packages/kubernetes/config/incluster_config.py", line 62, in _load_config
raise ConfigException("Service host/port is not set.")
kubernetes.config.config_exception.ConfigException: Service host/port is not set.
if i set service port as 443 i get below error
Traceback (most recent call last):
File "main.py", line 50, in
handler()
File "main.py", line 33, in handler
config.load_incluster_config(KUBE_FILEPATH)
File "/home/ec2-user/eks-lambda/lib/python3.8/site-packages/kubernetes/config/incluster_config.py", line 118, in load_incluster_config
InClusterConfigLoader(
File "/home/ec2-user/eks-lambda/lib/python3.8/site-packages/kubernetes/config/incluster_config.py", line 54, in load_and_set
self._load_config()
File "/home/ec2-user/eks-lambda/lib/python3.8/site-packages/kubernetes/config/incluster_config.py", line 73, in _load_config
raise ConfigException("Service token file does not exists.")
kubernetes.config.config_exception.ConfigException: Service token file does not exists.
from auth import EKSAuth
from os import path
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
os.environ['KUBERNETES_SERVICE_PORT'] = '443'
#config.load_incluster_config()
#os.environ['KUBERNETES_SERVICE_HOST'] = os.environ.get('KUBERNETES_SERVICE_HOST')
#os.environ['KUBERNETES_SERVICE_PORT'] = os.environ.get('KUBERNETES_SERVICE_PORT')
Configure your cluster name and region here
KUBE_FILEPATH = '/tmp/config'
CLUSTER_NAME = 'pre-imputation'
REGION = 'us-east-1'
We assume that when the Lambda container is reused, a kubeconfig file exists.
If it does not exist, it creates the file.
with open("./config", 'r') as c:
job = yaml.safe_load(c)
with open(KUBE_FILEPATH, 'w') as outfile:
yaml.dump(job, outfile, default_flow_style=False)
#def handler(event, context):
def handler():
# Get Token
eks = EKSAuth(CLUSTER_NAME)
token = eks.get_token()
# Configure
print("configure")
config.load_incluster_config(KUBE_FILEPATH)
config.load_kube_config(KUBE_FILEPATH)
configuration = client.Configuration()
configuration.api_key['authorization'] = token
configuration.api_key_prefix['authorization'] = 'Bearer'
# API
print("api call")
api = client.ApiClient(configuration)
v1 = client.CoreV1Api(api)
with open("./job.yaml",'r') as f:
job = yaml.safe_load(f)
k8s_apps_v1 = client.BatchV1Api(api)
resp = k8s_apps_v1.create_namespaced_job(
body=job,namespace="default")
print("job created. name='%s'" % resp.metadata.name)
handler()
On Mon, Nov 23, 2020 at 6:08 PM Riyaj Kazi ***@***.***> wrote:
main.py
import os.path
import yaml
import boto3
from kubernetes import client, config
from auth import EKSAuth
from os import path
os.environ['KUBERNETES_SERVICE_HOST'] = 'kubernetes'
os.environ['KUBERNETES_SERVICE_PORT'] = '443'
#config.load_incluster_config()
#os.environ['KUBERNETES_SERVICE_HOST'] =
os.environ.get('KUBERNETES_SERVICE_HOST')
#os.environ['KUBERNETES_SERVICE_PORT'] =
os.environ.get('KUBERNETES_SERVICE_PORT')
Configure your cluster name and region here
KUBE_FILEPATH = '/tmp/config'
CLUSTER_NAME = 'pre-imputation'
REGION = 'us-east-1'
We assume that when the Lambda container is reused, a kubeconfig file
exists. If it does not exist, it creates the file.
with open("./config", 'r') as c:
job = yaml.safe_load(c)
with open(KUBE_FILEPATH, 'w') as outfile:
yaml.dump(job, outfile, default_flow_style=False)
#def handler(event, context):
def handler():
# Get Token
eks = EKSAuth(CLUSTER_NAME)
token = eks.get_token()
# Configure
print("configure")
config.load_incluster_config(KUBE_FILEPATH)
config.load_kube_config(KUBE_FILEPATH)
configuration = client.Configuration()
configuration.api_key['authorization'] = token
configuration.api_key_prefix['authorization'] = 'Bearer'
# API
print("api call")
api = client.ApiClient(configuration)
v1 = client.CoreV1Api(api)
with open("./job.yaml",'r') as f:
job = yaml.safe_load(f)
k8s_apps_v1 = client.BatchV1Api(api)
resp = k8s_apps_v1.create_namespaced_job(
body=job,namespace="default")
print("job created. name='%s'" % resp.metadata.name)
handler()
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
#47520 (comment)>,
or unsubscribe
<
https://github.com/notifications/unsubscribe-auth/ABRUTWWLPRJJCWLEAQ75SNLSRJJTFANCNFSM4DPHYPWA>
I have tried all the answers in this issue but did not help.
Finally, I update the python3.6.3 to python3.6.8, then it works.
Hope this info helps someone...
