我有一个在 Azure AKS 上运行的 Elasticsearch 集群。我想连接到在单独的 AKS 上运行的另一个 es 集群,为此我需要从一个集群导出证书并将其添加到另一个集群。我正在关注here的官方文档 。 但是我无法导出证书并在执行以下命令时出现错误:
kubectl 获取秘密 europecluster-es-transport-certs-public -o go-template='{{index .data "ca.crt"}}'
我遇到的错误是:
error: error parsing template {{index .data ca.crt}}, template: output:1: function "ca" not defined
我是弹性和 kubernetes 领域的新手,无法在互联网上找到此问题的解决方案。
如果您可以手动提取 ca.crt 值并对其进行解码,那么您可以尝试以下操作:
kubectl get secret europecluster-es-transport-certs-public | grep ca.crt echo -n <paste clipboard content> | base64 -d -w 0 > remote.ca.crt上述过程执行与 go template 在命令中执行的操作相同的操作。
示例:
kubectl get secret default-token-h8w57 -o json | grep -i ca.crt
"ca.crt": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01UQXlPVEV4TkRVeU9Gb1hEVE13TVRBeU56RXhORFV5T0Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEl4CmpjMCttcGVXWm5TL3NnenloZ1Ftd1ZaN3A1b2hoUktqY0gvNkVIbDBRbzljOTkyZVBTcmEzNEU0cHpmZXRBUE8Kdm1Ia0Q2Z0dCb1FyVUI3NHFMOFZpaUs4c0hZQXcyWElxMERTZHhHb3VqcUVabUM4SnpSK3gxVE1CaUZ2YUR4dQpaZVpTT3JTc1R2dGN6TjNnMG5XK0xPY1Q2UCtGQlRLbzh1RXBjbXY5cll1ZytOR25xZ0l3L0VNRXlQenM4RGk1CkhzYVJma0FwSmloeERUdTBTY1Z5MkpaakxZZ2RBMUlaSkRScjV6Unc1U3RlWlltTm5rVTY5cEtVVlNlQ2lQWnUKMFdlY3ZaTXE1NDhKWWtmUStWY3pFMjFtUTBJMSs4NXpOUUFvQmZ4aG5tYjNhcW5yL2hEdUZETm9PelIrdCtUSApteTU2ajRWTUtzY3RvNUxkOFFFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNZVlQcGVuYmV3RUg4bFFKdDlxaUs4bG5QWmFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbFpIZGQrZDlWWElobTdsdhskhdjshdjsahdjkasdhkasdhasXOUhQNC9HMXRScTVLUWtZSlJjVHdreGZWNUlhMS8zNW1vRwpyeU5SOVZzYnRZeDF6aFNsRy91NWRGOWFYYjI3M2J4bWNEOVY0UUQvamNXMWRsdnJ6NlFWMGg3dEcwcUd6UG1xClUveC9saXJaTWMrTmVKSXJXZGo5ZjM5dXFuR2VCZnF6ZWN4QXBoRG5xY1dUNWZTVjlSVjdqaE5sNnhSZUVlRGMKUmZQMnFlb3g4d0xyYXBiVDVOSG9PK1FjS3NoUHhPL0FTNXhVVE9yOTZ2YTZkSFhzZFdsQWdaTUtva1lldlN1SApBdjVrYml3ODJBVzlaOHZrS0QrQXdFSWFwdzNNQnEvOUFxQjZBZm93RTJCckZVcTdwVzk3ZHUvRC81NWxQbTN5CllmVFo3ZVZnQUF4Yk1lTDRDdlhSZ1FJWHB5NmROTFN0SGJCSAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
echo -n LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01UQXlPVEV4TkRVeU9Gb1hEVE13TVRBeU56RXhORFV5T0Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEl4CmpjMCttcGVXWm5TL3NnenloZ1Ftd1ZaN3A1b2hoUktqY0gvNkVIbDBRbzljOTkyZVBTcmEzNEU0cHpmZXRBUE8Kdm1Ia0Q2Z0dCb1FyVUI3NHFMOFZpaUs4c0hZQXcyWElxMERTZHhHb3VqcUVabUM4SnpSK3gxVE1CaUZ2YUR4dQpaZVpTT3JTc1R2dGN6TjNnMG5XK0xPY1Q2UCtGQlRLbzh1RXBjbXY5cll1ZytOR25xZ0l3L0VNRXlQenM4RGk1CkhzYVJma0FwSmloeERUdTBTY1Z5MkpaakxZZ2RBMUlaSkRScjV6Unc1U3RlWlltTm5rVTY5cEtVVlNlQ2lQWnUKMFdlY3ZaTXE1NDhKWWtmUStWY3pFMjFtUTBJMSs4NXpOUUFvQmZ4aG5tYjNhcW5yL2hEdUZETm9PelIrdCtUSApteTU2ajRWTUtzY3RvNUxkOFFFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNZVlQcGVuYmV3RUg4bFFKdDlxaUs4bG5QWmFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbFpIZGQrZDlWWElobTdsdhskhdjshdjsahdjkasdhkasdhasXOUhQNC9HMXRScTVLUWtZSlJjVHdreGZWNUlhMS8zNW1vRwpyeU5SOVZzYnRZeDF6aFNsRy91NWRGOWFYYjI3M2J4bWNEOVY0UUQvamNXMWRsdnJ6NlFWMGg3dEcwcUd6UG1xClUveC9saXJaTWMrTmVKSXJXZGo5ZjM5dXFuR2VCZnF6ZWN4QXBoRG5xY1dUNWZTVjlSVjdqaE5sNnhSZUVlRGMKUmZQMnFlb3g4d0xyYXBiVDVOSG9PK1FjS3NoUHhPL0FTNXhVVE9yOTZ2YTZkSFhzZFdsQWdaTUtva1lldlN1SApBdjVrYml3ODJBVzlaOHZrS0QrQXdFSWFwdzNNQnEvOUFxQjZBZm93RTJCckZVcTdwVzk3ZHUvRC81NWxQbTN5CllmVFo3ZVZnQUF4Yk1lTDRDdlhSZ1FJWHB5NmROTFN0SGJCSAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== | base64 -d -w 0 > remote.ca.crt
来吧,领取证书。
kubectl get secret elasticsearch-master-certificate -o go-template='{{index .data "ca.crt" | base64decode }}' > /path/ca.crt
kubectl get secret elasticsearch-master-certificate -o go-template='{{index .data "tls.crt" | base64decode }}' > /path/tls.crt
kubectl get secret elasticsearch-master-certificate -o go-template='{{index .data "tls.key" | base64decode }}' > /path/tls.key