报错1:
安装k8s的node节点上的kubelet,启动报错:
kubelet: error: failed to run Kubelet: cannot create certificate signing request: Unauthorized
查看apiserver日志报错:
k8s_master kube-apiserver: E0202 14:25:20.749540 40045 authentication.go:64] Unable to authenticate the request due to an error: [invalid bearer token, [invalid bearer token, invalid bearer token]]
原因是:kuber-apiserver启动参数中的token.csv和kubelet启动参数中指定的bootstrap文件bootstrap.kubeconfig中的token值是否一致,此外该token必须为实际数值,不能使用变量代替
修改 bootstrap.kubeconfig中的token 等于 kuber-apiserver启动参数中的token.csv即可。
参考:https://www.bbsmax.com/A/n2d9bMnwzD/
报错2: no server found for cluster "kubernetes"
因为在master上面建立的 kube-proxy.kubeconfig 不对,忘记了 :export KUBE_APISERVER="https://192.168.118.211:6443";
重新建立 kube-proxy.kubeconfig 即可。
报错3:
cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User "kubelet-bootstrap" cannot create certificatesigningrequests
是由于在master上忘记创建clusterrolebinding ,执行:
../bin/kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
