二进制安装k8s遇到的授权问题: x509: certificate signed by unknown authority
创建token授权角色的时候,死活执行不成。
[root@m1 logs]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
error: failed to create clusterrolebinding: Post "https://192.168.188.202:6443/apis/rbac.authorization.k8s.io/v1/clusterrolebindings?fieldManager=kubectl-create": x509: certificate signed by unknown authority
通过其他的命令查询资源,比如 kubectl get csr 也是 类似错误,查询各种资料无果,最后
参考这根文章完美结局
https://blog.csdn.net/woay2008/article/details/93250137
我的原意是之前这个虚拟机用kubeadm安装了一遍,虽然reset环境了,有个~/.kube文件夹没有被删除,里面有个config文件
暂时不知道什么原意,删除这个文件夹再进行授权和查询就可以了。
[root@m1 ~]# rm -rf .kube/
[root@m1 ~]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
[root@m1 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused
etcd-1 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
本文来自博客园,作者:忙碌在路上,转载请注明原文链接:https://www.cnblogs.com/netsa/p/14466216.html