二进制安装k8s遇到的授权问题: x509: certificate signed by unknown authority

创建token授权角色的时候，死活执行不成。

[root@m1 logs]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
error: failed to create clusterrolebinding: Post "https://192.168.188.202:6443/apis/rbac.authorization.k8s.io/v1/clusterrolebindings?fieldManager=kubectl-create": x509: certificate signed by unknown authority

通过其他的命令查询资源，比如  kubectl get csr 也是 类似错误，查询各种资料无果，最后

参考这根文章完美结局

https://blog.csdn.net/woay2008/article/details/93250137

 

我的原意是之前这个虚拟机用kubeadm安装了一遍，虽然reset环境了，有个~/.kube文件夹没有被删除，里面有个config文件

暂时不知道什么原意，删除这个文件夹再进行授权和查询就可以了。

 

 

[root@m1 ~]# rm -rf .kube/
[root@m1 ~]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
[root@m1 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused
etcd-1 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}