Closed jesse1993 closed 6 years ago
这个问题困扰我好久了,希望大神指点一下,感激不尽 kubernetes 版本1.8.3 apiserver指定了预设用户kubelet-bootstrap,工作节点也通过--bootstrap-kubeconfig flag指定用户kubelet-bootstrap和token,但是启动工作节点后却报错提示我是匿名用户访问的?
error: failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User "system:anonymous" cannot create certificatesigningrequests.certificates.k8s.io at the cluster scope
以下是配置 apiserver
/usr/local/bin/kube-apiserver --etcd-servers=http://127.0.0.1:2379 --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota --service-account-key-file=/srv/kubernetes/pubkey.pem --service-cluster-ip-range=10.96.0.0/16 --allow-privileged=true --authorization-mode=RBAC --enable-bootstrap-token-auth=true --token-auth-file=/var/lib/kubernetes/bootstrap.csv --client-ca-file=/var/lib/kubernetes/cacert.pem --tls-cert-file=/var/lib/kubernetes/servercert.pem --tls-private-key-file=/var/lib/kubernetes/serverkey.pem --address=172.18.11.249 --insecure-bind-address=127.0.0.1 --advertise-address=172.18.11.249 --audit-log-maxage=30 --audit-log-maxsize=100 --audit-log-path=/var/log/kube-apiserver.log --v=4 1>>/var/log/kube-apiserver.log 2>&1
/var/lib/kubernetes/bootstrap.csv 0d681e2438667d2b5236ad7385d80ddc,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
0d681e2438667d2b5236ad7385d80ddc,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
工作节点的配置
/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubelet/bootstrap.kubeconfig.yaml --pod-manifest-path=/etc/kubernetes/manifests --node-labels=node-role.kubernetes.io/worker= --node-ip=172.18.10.16 --allow-privileged --v=4
/etc/kubelet/bootstrap.kubeconfig.yaml
apiVersion: v1 clusters: - cluster: server: https://172.18.11.249:6443/ name: myk8s contexts: - context: cluster: myk8s name: myk8s current-context: myk8s kind: Config preferences: {} users: - name: kubelet-bootstrap user: as-user-extra: {} token: 0d681e2438667d2b5236ad7385d80ddc
你可以参考这个配置:https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/tree/master/conf
@rootsongjc 根据你的建议,我的问题解决了,之前查了好久都不知道是怎么回事,太感谢了
这个问题困扰我好久了,希望大神指点一下,感激不尽 kubernetes 版本1.8.3 apiserver指定了预设用户kubelet-bootstrap,工作节点也通过--bootstrap-kubeconfig flag指定用户kubelet-bootstrap和token,但是启动工作节点后却报错提示我是匿名用户访问的?
以下是配置 apiserver
/var/lib/kubernetes/bootstrap.csv
0d681e2438667d2b5236ad7385d80ddc,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
工作节点的配置
/etc/kubelet/bootstrap.kubeconfig.yaml