如何解决不能用root在Kubernetes上做任何事情来自服务器的错误禁止:禁止
在kubernetes升级之后,我们面临着无法对kubernetes做任何事情的问题。
起初我们得到You must be logged in to the server (Unauthorized),但是我找到了解决方法
kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf
cp /etc/kubernetes/kubelet.conf ~/.kube/config
cp /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf
systemctl restart kubelet
所以现在我们可以列出节点,所有吊舱,但不能创建名称空间,clusterroles,检查apiserver等。
[root@foo.example ~]# kubectl get roles,rolebindings,clusterroles
Error from server (Forbidden): roles.rbac.authorization.k8s.io is forbidden: User "system:node:foo.example" cannot list resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "default"
Error from server (Forbidden): rolebindings.rbac.authorization.k8s.io is forbidden: User "system:node:foo.example" cannot list resource "rolebindings" in API group "rbac.authorization.k8s.io" in the namespace "default"
Error from server (Forbidden): clusterroles.rbac.authorization.k8s.io is forbidden: User "system:node:foo.example" cannot list resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
试图续订证书,但仍然出现相同的错误。我无法重新安装kubernetes集群,因为它正在生产中。我们在kubernetes上运行
Kubernetes版本:v1.17.9
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
