问题1:
because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”
原因:这是在重新创建集群之前,原来集群的rm -rf $HOME/.kube文件没有删除,所以导致了认证失去作用。
解决方法:
1、删除这个路径下的文件
rm -rf $HOME/.kube
2、重新执行命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
运行命令: kubectl get nodes 依旧报错。
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)
echo export KUBECONFIG=/etc/kubernetes/kubelet.conf >> ~/.bashrc && source ~/.bashrc
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 94m v1.18.2
slave1 Ready
问题2:
在slave node上面查询报错
kubectl get deploy
Error from server (Forbidden): deployments.apps is forbidden: User “system:node:slave1” cannot list resource “deployments” in API group “apps” in the namespace “default”
在master上面给权限即可:
[root@192.168.2.101 /data/prometheus/server]$
Kubectl create clusterrolebinding system:node:slave1 –clusterrole=cluster-admin –user=system:node:slave1
clusterrolebinding.rbac.authorization.k8s.io/system:node:slave1 created
再次查询:
root@slave1 tools]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dep 0/1 1 0 12d
nginx-test 0/1 1 0 12d
问题2:
kubectl apply -f calico-3.13.1.yaml
from server for: “calico-3.13.1.yaml”: configmaps “calico-config” is forbidden: User “system:node:master” cannot get resource “configmaps” in API group “” in the namespace “kube
-system”: no relationship found between node “master” and this object
from server for: “calico-3.13.1.yaml”: deployments.apps “calico-kube-controllers” is forbidden: User “system:node:master” cannot get resource “deployments” in API group “apps” i
kubectl create clusterrolebinding system:node:master –clusterrole=cluster-admin –user=system:node:master
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User “system:node:master” cannot create resource “clusterrolebindings” in API group “r
用错配置文件了, 用admin.conf替代kubelet.conf文件即可。重置安装以前,设置过环境变量:
Export
…
declare -x KUBECONFIG=”/etc/kubernetes/kubelet.conf”
KUBECONFIG=”/etc/kubernetes/admin.conf”
$export
…
declare -x KUBECONFIG=”/etc/kubernetes/admin.conf”
kubectl apply -f calico-3.13.1.yaml
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
…
