本文介绍了禁止kubernetes api访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试通过 curl -k https://172.26.2.101:6443/api/v1/pods
获取类似Pod的群集信息,但是我却收到以下禁止的错误,我检查了管理员权限,并确保它在"system:masters"目录中.组.
I'm trying to get cluster info like pods through curl -k https://172.26.2.101:6443/api/v1/pods
but i'm getting bellow forbidden error, however, I checked the admin rights and made sure it's in the "system:masters" group.
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" at the cluster scope",
"reason": "Forbidden",
"details": {
"kind": "pods"
},
"code": 403
有什么主意吗?!
推荐答案
通过从.kube/config文件中捕获证书来解决
Solved by capturing certs from the .kube/config file
client-key-data:
client-key-data:
echo -n "LS0...Cg==" | base64 -d > admin.key
客户端证书数据:
echo -n "LS0...C==" | base64 -d > admin.crt
证书授权数据:
echo -n "LS0...g==" | base64 -d > ca.crt
然后使用
curl https://172.26.2.101:6443 \
--key admin.key \
--cert admin.crt
--cacert ca.crt
这篇关于禁止kubernetes api访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!