问题描述
[xueke @ master-01管理员] $ kubectl日志nginx-deployment-76bf4969df-999x8来自服务器的错误(禁止):禁止(用户=系统:匿名,动词=获取,资源=节点,子资源=代理)(pods/log nginx-deployment-76bf4969df-999x8)
[xueke@master-01 admin]$ kubectl logs nginx-deployment-76bf4969df-999x8 Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log nginx-deployment-76bf4969df-999x8)
[xueke@master-01 admin]$ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.0.101:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
我在这里指定了管理员用户我该如何修改?
I specified the admin user hereHow do I need to modify it?
推荐答案
上述错误表示您的apiserver没有用于验证kubelet的log/exec命令的凭据( kubelet cert和key )并因此显示 Forbidden 错误消息.
The above error means your apiserver doesn't have the credentials (kubelet cert and key) to authenticate the kubelet's log/exec commands and hence the Forbidden error message.
您需要向apiserver提供-kubelet-client-certificate =< path_to_cert> 和-kubelet-client-key =< path_to_key> ,通过这种方式,apiserver使用证书和密钥对对kubelet进行身份验证.
You need to provide --kubelet-client-certificate=<path_to_cert> and --kubelet-client-key=<path_to_key> to your apiserver, this way apiserver authenticate the kubelet with the certficate and key pair.
有关更多信息,请查看:
For more information, have a look at:
这篇关于来自服务器的错误(禁止):禁止(用户=系统:匿名,动词=获取,的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!