[root@centos7-node01 cfg]# /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.248.129 --hostname-override=192.168.248.129 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --fail-swap-on=false --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --pod-infra-container-image=registry.cn-hangzhou.aliyuncs/google_containers/pause-amd64:3.0
报错信息
I0129 05:41:06.946579 6235 bootstrap.go:58] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file
error: failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User "kubelet-bootstrap" cannot create certificatesigningrequests.certificates.k8s.io at the cluster scope: clusterrole.rbac.authorization.k8s.io "system:node-bootstrap" not found
master 上创建角色权限
[root@centos7-master .kube]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io "kubelet-bootstrap" already exists
[root@centos7-master .kube]# kubectl describe clusterrolebinding kubelet-bootstrap
Name: kubelet-bootstrap
Namespace:
Labels: <none>
Events: <none>
这个权限之前估计创建有误,但kubelet-bootstrap
已占用,不知怎么修改的clusterrole
这个值。