kubernetes - Issues after running kubeadm reset
问题描述
I was having issues with kubeadm init, and so i ran kubeadm reset and then kubeadm init and the problem at hand went away, but now I have another problem and that is that when I run kubectl get all, I get the following response:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3h6m
Error from server (Forbidden): replicationcontrollers is forbidden: User "system:node:abc-server.localdomain" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"
Error from server (Forbidden): daemonsets.apps is forbidden: User "system:node:abc-server.localdomain" cannot list resource "daemonsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): deployments.apps is forbidden: User "system:node:abc-server.localdomain" cannot list resource "deployments" in API group "apps" in the namespace "default"
Error from server (Forbidden): replicasets.apps is forbidden: User "system:node:abc-server.localdomain" cannot list resource "replicasets" in API group "apps" in the namespace "default"
Error from server (Forbidden): statefulsets.apps is forbidden: User "system:node:abc-server.localdomain" cannot list resource "statefulsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): horizontalpodautoscalers.autoscaling is forbidden: User "system:node:abc-server.localdomain" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" in the namespace "default"
Error from server (Forbidden): jobs.batch is forbidden: User "system:node:abc-server.localdomain" cannot list resource "jobs" in API group "batch" in the namespace "default"
Error from server (Forbidden): cronjobs.batch is forbidden: User "system:node:abc-server.localdomain" cannot list resource "cronjobs" in API group "batch" in the namespace "default"
I've exhausted my googling abilities with my limited kubernetes vocabulary, so hoping someone here could help me with the following:
- what's happening?! (is this a RBAC Authorization issue?)
- how can i resolve this? as this is a dev environment that will definitely require some clean up, I don't mind a quick and dirty way just so i can continue with the task at hand (which is to just get things up and running again)
解决方案
正如@Software Engineer 在他的评论中提到的那样,有一个github问题可以解决这个问题:
github 上的用户neolit123发布了这个解决方案:
在 pod 网络设置期间出现权限错误,意味着您正在尝试
kubectl apply使用没有正确权限的 kubeconfig 文件来显示文件。确保您
/etc/kubernetes/admin.conf是由 kubeadm 生成并包含kubernetes-admin为用户。root@master:~# kubectl auth can-i create deploy该命令使用哪个 kubeconfig?
尝试root@master:~# KUBECONFIG=/etc/kubernetes/admin.conf kubectl auth can-i create deploy我想查看发行说明,但没有太多信息,或者我不知道解释它。有没有人知道有什么变化,或者我做错了什么?
AFAIK,在 1.14.4 和 .3 之间没有这样的变化。
推荐阅读
- javascript - 使用动态(javascript)创建的 div 定位正确 div id 的问题
- java - 如何在 Android Java 中创建侧边导航菜单?(不是抽屉)
- android - 在 Flutter 中禁用旋转以横向和纵向拍摄相机照片
- dialog - 处理 Google Hangout Dialog Bot 中的事件 - 无法在对话框中使图像/按钮可点击
- reactjs - Redux with React - 传播不可迭代实例的尝试无效。为了可迭代,非数组对象必须有一个 [Symbol.iterator]() 方法
- docker - docker、iptables 和 cloudflare
- php - 如果分页为空,是否可以将用户重定向到分页的第一页在wordpress中
- amazon-web-services - 有没有办法从 AWS 迁移到 GCP
- reactjs - 无法从生产中访问网站图标(清单:行:1,列:1,语法错误。)
- path-finding - 通过指定节点的 GraphDB 路径