- ~#:kubectl get nodes
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
解决方法:https://github.com/kubernetes/kubernetes/issues/48378
export KUBECONFIG=/etc/kubernetes/kubelet.conf
kubectl get nodes
但是这样会在离开此对话后失效,永久保存需要修改/etc/profile 或 .bashrc,这里我们修改 .bashrc
~#:echo export KUBECONFIG=/etc/kubernetes/kubelet.conf >> ~/.bashrc
~#:source ~/.bashrc
看似已经解决的样子,但是又遇到了新问题,/etc/kubernetes/kubelet.conf文件中user是默认生成的匿名格式,即system:name这样的方式,使用命令比如kubectl get all即报错Error from server (Forbidden),原因是在kubeadm init结束后没有按照要求操作造成的。
kubeadm init成功提示
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
所以实际上安装成功后的操作应该是这样的
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
echo export KUBECONFIG=~/.kube/config>> ~/.bashrc
source ~/.bashrc
