当 kubelet 尝试在我的 Kubernetes 工作节点上启动时,我在系统日志中收到如下消息:
May 25 19:43:57 ip-10-240-0-223 kubelet[4882]: I0525 19:43:57.627389 4882 kubelet_node_status.go:82] Attempting to register node worker-1
May 25 19:43:57 ip-10-240-0-223 kubelet[4882]: E0525 19:43:57.628967 4882 kubelet_node_status.go:106] Unable to register node "worker-1" with API server: nodes is forbidden: User "system:node:" cannot create nodes at the cluster scope: unknown node for user "system:node:"
May 25 19:43:58 ip-10-240-0-223 kubelet[4882]: E0525 19:43:58.256557 4882 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/kubelet.go:451: Failed to list *v1.Service: services is forbidden: User "system:node:" cannot list services at the cluster scope: unknown node for user "system:node:"
May 25 19:43:58 ip-10-240-0-223 kubelet[4882]: E0525 19:43:58.257381 4882 reflector.go:205] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: pods is forbidden: User "system:node:" cannot list pods at the cluster scope: unknown node for user "system:node:"
如果我没看错,问题是节点system:node:在连接到 API 服务器时使用的是用户名,而不是system:node:worker-1. 但据我所知,它应该使用特定于工人的。这是我的kubeconfig(省略了私人内容):
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: [elided]
server: https://[elided]:6443
name: kubernetes-the-hard-way
contexts:
- context:
cluster: kubernetes-the-hard-way
user: system:node:worker-1
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: system:node:worker-1
user:
client-certificate-data: [elided]
client-key-data: [elided]
我的印象是user指定的 s 是在联系 API 时使用的,但显然我错了。还有其他地方我错过了参考worker-1吗?
我正在关注Kubernetes the Hard Way教程,但我会在进行过程中为 AWS 调整它,所以这个问题几乎可以肯定是我在调整配置文件时犯的一个错误。如果我应该提供任何其他配置文件以使其更容易/可以调试,请告诉我。