3

查看节点状态:kubectl get csr

[root@kube1 ~]# kubectl get csr
NAME                                                   AGE    REQUESTOR                 CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c   150m   system:bootstrap:gn5vla   Pending
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg   150m   system:bootstrap:xay6t6   Pending
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ   150m   system:bootstrap:v1g4p2   Pending

执行拒绝:</p> 

kubectl get csr | grep Pending| awk '{print $1}' | xargs kubectl certificate deny

再次查看节点状态:kubectl get csr

[root@kube1 ~]# kubectl get csr
NAME                                                   AGE    REQUESTOR                 CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c   150m   system:bootstrap:gn5vla   Denied
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg   150m   system:bootstrap:xay6t6   Denied
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ   150m   system:bootstrap:v1g4p2   Denied

我如何才能在拒绝状态下批准 CSR?

4

1 回答 1

2

简短的回答,你不能。拒绝 CSR 后,您需要发布新的 CSR 并根据需要批准它。如果您不想在那里看到被拒绝的 CSR,您可以删除它们:

 kubectl delete csr <csr-name>
于 2018-09-13T02:00:06.950 回答