kubectl禁止使用收益率，检索当前配置时出错 [英] kubectl apply yield forbidden, error when retrieving current configuration

问题描述

按照创建单个主集群的步骤，我当时能够成功初始化主服务器，但是在申请时出现了禁止错误，有人遇到过同样的事情吗?谢谢！

followed steps to create single master cluster, i was able to successfully init the master, but when apply i got forbidden error, any one experienced the same? thanks!

我做了以下

1. disable selinux in /etc/selinux/config, and reboot
2. comment out KUBELET_NETWORK_ARGS in 
         /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
3. export no_proxy=$no_proxy,<master-ip> 
4. export KUBECONFIG=/etc/kubernetes/kubelet.conf in .bash_profile

初始化成功后，当尝试申请

after init success, when try to apply

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml

我收到以下错误消息

Error from server (Forbidden): error when retrieving current configuration of:
&{0xc42048ab40 0xc421a83730  
flannel https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml 0xc42109cc20  false}
from server for: "https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml": 
clusterroles.rbac.authorization.k8s.io "flannel" is forbidden: 
User "system:node:<master-server-name>" 
cannot get clusterroles.rbac.authorization.k8s.io at the cluster scope

推荐答案

一旦您的集群尚未完全正常运行，就可以更轻松地将其拆开并从头开始重新创建:

As soon as your cluster is not yet fully functional, it would be easier to tear it down and recreate from scratch:

$> sudo su
#> kubeadm reset
#> rm -rf $HOME/.kube /etc/kubernetes

准备主机(以防万一您还没有做):

#> swapoff -a
## Don't forget to comment swap partition line in /etc/fstab

## I assume that you have these packages already installed: docker, kubeadm, kubectl

## tune sysctl to pass bridged IPv4 traffic to iptables’ chains. 
## This is a requirement for some CNI plugins to work, for more information please see
## https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements

#> cat <<EOF >>/etc/ufw/sysctl.conf
net/bridge/bridge-nf-call-ip6tables = 1
net/bridge/bridge-nf-call-iptables = 1
net/bridge/bridge-nf-call-arptables = 1
EOF
#> sudo sysctl --system

初始化集群:

## Do not try to set less than /16 subnet for `--pod-network-cidr`

#> kubeadm init --pod-network-cidr=10.244.0.0/16

## Prepare the kubectl config

#> mkdir -p $HOME/.kube
#> cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
#> chown $(id -u):$(id -g) $HOME/.kube/config

安装绒布

#> kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml

允许在主节点上安排播客.

(以防万一您没有任何工作节点.)

Allow pod scheduled on the master node.

(Just in case you do not have any worker nodes.)

#> kubectl taint nodes --all node-role.kubernetes.io/master-

至此，您应该已经可以使用Kubernetes集群:

#> kubectl get nodes
#> kubectl get pods --all-namespaces

这篇关于kubectl禁止使用收益率，检索当前配置时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！