发表新帖
发表新帖

“kubectl exec” results in “error: unable to upgrade connection: Unauthorized”

后端 未结
关注
3 455
野趣味
野趣味 2021-01-13 11:21

I tried kubectl exec on a k8s 1.6.4 RBAC-enabled cluster and the error returned was: error: unable to upgrade connection: Unauthorized. docke

3条回答
  • 说谎
    说谎 (楼主)
    2021-01-13 11:36

    In my case (while learning Kubernetes The Hard Way, I had to configure RBAC permissions to allow the Kubernetes API Server to access the Kubelet API on each worker node. I had created a ClusterRole and ClusterRoleBinding to access the Kubelet API 

    ---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:kube-apiserver-to-kubelet
rules:
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
      - nodes/stats
      - nodes/log
      - nodes/spec
      - nodes/metrics
    verbs:
      - "*"

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: system:kube-apiserver
  namespace: ""
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-apiserver-to-kubelet
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: kube-apiserver

    References:

    • https://github.com/mmumshad/kubernetes-the-hard-way/blob/master/docs/13-kube-apiserver-to-kubelet.md

    0 讨论(0)
 看不清?
提交回复
热议问题