您的位置: 首页  >  文章  >  kubernetes forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group ""

kubernetes forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group ""

分类: 文章 2024-07-14 11:43:34

系统

[[email protected] opt]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)

kubernetes 版本

[[email protected] opt]# kubectl version --short 
Client Version: v1.13.1
Server Version: v1.13.1

docker版本

[[email protected] opt]# docker version 
Client:
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.10.6
 Git commit:        4c52b90
 Built:             Wed Jan  9 19:35:01 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       4c52b90
  Built:            Wed Jan  9 19:06:30 2019
  OS/Arch:          linux/amd64
  Experimental:     false

相关日志
kubernetes forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group ""

1月 29 18:07:53 k8s-119 kubelet[2085]: E0129 18:07:53.109599    2085 reflector.go:134] object-"kube-system"/"kube-proxy-token-4jz44": Failed to list *v1.Secret: secrets "kube-proxy-token-4jz44" is forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group "" in the namespace "kube-system": no path found to object
1月 29 18:07:54 k8s-119 kubelet[2085]: E0129 18:07:54.111998    2085 reflector.go:134] object-"kube-system"/"kube-proxy-token-4jz44": Failed to list *v1.Secret: secrets "kube-proxy-token-4jz44" is forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group "" in the namespace "kube-system": no path found to object
1月 29 18:07:55 k8s-119 kubelet[2085]: E0129 18:07:55.114409    2085 reflector.go:134] object-"kube-system"/"kube-proxy-token-4jz44": Failed to list *v1.Secret: secrets "kube-proxy-token-4jz44" is forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group "" in the namespace "kube-system": no path found to object
1月 29 18:07:56 k8s-119 kubelet[2085]: E0129 18:07:56.116680    2085 reflector.go:134] object-"kube-system"/"kube-proxy-token-4jz44": Failed to list *v1.Secret: secrets "kube-proxy-token-4jz44" is forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group "" in the namespace "kube-system": no path found to object
1月 29 18:07:57 k8s-119 kubelet[2085]: E0129 18:07:57.118871    2085 reflector.go:134] object-"kube-system"/"kube-proxy-token-4jz44": Failed to list *v1.Secret: secrets "kube-proxy-token-4jz44" is forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group "" in the namespace "kube-system": no path found to object
1月 29 18:07:58 k8s-119 kubelet[2085]: E0129 18:07:58.121223    2085 reflector.go:134] object-"kube-system"/"kube-proxy-token-4jz44": Failed to list *v1.Secret: secrets "kube-proxy-token-4jz44" is forbidden: User "system:node:10.39.30.116" cannot list resource "secrets" in API group "" in the namespace "kube-system": no path found to object

解决办法
通过clusterrolebinding绑定system:nodes组到system:node这个clusterrole就可以了

kubectl create clusterrolebinding system-node-role-bound --clusterrole=system:node --group=system:nodes

参考:
rbac

相关推荐