k8s serviceaccount在集群内指定apiserver时验证错误的问题

在主机上,找到TOKEN,可以直接指定apiserver使用 

root@ubuntu-server:/home# kubectl auth can-i --list --server https://192.168.85.198:6443 --token="eyJhbGciOiJSUzI1NiIsImtpZCI6IlFlMHQ3TzhpcGw1SnRqbkYtOC1NUWlWNUpWdGo5SGRXeTBvZU9ib25iZDQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzczNjIzNDc1LCJpYXQiOjE3NDIwODc0NzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJob25leXBvZC01ZDZiY2RiY2RiLXM3NjRoIiwidWlkIjoiOTY1ZjY2ZDEtNmNhNC00NjBiLTg0NDQtOTRmOTUwOTZkMDk4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzYwYTk4ODctMDlhMS00NWRlLTg2OWItNzhhNjdkMGRkNWZiIn0sIndhcm5hZnRlciI6MTc0MjA5MTA4Mn0sIm5iZiI6MTc0MjA4NzQ3NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.ct6yPMHVLnO3k51x7soOO2iV1dboXU2G2rTTAMuxboOMBkjruX_El7tXOuWEhuSGEECpSTxU9iXbPYV5KWCsUwCSrZd1yqlXle6u6h2KAlrZAqKHOe2PCGau6SUhnGwlGNz1z_98mV58cQbHCFzlHhN-2AkLbxYCgtFnD_ggIDQlNb_3uiTneFr7DBSDEp874vGdkh_E7fWSNPFKJQTxQuPZWuOIyz-LaHWGvCmLc5zJgxc_68Zluy-3jyvGIJdgcCXp9Wz51DQRp0NOeuqmZ0bhsNDwqBxZ6DM6dOtzGWaB8k8npd1QxxTmShYdwoOgube-x0-JnUiY5Z3Mf7Sd-A" -v=9
I0316 01:39:25.883868  907134 loader.go:372] Config loaded from file:  /root/.kube/config
I0316 01:39:25.884864  907134 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:39:25.885088  907134 round_trippers.go:466] curl -v -XPOST  -H "Accept: application/json, */*" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" -H "Authorization: Bearer <masked>" 'https://192.168.85.198:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:39:25.885791  907134 round_trippers.go:510] HTTP Trace: Dial to tcp:192.168.85.198:6443 succeed
I0316 01:39:25.890543  907134 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 3 ms ServerProcessing 0 ms Duration 5 ms
I0316 01:39:25.890575  907134 round_trippers.go:577] Response Headers:
I0316 01:39:25.890579  907134 round_trippers.go:580]     Content-Type: application/json
I0316 01:39:25.890590  907134 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: 30268247-c126-47b4-a157-a1758fc4219c
I0316 01:39:25.890595  907134 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: cfdb4739-b1dc-4192-9ab4-2ad063a0e27d
I0316 01:39:25.890600  907134 round_trippers.go:580]     Content-Length: 647
I0316 01:39:25.890604  907134 round_trippers.go:580]     Date: Sun, 16 Mar 2025 01:39:25 GMT
I0316 01:39:25.890609  907134 round_trippers.go:580]     Audit-Id: 396e9b4f-70c1-46b3-a6dd-9bceef4b6fd7
I0316 01:39:25.890613  907134 round_trippers.go:580]     Cache-Control: no-cache, private
I0316 01:39:25.890636  907134 request.go:1181] Response Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{},"status":{"resourceRules":[{"verbs":["*"],"apiGroups":["*"],"resources":["*"]},{"verbs":["create"],"apiGroups":["authorization.k8s.io"],"resources":["selfsubjectaccessreviews","selfsubjectrulesreviews"]}],"nonResourceRules":[{"verbs":["get"],"nonResourceURLs":["/api","/api/*","/apis","/apis/*","/healthz","/livez","/openapi","/openapi/*","/readyz","/version","/version/"]},{"verbs":["*"],"nonResourceURLs":["*"]},{"verbs":["get"],"nonResourceURLs":["/healthz","/livez","/readyz","/version","/version/"]}],"incomplete":false}}
Resources                                       Non-Resource URLs   Resource Names   Verbs
*.*                                             []                  []               [*][*]                 []               [*]
selfsubjectaccessreviews.authorization.k8s.io   []                  []               [create]
selfsubjectrulesreviews.authorization.k8s.io    []                  []               [create][/api/*]            []               [get][/api]              []               [get][/apis/*]           []               [get][/apis]             []               [get][/healthz]          []               [get][/healthz]          []               [get][/livez]            []               [get][/livez]            []               [get][/openapi/*]        []               [get][/openapi]          []               [get][/readyz]           []               [get][/readyz]           []               [get][/version/]         []               [get][/version/]         []               [get][/version]          []               [get][/version]          []               [get]

在容器内如果不跟server参数指定也可以使用

但是指定后就报错了

oot@honeypod-5d6bcdbcdb-s764h:/run/secrets/kubernetes.io/serviceaccount# /home/kubectl auth can-i --list --server https://10.96.0.1:443 --token="eyJhbGciOiJSUzI1NiIsImtpZCI6IlFlMHQ3TzhpcGw1SnRqbkYtOC1NUWlWNUpWdGo5SGRXeTBvZU9ib25iZDQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzczNjIzNDc1LCJpYXQiOjE3NDIwODc0NzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJob25leXBvZC01ZDZiY2RiY2RiLXM3NjRoIiwidWlkIjoiOTY1ZjY2ZDEtNmNhNC00NjBiLTg0NDQtOTRmOTUwOTZkMDk4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzYwYTk4ODctMDlhMS00NWRlLTg2OWItNzhhNjdkMGRkNWZiIn0sIndhcm5hZnRlciI6MTc0MjA5MTA4Mn0sIm5iZiI6MTc0MjA4NzQ3NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.ct6yPMHVLnO3k51x7soOO2iV1dboXU2G2rTTAMuxboOMBkjruX_El7tXOuWEhuSGEECpSTxU9iXbPYV5KWCsUwCSrZd1yqlXle6u6h2KAlrZAqKHOe2PCGau6SUhnGwlGNz1z_98mV58cQbHCFzlHhN-2AkLbxYCgtFnD_ggIDQlNb_3uiTneFr7DBSDEp874vGdkh_E7fWSNPFKJQTxQuPZWuOIyz-LaHWGvCmLc5zJgxc_68Zluy-3jyvGIJdgcCXp9Wz51DQRp0NOeuqmZ0bhsNDwqBxZ6DM6dOtzGWaB8k8npd1QxxTmShYdwoOgube-x0-JnUiY5Z3Mf7Sd-A" -v=9
I0316 01:38:45.999930     257 merged_client_builder.go:163] Using in-cluster namespace
I0316 01:38:46.000634     257 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:38:46.000985     257 round_trippers.go:466] curl -v -XPOST  -H "Authorization: Bearer <masked>" -H "Accept: application/json, */*" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" 'https://10.96.0.1:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:38:46.001798     257 round_trippers.go:510] HTTP Trace: Dial to tcp:10.96.0.1:443 succeed
I0316 01:38:46.004178     257 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 2 ms Duration 3 ms
I0316 01:38:46.004211     257 round_trippers.go:577] Response Headers:
I0316 01:38:46.004273     257 helpers.go:237] Connection error: Post https://10.96.0.1:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews: x509: certificate signed by unknown authority
F0316 01:38:46.004301     257 helpers.go:118] Unable to connect to the server: x509: certificate signed by unknown authority
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0x1)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1038 +0x8a
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x3080040, 0x3, 0x0, 0xc00013e070, 0x2, {0x25f2ec7, 0x10}, 0xc00005c800, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:987 +0x5fd
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0xc00051f400, 0x4e, 0x0, {0x0, 0x0}, 0x55, {0xc000049450, 0x1, 0x1})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:735 +0x1ae
k8s.io/kubernetes/vendor/k8s.io/klog/v2.FatalDepth(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1518
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.fatal({0xc00051f400, 0x4e}, 0xc0004f7ce0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:96 +0xc5
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.checkErr({0x1fed760, 0xc0004f7ce0}, 0x1e797d0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:191 +0x7d7
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.CheckErr(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:118
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth.NewCmdCanI.func1(0xc0003e8000, {0xc000104460, 0x0, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth/cani.go:133 +0xc5
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc0003e8000, {0xc000104410, 0x5, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc00057a000)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.run(0xc00057a000)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:146 +0x325
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.RunNoErrOutput(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:84
main.main()_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubectl/kubectl.go:30 +0x1egoroutine 6 [chan receive]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1181 +0x6a
created by k8s.io/kubernetes/vendor/k8s.io/klog/v2.init.0/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:420 +0xfbgoroutine 18 [select]:
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x1febb40, 0xc000204000}, 0x1, 0xc00007e360)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:167 +0x13b
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x0, 0x12a05f200, 0x0, 0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x89
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Until(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Forever(0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:81 +0x28
created by k8s.io/kubernetes/vendor/k8s.io/component-base/logs.InitLogs/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/logs/logs.go:179 +0x85
root@honeypod-5d6bcdbcdb-s764h:/run/secrets/kubernetes.io/serviceaccount# exit

指定TOKEN也报错

root@honeypod-5d6bcdbcdb-s764h:/# /home/kubectl auth can-i --list --server https://192.168.85.198:443 --token="eyJhbGciOiJSUzI1NiIsImtpZCI6IlFlMHQ3TzhpcGw1SnRqbkYtOC1NUWlWNUpWdGo5SGRXeTBvZU9ib25iZDQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzczNjIzNDc1LCJpYXQiOjE3NDIwODc0NzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJob25leXBvZC01ZDZiY2RiY2RiLXM3NjRoIiwidWlkIjoiOTY1ZjY2ZDEtNmNhNC00NjBiLTg0NDQtOTRmOTUwOTZkMDk4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzYwYTk4ODctMDlhMS00NWRlLTg2OWItNzhhNjdkMGRkNWZiIn0sIndhcm5hZnRlciI6MTc0MjA5MTA4Mn0sIm5iZiI6MTc0MjA4NzQ3NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.ct6yPMHVLnO3k51x7soOO2iV1dboXU2G2rTTAMuxboOMBkjruX_El7tXOuWEhuSGEECpSTxU9iXbPYV5KWCsUwCSrZd1yqlXle6u6h2KAlrZAqKHOe2PCGau6SUhnGwlGNz1z_98mV58cQbHCFzlHhN-2AkLbxYCgtFnD_ggIDQlNb_3uiTneFr7DBSDEp874vGdkh_E7fWSNPFKJQTxQuPZWuOIyz-LaHWGvCmLc5zJgxc_68Zluy-3jyvGIJdgcCXp9Wz51DQRp0NOeuqmZ0bhsNDwqBxZ6DM6dOtzGWaB8k8npd1QxxTmShYdwoOgube-x0-JnUiY5Z3Mf7Sd-A" -v=9
I0316 01:44:43.689347     299 merged_client_builder.go:163] Using in-cluster namespace
I0316 01:44:43.689883     299 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:44:43.690104     299 round_trippers.go:466] curl -v -XPOST  -H "Accept: application/json, */*" -H "Authorization: Bearer <masked>" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" 'https://192.168.85.198:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:44:43.690883     299 round_trippers.go:510] HTTP Trace: Dial to tcp:192.168.85.198:443 succeed
I0316 01:44:43.693382     299 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 2 ms Duration 3 ms
I0316 01:44:43.693520     299 round_trippers.go:577] Response Headers:
I0316 01:44:43.693576     299 helpers.go:237] Connection error: Post https://192.168.85.198:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews: x509: certificate signed by unknown authority
F0316 01:44:43.693620     299 helpers.go:118] Unable to connect to the server: x509: certificate signed by unknown authority
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0x1)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1038 +0x8a
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x3080040, 0x3, 0x0, 0xc0003e6000, 0x2, {0x25f2ec7, 0x10}, 0xc00005c800, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:987 +0x5fd
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0xc00039e0a0, 0x4e, 0x0, {0x0, 0x0}, 0x5a, {0xc0003efc10, 0x1, 0x1})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:735 +0x1ae
k8s.io/kubernetes/vendor/k8s.io/klog/v2.FatalDepth(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1518
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.fatal({0xc00039e0a0, 0x4e}, 0xc000543ce0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:96 +0xc5
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.checkErr({0x1fed760, 0xc000543ce0}, 0x1e797d0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:191 +0x7d7
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.CheckErr(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:118
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth.NewCmdCanI.func1(0xc00045b180, {0xc000492410, 0x0, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth/cani.go:133 +0xc5
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc00045b180, {0xc0004923c0, 0x5, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc0000a6f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.run(0xc0000a6f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:146 +0x325
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.RunNoErrOutput(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:84
main.main()_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubectl/kubectl.go:30 +0x1egoroutine 6 [chan receive]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1181 +0x6a
created by k8s.io/kubernetes/vendor/k8s.io/klog/v2.init.0/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:420 +0xfbgoroutine 18 [select]:
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x1febb40, 0xc0005c0000}, 0x1, 0xc00007e360)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:167 +0x13b
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x0, 0x12a05f200, 0x0, 0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x89
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Until(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Forever(0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:81 +0x28
created by k8s.io/kubernetes/vendor/k8s.io/component-base/logs.InitLogs/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/logs/logs.go:179 +0x85

又或者不用TOKEN,直接打命令,也一样报错 

root@honeypod-5d6bcdbcdb-s764h:/# /home//kubectl auth can-i --list --server https://192.168.85.198:6443 -v=9
Please enter Username: a
Please enter Password: I0316 01:42:49.432361     282 merged_client_builder.go:163] Using in-cluster namespace
I0316 01:42:49.432601     282 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:42:49.432653     282 round_trippers.go:466] curl -v -XPOST  -H "Accept: application/json, */*" -H "Authorization: Basic <masked>" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" 'https://192.168.85.198:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:42:49.433134     282 round_trippers.go:510] HTTP Trace: Dial to tcp:192.168.85.198:6443 succeed
I0316 01:42:49.435363     282 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 2 ms Duration 2 ms
I0316 01:42:49.435372     282 round_trippers.go:577] Response Headers:
I0316 01:42:49.435400     282 helpers.go:237] Connection error: Post https://192.168.85.198:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews: x509: certificate signed by unknown authority
F0316 01:42:49.435413     282 helpers.go:118] Unable to connect to the server: x509: certificate signed by unknown authority
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0x1)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1038 +0x8a
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x3080040, 0x3, 0x0, 0xc0005d4000, 0x2, {0x25f2ec7, 0x10}, 0xc00005cc00, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:987 +0x5fd
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0xc000047630, 0x4e, 0x0, {0x0, 0x0}, 0x5b, {0xc000048e50, 0x1, 0x1})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:735 +0x1ae
k8s.io/kubernetes/vendor/k8s.io/klog/v2.FatalDepth(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1518
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.fatal({0xc000047630, 0x4e}, 0xc0005383f0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:96 +0xc5
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.checkErr({0x1fed760, 0xc0005383f0}, 0x1e797d0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:191 +0x7d7
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.CheckErr(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:118
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth.NewCmdCanI.func1(0xc000672f00, {0xc000491140, 0x0, 0x4})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth/cani.go:133 +0xc5
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc000672f00, {0xc000491100, 0x4, 0x4})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc0005d2f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.run(0xc0005d2f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:146 +0x325
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.RunNoErrOutput(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:84
main.main()_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubectl/kubectl.go:30 +0x1egoroutine 18 [chan receive]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1181 +0x6a
created by k8s.io/kubernetes/vendor/k8s.io/klog/v2.init.0/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:420 +0xfbgoroutine 5 [select]:
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x1febb40, 0xc000386a50}, 0x1, 0xc000090360)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:167 +0x13b
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x0, 0x12a05f200, 0x0, 0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x89
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Until(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Forever(0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:81 +0x28
created by k8s.io/kubernetes/vendor/k8s.io/component-base/logs.InitLogs/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/logs/logs.go:179 +0x85

解决方法

kubectl增加--insecure-skip-tls-verify参数即可

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/34947.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

电子电气架构 --- 智能座舱和车载基础软件简介

电子电气架构 --- 智能座舱和车载基础软件简介

我是穿拖鞋的汉子,魔都中坚持长期主义的汽车电子工程师。 老规矩,分享一段喜欢的文字,避免自己成为高知识低文化的工程师: 人生是一场骗局,最大的任务根本不是什么买车买房,也不是及时行乐,这就是欲望,不是理想,是把自己对生命的希望寄托在外物上,正确的做法应该是内…
阅读更多...
Qt 通过MSVC编译运行项目

Qt 通过MSVC编译运行项目

第一步下载Qt 把Qt能选的插件都选上&#xff0c;有的是连接数据库必须得插件&#xff0c;有的是做图表必须得插件&#xff0c;有的是运行MSVC必须得插件&#xff0c;能选尽量都选上。 第二步安装VS2017&#xff0c;当然我们安装2017的目的主要是用C的编译器&#xff0c;这里提…
阅读更多...
高效手机检测:视觉分析技术的优势

高效手机检测:视觉分析技术的优势

在当今社会&#xff0c;手机已成为人们日常生活和工作中不可或缺的工具。然而&#xff0c;在某些特定场合&#xff0c;如考场、工作场所等&#xff0c;手机的使用却可能带来负面影响。因此&#xff0c;如何有效监测和防止在这些场合偷用手机的行为&#xff0c;成为了一个亟待解…
阅读更多...
Gitee重新远程连接仓库(Linux)

Gitee重新远程连接仓库(Linux)

Gitee重新远程连接仓库&#xff08;Linux&#xff09; 因为虚拟机重新安装了一回&#xff0c;所以需要重新和远程仓库连接&#xff0c;在网上找了很久没有找到相关操作&#xff0c;自己实操成功&#xff0c;记录下本博客&#xff0c;帮助有需要的人 确保新虚拟机安装Git 在新虚…
阅读更多...
【论文笔记】FFA-Net: Feature Fusion Attention Network for Single Image Dehazing

【论文笔记】FFA-Net: Feature Fusion Attention Network for Single Image Dehazing

文章目录 1. 研究背景2. FFA - Net网络结构3. 实验结果4. 研究贡献5. 重点详解1. 通道注意力&#xff08;Channel Attention, CA&#xff09;通道注意力的实现步骤&#xff1a; 2. 像素注意力&#xff08;Pixel Attention, PA&#xff09;像素注意力的实现步骤&#xff1a; 3. …
阅读更多...
计算机视觉cv2入门之图像的读取,显示,与保存

计算机视觉cv2入门之图像的读取,显示,与保存

在计算机视觉领域&#xff0c;Python的cv2库是一个不可或缺的工具&#xff0c;它提供了丰富的图像处理功能。作为OpenCV的Python接口&#xff0c;cv2使得图像处理的实现变得简单而高效。 示例图片 目录 opencv获取方式 图像基本知识 颜色空间 RGB HSV 图像格式 BMP格式 …
阅读更多...
深度学习中的向量的样子-DCN

深度学习中的向量的样子-DCN

深度学习中向量都是 竖着的&#xff0c;譬如 DCN中的计算逻辑
阅读更多...
OBS推WebRTC流,并添加毫秒级时间显示

OBS推WebRTC流,并添加毫秒级时间显示

作者在用OBS推WebRTC流&#xff0c;并用浏览器观看推送的实时流。另外就是想看一下延迟有多少。采用一台电脑&#xff0c;流媒体服务器为SRS&#xff0c;相关配置比较简单&#xff0c;可以自行搜索。 推送的流 http://localhost:1985/rtc/v1/whip/?applive&streamlivestr…
阅读更多...
【MySQL】多表操作 —— 外键约束

【MySQL】多表操作 —— 外键约束

目录 多表关系一对一关系一对多/多对一关系多对多关系 外键约束基本概念一对多/多对一创建外键约束外键约束下的数据操作数据插入数据删除 删除外键约束 多对多创建外键约束外键约束下的数据操作数据插入数据删除 删除外键约束 多表关系 MySQL 多表之间的关系可以概括为&#…
阅读更多...
82.HarmonyOS NEXT 性能优化指南:从理论到实践

82.HarmonyOS NEXT 性能优化指南:从理论到实践

温馨提示&#xff1a;本篇博客的详细代码已发布到 git : https://gitcode.com/nutpi/HarmonyosNext 可以下载运行哦&#xff01; HarmonyOS NEXT 性能优化指南&#xff1a;从理论到实践 文章目录 HarmonyOS NEXT 性能优化指南&#xff1a;从理论到实践1. 性能优化概述1.1 性能指…
阅读更多...
树莓派急速安装ubuntu;映射磁盘与储存磁盘文件;ubuntu映射整个工程;保存系统工作状态

树莓派急速安装ubuntu;映射磁盘与储存磁盘文件;ubuntu映射整个工程;保存系统工作状态

一、用途 在使用树莓派上下载ubuntu时&#xff0c;需要一张sd卡&#xff0c;当你需要给这张卡做备份的时候&#xff0c;可以是使用磁盘映射软件&#xff0c;从而达到备份的目的 同时有一些大佬发布了ubuntu的映射文件&#xff0c;可以直接使用该文件&#xff0c;然后还原他的整…
阅读更多...
Qt 控件概述 QPushButton 与 QRadioButton

Qt 控件概述 QPushButton 与 QRadioButton

目录 QPushButton setIcon 设置图标 setShortCut 设置快捷键 setAutoRepeat : 设置是否连发 ​编辑RadioButton 槽函数 单选按钮的分组排异 QPushButton QPushButtoon继承于QAbstractButton(抽象类)&#xff1b; QAbstract中与QPushButton关联性极大的属性 ​ setIcon…
阅读更多...
HR9110 玩具单通道直流电机驱动器

HR9110 玩具单通道直流电机驱动器

1、描述 HR9110是应用于直流电机方案的单通道H桥驱动器芯片。HR9110的H桥驱动部分采用低导通电阻的PMOS和NMOS功率管。低导通电阻保证芯片低的功率损耗&#xff0c;使得芯片安全工作更长时间。此 外HR9110拥有低待机电流、低静态工作电流。这些性能使能HR9110易用于玩具方案。…
阅读更多...
Mac 使用 Crossover 加载 Windows Steam 游戏库,实现 Windows/Mac 共享移动硬盘

Mac 使用 Crossover 加载 Windows Steam 游戏库,实现 Windows/Mac 共享移动硬盘

Mac 使用 Crossover 加载 Windows Steam 游戏库&#xff0c;实现 Windows/Mac 共享移动硬盘 1. 在Crossover上安装Steam2. Steam容器加载移动硬盘3. 配置Steam库 前言&#xff1a;本文介绍了如何在Crossover上安装Steam并加载外接移动硬盘&#xff0c;实现在Window上下载的游戏…
阅读更多...
ubuntu 24 安装 python3.x 教程

ubuntu 24 安装 python3.x 教程

目录 注意事项 一、安装不同 Python 版本 1. 安装依赖 2. 下载 Python 源码 3. 解压并编译安装 二、管理多个 Python 版本 1. 查看已安装的 Python 版本 2. 配置环境变量 3. 使用 update-alternatives​ 管理 Python 版本 三、使用虚拟环境为项目指定特定 Python 版本…
阅读更多...
沐数科技数据开发岗笔试题2025

沐数科技数据开发岗笔试题2025

描述性统计 标准差 答案: A 解析: 标准差 衡量数据集中数值变化或离散程度的一种度量。它反映了数据集中的各个数值与数据集的平均值&#xff08;均值&#xff09;之间的偏离程度。标准差越大&#xff0c;表明数据的分布越分散&#xff1b;标准差越小&#xff0c;表明数据…
阅读更多...
ChatGPT-4

ChatGPT-4

第一章&#xff1a;ChatGPT-4的技术背景与核心架构 1.1 生成式AI的发展脉络 生成式人工智能&#xff08;Generative AI&#xff09;的演进历程可追溯至20世纪50年代的早期自然语言处理研究。从基于规则的ELIZA系统到统计语言模型&#xff0c;再到深度学习的革命性突破&#x…
阅读更多...
vulkanscenegraph显示倾斜模型(5.3)-相机

vulkanscenegraph显示倾斜模型(5.3)-相机

前言 在Vulkan中&#xff0c;相机的概念并非由API直接提供&#xff0c;而是由应用程序实现。相机的核心功能包括视图变换和投影变换&#xff1a;视图变换将世界坐标系中的物体转换到相机坐标系&#xff0c;投影变换则将相机坐标系中的物体转换到投影空间。在VSG&#xff08;Vul…
阅读更多...
【Pycharm】Pycharm无法复制粘贴,提示系统剪贴板不可用

【Pycharm】Pycharm无法复制粘贴,提示系统剪贴板不可用

我也没有用vim的插件&#xff0c;检查了本地和ubutnu上都没有。区别是我是远程到ubutnu的pycharm&#xff0c;我本地直接控制windowes的pycharm是没问题的。现象是可以从外部复制到pycharm反之则不行。 ctl c ctlv 以及右键 都不行 参考&#xff1a;Pycharm无法复制粘贴&…
阅读更多...
MySQL 8 设置允许远程连接(Windows环境)

MySQL 8 设置允许远程连接(Windows环境)

&#x1f31f; MySQL 8 设置允许远程连接&#xff08;Windows环境&#xff09; 在开发和部署应用时&#xff0c;经常需要从远程主机连接到MySQL数据库。默认情况下&#xff0c;MySQL仅允许本地连接&#xff0c;因此需要进行一些配置才能允许远程访问。今天&#xff0c;我将详细…
阅读更多...
最新文章
推荐文章

Copyright @ 2022~2023