k8s serviceaccount在集群内指定apiserver时验证错误的问题

在主机上,找到TOKEN,可以直接指定apiserver使用 

root@ubuntu-server:/home# kubectl auth can-i --list --server https://192.168.85.198:6443 --token="eyJhbGciOiJSUzI1NiIsImtpZCI6IlFlMHQ3TzhpcGw1SnRqbkYtOC1NUWlWNUpWdGo5SGRXeTBvZU9ib25iZDQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzczNjIzNDc1LCJpYXQiOjE3NDIwODc0NzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJob25leXBvZC01ZDZiY2RiY2RiLXM3NjRoIiwidWlkIjoiOTY1ZjY2ZDEtNmNhNC00NjBiLTg0NDQtOTRmOTUwOTZkMDk4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzYwYTk4ODctMDlhMS00NWRlLTg2OWItNzhhNjdkMGRkNWZiIn0sIndhcm5hZnRlciI6MTc0MjA5MTA4Mn0sIm5iZiI6MTc0MjA4NzQ3NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.ct6yPMHVLnO3k51x7soOO2iV1dboXU2G2rTTAMuxboOMBkjruX_El7tXOuWEhuSGEECpSTxU9iXbPYV5KWCsUwCSrZd1yqlXle6u6h2KAlrZAqKHOe2PCGau6SUhnGwlGNz1z_98mV58cQbHCFzlHhN-2AkLbxYCgtFnD_ggIDQlNb_3uiTneFr7DBSDEp874vGdkh_E7fWSNPFKJQTxQuPZWuOIyz-LaHWGvCmLc5zJgxc_68Zluy-3jyvGIJdgcCXp9Wz51DQRp0NOeuqmZ0bhsNDwqBxZ6DM6dOtzGWaB8k8npd1QxxTmShYdwoOgube-x0-JnUiY5Z3Mf7Sd-A" -v=9
I0316 01:39:25.883868  907134 loader.go:372] Config loaded from file:  /root/.kube/config
I0316 01:39:25.884864  907134 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:39:25.885088  907134 round_trippers.go:466] curl -v -XPOST  -H "Accept: application/json, */*" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" -H "Authorization: Bearer <masked>" 'https://192.168.85.198:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:39:25.885791  907134 round_trippers.go:510] HTTP Trace: Dial to tcp:192.168.85.198:6443 succeed
I0316 01:39:25.890543  907134 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 3 ms ServerProcessing 0 ms Duration 5 ms
I0316 01:39:25.890575  907134 round_trippers.go:577] Response Headers:
I0316 01:39:25.890579  907134 round_trippers.go:580]     Content-Type: application/json
I0316 01:39:25.890590  907134 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: 30268247-c126-47b4-a157-a1758fc4219c
I0316 01:39:25.890595  907134 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: cfdb4739-b1dc-4192-9ab4-2ad063a0e27d
I0316 01:39:25.890600  907134 round_trippers.go:580]     Content-Length: 647
I0316 01:39:25.890604  907134 round_trippers.go:580]     Date: Sun, 16 Mar 2025 01:39:25 GMT
I0316 01:39:25.890609  907134 round_trippers.go:580]     Audit-Id: 396e9b4f-70c1-46b3-a6dd-9bceef4b6fd7
I0316 01:39:25.890613  907134 round_trippers.go:580]     Cache-Control: no-cache, private
I0316 01:39:25.890636  907134 request.go:1181] Response Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{},"status":{"resourceRules":[{"verbs":["*"],"apiGroups":["*"],"resources":["*"]},{"verbs":["create"],"apiGroups":["authorization.k8s.io"],"resources":["selfsubjectaccessreviews","selfsubjectrulesreviews"]}],"nonResourceRules":[{"verbs":["get"],"nonResourceURLs":["/api","/api/*","/apis","/apis/*","/healthz","/livez","/openapi","/openapi/*","/readyz","/version","/version/"]},{"verbs":["*"],"nonResourceURLs":["*"]},{"verbs":["get"],"nonResourceURLs":["/healthz","/livez","/readyz","/version","/version/"]}],"incomplete":false}}
Resources                                       Non-Resource URLs   Resource Names   Verbs
*.*                                             []                  []               [*][*]                 []               [*]
selfsubjectaccessreviews.authorization.k8s.io   []                  []               [create]
selfsubjectrulesreviews.authorization.k8s.io    []                  []               [create][/api/*]            []               [get][/api]              []               [get][/apis/*]           []               [get][/apis]             []               [get][/healthz]          []               [get][/healthz]          []               [get][/livez]            []               [get][/livez]            []               [get][/openapi/*]        []               [get][/openapi]          []               [get][/readyz]           []               [get][/readyz]           []               [get][/version/]         []               [get][/version/]         []               [get][/version]          []               [get][/version]          []               [get]

在容器内如果不跟server参数指定也可以使用

但是指定后就报错了

oot@honeypod-5d6bcdbcdb-s764h:/run/secrets/kubernetes.io/serviceaccount# /home/kubectl auth can-i --list --server https://10.96.0.1:443 --token="eyJhbGciOiJSUzI1NiIsImtpZCI6IlFlMHQ3TzhpcGw1SnRqbkYtOC1NUWlWNUpWdGo5SGRXeTBvZU9ib25iZDQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzczNjIzNDc1LCJpYXQiOjE3NDIwODc0NzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJob25leXBvZC01ZDZiY2RiY2RiLXM3NjRoIiwidWlkIjoiOTY1ZjY2ZDEtNmNhNC00NjBiLTg0NDQtOTRmOTUwOTZkMDk4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzYwYTk4ODctMDlhMS00NWRlLTg2OWItNzhhNjdkMGRkNWZiIn0sIndhcm5hZnRlciI6MTc0MjA5MTA4Mn0sIm5iZiI6MTc0MjA4NzQ3NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.ct6yPMHVLnO3k51x7soOO2iV1dboXU2G2rTTAMuxboOMBkjruX_El7tXOuWEhuSGEECpSTxU9iXbPYV5KWCsUwCSrZd1yqlXle6u6h2KAlrZAqKHOe2PCGau6SUhnGwlGNz1z_98mV58cQbHCFzlHhN-2AkLbxYCgtFnD_ggIDQlNb_3uiTneFr7DBSDEp874vGdkh_E7fWSNPFKJQTxQuPZWuOIyz-LaHWGvCmLc5zJgxc_68Zluy-3jyvGIJdgcCXp9Wz51DQRp0NOeuqmZ0bhsNDwqBxZ6DM6dOtzGWaB8k8npd1QxxTmShYdwoOgube-x0-JnUiY5Z3Mf7Sd-A" -v=9
I0316 01:38:45.999930     257 merged_client_builder.go:163] Using in-cluster namespace
I0316 01:38:46.000634     257 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:38:46.000985     257 round_trippers.go:466] curl -v -XPOST  -H "Authorization: Bearer <masked>" -H "Accept: application/json, */*" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" 'https://10.96.0.1:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:38:46.001798     257 round_trippers.go:510] HTTP Trace: Dial to tcp:10.96.0.1:443 succeed
I0316 01:38:46.004178     257 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 2 ms Duration 3 ms
I0316 01:38:46.004211     257 round_trippers.go:577] Response Headers:
I0316 01:38:46.004273     257 helpers.go:237] Connection error: Post https://10.96.0.1:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews: x509: certificate signed by unknown authority
F0316 01:38:46.004301     257 helpers.go:118] Unable to connect to the server: x509: certificate signed by unknown authority
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0x1)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1038 +0x8a
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x3080040, 0x3, 0x0, 0xc00013e070, 0x2, {0x25f2ec7, 0x10}, 0xc00005c800, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:987 +0x5fd
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0xc00051f400, 0x4e, 0x0, {0x0, 0x0}, 0x55, {0xc000049450, 0x1, 0x1})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:735 +0x1ae
k8s.io/kubernetes/vendor/k8s.io/klog/v2.FatalDepth(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1518
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.fatal({0xc00051f400, 0x4e}, 0xc0004f7ce0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:96 +0xc5
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.checkErr({0x1fed760, 0xc0004f7ce0}, 0x1e797d0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:191 +0x7d7
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.CheckErr(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:118
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth.NewCmdCanI.func1(0xc0003e8000, {0xc000104460, 0x0, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth/cani.go:133 +0xc5
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc0003e8000, {0xc000104410, 0x5, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc00057a000)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.run(0xc00057a000)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:146 +0x325
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.RunNoErrOutput(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:84
main.main()_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubectl/kubectl.go:30 +0x1egoroutine 6 [chan receive]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1181 +0x6a
created by k8s.io/kubernetes/vendor/k8s.io/klog/v2.init.0/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:420 +0xfbgoroutine 18 [select]:
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x1febb40, 0xc000204000}, 0x1, 0xc00007e360)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:167 +0x13b
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x0, 0x12a05f200, 0x0, 0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x89
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Until(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Forever(0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:81 +0x28
created by k8s.io/kubernetes/vendor/k8s.io/component-base/logs.InitLogs/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/logs/logs.go:179 +0x85
root@honeypod-5d6bcdbcdb-s764h:/run/secrets/kubernetes.io/serviceaccount# exit

指定TOKEN也报错

root@honeypod-5d6bcdbcdb-s764h:/# /home/kubectl auth can-i --list --server https://192.168.85.198:443 --token="eyJhbGciOiJSUzI1NiIsImtpZCI6IlFlMHQ3TzhpcGw1SnRqbkYtOC1NUWlWNUpWdGo5SGRXeTBvZU9ib25iZDQifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzczNjIzNDc1LCJpYXQiOjE3NDIwODc0NzUsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0IiwicG9kIjp7Im5hbWUiOiJob25leXBvZC01ZDZiY2RiY2RiLXM3NjRoIiwidWlkIjoiOTY1ZjY2ZDEtNmNhNC00NjBiLTg0NDQtOTRmOTUwOTZkMDk4In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkZWZhdWx0IiwidWlkIjoiYzYwYTk4ODctMDlhMS00NWRlLTg2OWItNzhhNjdkMGRkNWZiIn0sIndhcm5hZnRlciI6MTc0MjA5MTA4Mn0sIm5iZiI6MTc0MjA4NzQ3NSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6ZGVmYXVsdCJ9.ct6yPMHVLnO3k51x7soOO2iV1dboXU2G2rTTAMuxboOMBkjruX_El7tXOuWEhuSGEECpSTxU9iXbPYV5KWCsUwCSrZd1yqlXle6u6h2KAlrZAqKHOe2PCGau6SUhnGwlGNz1z_98mV58cQbHCFzlHhN-2AkLbxYCgtFnD_ggIDQlNb_3uiTneFr7DBSDEp874vGdkh_E7fWSNPFKJQTxQuPZWuOIyz-LaHWGvCmLc5zJgxc_68Zluy-3jyvGIJdgcCXp9Wz51DQRp0NOeuqmZ0bhsNDwqBxZ6DM6dOtzGWaB8k8npd1QxxTmShYdwoOgube-x0-JnUiY5Z3Mf7Sd-A" -v=9
I0316 01:44:43.689347     299 merged_client_builder.go:163] Using in-cluster namespace
I0316 01:44:43.689883     299 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:44:43.690104     299 round_trippers.go:466] curl -v -XPOST  -H "Accept: application/json, */*" -H "Authorization: Bearer <masked>" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" 'https://192.168.85.198:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:44:43.690883     299 round_trippers.go:510] HTTP Trace: Dial to tcp:192.168.85.198:443 succeed
I0316 01:44:43.693382     299 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 2 ms Duration 3 ms
I0316 01:44:43.693520     299 round_trippers.go:577] Response Headers:
I0316 01:44:43.693576     299 helpers.go:237] Connection error: Post https://192.168.85.198:443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews: x509: certificate signed by unknown authority
F0316 01:44:43.693620     299 helpers.go:118] Unable to connect to the server: x509: certificate signed by unknown authority
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0x1)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1038 +0x8a
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x3080040, 0x3, 0x0, 0xc0003e6000, 0x2, {0x25f2ec7, 0x10}, 0xc00005c800, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:987 +0x5fd
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0xc00039e0a0, 0x4e, 0x0, {0x0, 0x0}, 0x5a, {0xc0003efc10, 0x1, 0x1})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:735 +0x1ae
k8s.io/kubernetes/vendor/k8s.io/klog/v2.FatalDepth(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1518
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.fatal({0xc00039e0a0, 0x4e}, 0xc000543ce0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:96 +0xc5
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.checkErr({0x1fed760, 0xc000543ce0}, 0x1e797d0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:191 +0x7d7
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.CheckErr(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:118
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth.NewCmdCanI.func1(0xc00045b180, {0xc000492410, 0x0, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth/cani.go:133 +0xc5
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc00045b180, {0xc0004923c0, 0x5, 0x5})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc0000a6f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.run(0xc0000a6f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:146 +0x325
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.RunNoErrOutput(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:84
main.main()_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubectl/kubectl.go:30 +0x1egoroutine 6 [chan receive]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1181 +0x6a
created by k8s.io/kubernetes/vendor/k8s.io/klog/v2.init.0/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:420 +0xfbgoroutine 18 [select]:
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x1febb40, 0xc0005c0000}, 0x1, 0xc00007e360)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:167 +0x13b
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x0, 0x12a05f200, 0x0, 0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x89
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Until(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Forever(0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:81 +0x28
created by k8s.io/kubernetes/vendor/k8s.io/component-base/logs.InitLogs/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/logs/logs.go:179 +0x85

又或者不用TOKEN,直接打命令,也一样报错 

root@honeypod-5d6bcdbcdb-s764h:/# /home//kubectl auth can-i --list --server https://192.168.85.198:6443 -v=9
Please enter Username: a
Please enter Password: I0316 01:42:49.432361     282 merged_client_builder.go:163] Using in-cluster namespace
I0316 01:42:49.432601     282 request.go:1181] Request Body: {"kind":"SelfSubjectRulesReview","apiVersion":"authorization.k8s.io/v1","metadata":{"creationTimestamp":null},"spec":{"namespace":"default"},"status":{"resourceRules":null,"nonResourceRules":null,"incomplete":false}}
I0316 01:42:49.432653     282 round_trippers.go:466] curl -v -XPOST  -H "Accept: application/json, */*" -H "Authorization: Basic <masked>" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.23.6 (linux/amd64) kubernetes/ad33385" 'https://192.168.85.198:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews'
I0316 01:42:49.433134     282 round_trippers.go:510] HTTP Trace: Dial to tcp:192.168.85.198:6443 succeed
I0316 01:42:49.435363     282 round_trippers.go:570] HTTP Statistics: DNSLookup 0 ms Dial 0 ms TLSHandshake 2 ms Duration 2 ms
I0316 01:42:49.435372     282 round_trippers.go:577] Response Headers:
I0316 01:42:49.435400     282 helpers.go:237] Connection error: Post https://192.168.85.198:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews: x509: certificate signed by unknown authority
F0316 01:42:49.435413     282 helpers.go:118] Unable to connect to the server: x509: certificate signed by unknown authority
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0x1)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1038 +0x8a
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).output(0x3080040, 0x3, 0x0, 0xc0005d4000, 0x2, {0x25f2ec7, 0x10}, 0xc00005cc00, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:987 +0x5fd
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).printDepth(0xc000047630, 0x4e, 0x0, {0x0, 0x0}, 0x5b, {0xc000048e50, 0x1, 0x1})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:735 +0x1ae
k8s.io/kubernetes/vendor/k8s.io/klog/v2.FatalDepth(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1518
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.fatal({0xc000047630, 0x4e}, 0xc0005383f0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:96 +0xc5
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.checkErr({0x1fed760, 0xc0005383f0}, 0x1e797d0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:191 +0x7d7
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util.CheckErr(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/util/helpers.go:118
k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth.NewCmdCanI.func1(0xc000672f00, {0xc000491140, 0x0, 0x4})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/cmd/auth/cani.go:133 +0xc5
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute(0xc000672f00, {0xc000491100, 0x4, 0x4})/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc0005d2f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Execute(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/github.com/spf13/cobra/command.go:902
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.run(0xc0005d2f00)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:146 +0x325
k8s.io/kubernetes/vendor/k8s.io/component-base/cli.RunNoErrOutput(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/cli/run.go:84
main.main()_output/dockerized/go/src/k8s.io/kubernetes/cmd/kubectl/kubectl.go:30 +0x1egoroutine 18 [chan receive]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.(*loggingT).flushDaemon(0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:1181 +0x6a
created by k8s.io/kubernetes/vendor/k8s.io/klog/v2.init.0/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/klog/v2/klog.go:420 +0xfbgoroutine 5 [select]:
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0x0, {0x1febb40, 0xc000386a50}, 0x1, 0xc000090360)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:167 +0x13b
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0x0, 0x12a05f200, 0x0, 0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x89
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Until(...)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90
k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait.Forever(0x0, 0x0)/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:81 +0x28
created by k8s.io/kubernetes/vendor/k8s.io/component-base/logs.InitLogs/workspace/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/component-base/logs/logs.go:179 +0x85

解决方法

kubectl增加--insecure-skip-tls-verify参数即可

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/34947.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

电子电气架构 --- 智能座舱和车载基础软件简介

我是穿拖鞋的汉子,魔都中坚持长期主义的汽车电子工程师。 老规矩,分享一段喜欢的文字,避免自己成为高知识低文化的工程师: 人生是一场骗局,最大的任务根本不是什么买车买房,也不是及时行乐,这就是欲望,不是理想,是把自己对生命的希望寄托在外物上,正确的做法应该是内…

Qt 通过MSVC编译运行项目

第一步下载Qt 把Qt能选的插件都选上&#xff0c;有的是连接数据库必须得插件&#xff0c;有的是做图表必须得插件&#xff0c;有的是运行MSVC必须得插件&#xff0c;能选尽量都选上。 第二步安装VS2017&#xff0c;当然我们安装2017的目的主要是用C的编译器&#xff0c;这里提…

高效手机检测:视觉分析技术的优势

在当今社会&#xff0c;手机已成为人们日常生活和工作中不可或缺的工具。然而&#xff0c;在某些特定场合&#xff0c;如考场、工作场所等&#xff0c;手机的使用却可能带来负面影响。因此&#xff0c;如何有效监测和防止在这些场合偷用手机的行为&#xff0c;成为了一个亟待解…

Gitee重新远程连接仓库(Linux)

Gitee重新远程连接仓库&#xff08;Linux&#xff09; 因为虚拟机重新安装了一回&#xff0c;所以需要重新和远程仓库连接&#xff0c;在网上找了很久没有找到相关操作&#xff0c;自己实操成功&#xff0c;记录下本博客&#xff0c;帮助有需要的人 确保新虚拟机安装Git 在新虚…

【论文笔记】FFA-Net: Feature Fusion Attention Network for Single Image Dehazing

文章目录 1. 研究背景2. FFA - Net网络结构3. 实验结果4. 研究贡献5. 重点详解1. 通道注意力&#xff08;Channel Attention, CA&#xff09;通道注意力的实现步骤&#xff1a; 2. 像素注意力&#xff08;Pixel Attention, PA&#xff09;像素注意力的实现步骤&#xff1a; 3. …

计算机视觉cv2入门之图像的读取,显示,与保存

在计算机视觉领域&#xff0c;Python的cv2库是一个不可或缺的工具&#xff0c;它提供了丰富的图像处理功能。作为OpenCV的Python接口&#xff0c;cv2使得图像处理的实现变得简单而高效。 示例图片 目录 opencv获取方式 图像基本知识 颜色空间 RGB HSV 图像格式 BMP格式 …

深度学习中的向量的样子-DCN

深度学习中向量都是 竖着的&#xff0c;譬如 DCN中的计算逻辑

OBS推WebRTC流,并添加毫秒级时间显示

作者在用OBS推WebRTC流&#xff0c;并用浏览器观看推送的实时流。另外就是想看一下延迟有多少。采用一台电脑&#xff0c;流媒体服务器为SRS&#xff0c;相关配置比较简单&#xff0c;可以自行搜索。 推送的流 http://localhost:1985/rtc/v1/whip/?applive&streamlivestr…

【MySQL】多表操作 —— 外键约束

目录 多表关系一对一关系一对多/多对一关系多对多关系 外键约束基本概念一对多/多对一创建外键约束外键约束下的数据操作数据插入数据删除 删除外键约束 多对多创建外键约束外键约束下的数据操作数据插入数据删除 删除外键约束 多表关系 MySQL 多表之间的关系可以概括为&#…

82.HarmonyOS NEXT 性能优化指南:从理论到实践

温馨提示&#xff1a;本篇博客的详细代码已发布到 git : https://gitcode.com/nutpi/HarmonyosNext 可以下载运行哦&#xff01; HarmonyOS NEXT 性能优化指南&#xff1a;从理论到实践 文章目录 HarmonyOS NEXT 性能优化指南&#xff1a;从理论到实践1. 性能优化概述1.1 性能指…

树莓派急速安装ubuntu;映射磁盘与储存磁盘文件;ubuntu映射整个工程;保存系统工作状态

一、用途 在使用树莓派上下载ubuntu时&#xff0c;需要一张sd卡&#xff0c;当你需要给这张卡做备份的时候&#xff0c;可以是使用磁盘映射软件&#xff0c;从而达到备份的目的 同时有一些大佬发布了ubuntu的映射文件&#xff0c;可以直接使用该文件&#xff0c;然后还原他的整…

Qt 控件概述 QPushButton 与 QRadioButton

目录 QPushButton setIcon 设置图标 setShortCut 设置快捷键 setAutoRepeat : 设置是否连发 ​编辑RadioButton 槽函数 单选按钮的分组排异 QPushButton QPushButtoon继承于QAbstractButton(抽象类)&#xff1b; QAbstract中与QPushButton关联性极大的属性 ​ setIcon…

HR9110 玩具单通道直流电机驱动器

1、描述 HR9110是应用于直流电机方案的单通道H桥驱动器芯片。HR9110的H桥驱动部分采用低导通电阻的PMOS和NMOS功率管。低导通电阻保证芯片低的功率损耗&#xff0c;使得芯片安全工作更长时间。此 外HR9110拥有低待机电流、低静态工作电流。这些性能使能HR9110易用于玩具方案。…

Mac 使用 Crossover 加载 Windows Steam 游戏库,实现 Windows/Mac 共享移动硬盘

Mac 使用 Crossover 加载 Windows Steam 游戏库&#xff0c;实现 Windows/Mac 共享移动硬盘 1. 在Crossover上安装Steam2. Steam容器加载移动硬盘3. 配置Steam库 前言&#xff1a;本文介绍了如何在Crossover上安装Steam并加载外接移动硬盘&#xff0c;实现在Window上下载的游戏…

ubuntu 24 安装 python3.x 教程

目录 注意事项 一、安装不同 Python 版本 1. 安装依赖 2. 下载 Python 源码 3. 解压并编译安装 二、管理多个 Python 版本 1. 查看已安装的 Python 版本 2. 配置环境变量 3. 使用 update-alternatives​ 管理 Python 版本 三、使用虚拟环境为项目指定特定 Python 版本…

沐数科技数据开发岗笔试题2025

描述性统计 标准差 答案: A 解析: 标准差 衡量数据集中数值变化或离散程度的一种度量。它反映了数据集中的各个数值与数据集的平均值&#xff08;均值&#xff09;之间的偏离程度。标准差越大&#xff0c;表明数据的分布越分散&#xff1b;标准差越小&#xff0c;表明数据…

ChatGPT-4

第一章&#xff1a;ChatGPT-4的技术背景与核心架构 1.1 生成式AI的发展脉络 生成式人工智能&#xff08;Generative AI&#xff09;的演进历程可追溯至20世纪50年代的早期自然语言处理研究。从基于规则的ELIZA系统到统计语言模型&#xff0c;再到深度学习的革命性突破&#x…

vulkanscenegraph显示倾斜模型(5.3)-相机

前言 在Vulkan中&#xff0c;相机的概念并非由API直接提供&#xff0c;而是由应用程序实现。相机的核心功能包括视图变换和投影变换&#xff1a;视图变换将世界坐标系中的物体转换到相机坐标系&#xff0c;投影变换则将相机坐标系中的物体转换到投影空间。在VSG&#xff08;Vul…

【Pycharm】Pycharm无法复制粘贴,提示系统剪贴板不可用

我也没有用vim的插件&#xff0c;检查了本地和ubutnu上都没有。区别是我是远程到ubutnu的pycharm&#xff0c;我本地直接控制windowes的pycharm是没问题的。现象是可以从外部复制到pycharm反之则不行。 ctl c ctlv 以及右键 都不行 参考&#xff1a;Pycharm无法复制粘贴&…

MySQL 8 设置允许远程连接(Windows环境)

&#x1f31f; MySQL 8 设置允许远程连接&#xff08;Windows环境&#xff09; 在开发和部署应用时&#xff0c;经常需要从远程主机连接到MySQL数据库。默认情况下&#xff0c;MySQL仅允许本地连接&#xff0c;因此需要进行一些配置才能允许远程访问。今天&#xff0c;我将详细…