Helm的Tiller容器获得x509:由未知权限签署的证书

时间:2018-02-19 09:09:08

标签: docker kubernetes certificate kubernetes-helm

我在AWS上运行Kubernetes(版本1.5.2)。我已经使用

安装了helm

helm init --node-selectors="nodeType=master" 强制它在主人身上运行。

当我尝试运行helm list时,我收到以下错误Error: Get https://192.0.0.1:443/api/v1/namespaces/kube-system/configmaps?labelSelector=OWNER%3DTILLER: x509: certificate signed by unknown authority

来自分蘖容器的日志(似乎问题是从分蘖到kubernets-api):

E0219 08:15:12.546100       1 config.go:330] Expected to load root CA config from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, but got err: open /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: no such file or directory  
E0219 08:15:12.547957       1 config.go:330] Expected to load root CA config from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, but got err: open /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: no such file or directory
[main] 2018/02/19 08:15:12 Starting Tiller v2.7.0 (tls=false)  
[main] 2018/02/19 08:15:12 GRPC listening on :44134  
[main] 2018/02/19 08:15:12 Probes listening on :44135  
[main] 2018/02/19 08:15:12 Storage driver is ConfigMap  
[main] 2018/02/19 08:15:12 Max history per release is 0  
[storage] 2018/02/19 08:20:47 listing all releases with filter  
[storage/driver] 2018/02/19 08:20:47 list: failed to list: Get https://192.0.0.1:443/api/v1/namespaces/kube-system/configmaps?labelSelector=OWNER%3DTILLER: x509: certificate signed by unknown authority

有没有办法配置分蘖忽略不受信任的证书?

1 个答案:

答案 0 :(得分:0)

看起来你的Kubernetes集群没有正确配置。通常,/var/run/secrets/kubernetes.io/serviceaccount/ca.crt中的每个pod都有一个CA证书,允许pod与API服务器通信。

日志中的前两行显示没有找到此类文件: Expected to load root CA config from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, but got err: open /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: no such file or directory

相关问题
最新问题