我有全新安装的 Ubuntu、全新安装的 k3s 和全新下载的 calicoctl。我已经按照以下方式安装了它。
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644"\
INSTALL_K3S_EXEC="--flannel-backend=none --cluster-cidr=192.168.0.0/16\
--disable-network-policy --disable=traefik" sh -
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml
curl -o calicoctl -O -L "https://github.com/projectcalico/calicoctl/releases/download/v3.20.2/calicoctl"
当我运行 kubectl 时,一切正常。当我运行 calicoctl 时,出现证书错误。
# calicoctl apply -f V000_000-host-policy.yaml
Unable to get Cluster Information to verify version mismatch: Get "https://127.0.0.1:6443/apis/crd.projectcalico.org/v1/clusterinformations/default": x509: certificate signed by unknown authority
Use --allow-version-mismatch to override.
我已经从to复制request-header-ca.crt和证书client-ca.crt并将它们应用于。我可以确认证书列在.server-ca.crt/var/lib/rancher/k3s/server/tls/usr/local/share/ca-certificatesupdate-ca-certificates/etc/ssl/certs/ca-certificates.crt
此外,我的~/.kube/config文件具有以下内容(我会定期重新安装,我希望这些都不是机密的 - 如果我错了,请纠正我)
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...LS0K
server: https://127.0.0.1:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
user:
client-certificate-data: LS0t...LS0K
client-key-data: LS0t...LQo=
我有以下配置/etc/cni/net.d/calico-kubeconfig
# Kubeconfig file for Calico CNI plugin. Installed by calico/node.
apiVersion: v1
kind: Config
clusters:
- name: local
cluster:
server: https://10.43.0.1:443
certificate-authority-data: "LS0t...tLS0K"
users:
- name: calico
user:
token: eyJhb...tk4Q
contexts:
- name: calico-context
context:
cluster: local
user: calico
current-context: calico-context
我已将 calico-kubeconfig 中的地址从 更改为10.43.0.1:443,127.0.0.1:6443但这没有任何区别。
有谁知道如何解决这个问题?我看到的证书错误是 CA 或令牌的结果吗?卷曲到同一个地址也抱怨 CA,所以这让我认为这与令牌无关。