Roberto Sebastiano:
Hi, another problem with the Kubernetes the Hard Way. Following all exactly word-by-word, I arrive at 14-dns-addon.md, where I run busybox, for debug I have one busybox running on worker-1 and one on worker-2.
[email protected]:~ kubectl get pods -o wide*
*NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES*
*busybox 1/1 Running 0 40m 10.32.0.3 worker-2 <none> <none>*
*busybox-w1 1/1 Running 0 11m 10.44.0.2 worker-1 <none> <none>*
Then I do:
*[email protected]:~ kubectl exec -ti busybox-w1 – nslookup kubernetes
error: unable to upgrade connection: Forbidden (user=kube-apiserver, verb=create, resource=nodes, subresource=proxy)
I solved this by running:
kubectl create clusterrolebinding apiserver-kubelet-admin --user=kube-apiserver --clusterrole=system:kubelet-api-admin
and now worker-1 works:
[email protected]:~ kubectl exec -ti busybox-w1 -- nslookup kubernetes*
*Server: 10.96.0.10*
*Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local*
(note that I applied the 13-kube-apiserver-to-kubelet.md commands before the fix above)
Now worker-2 instead has problems with TLS certificates, the same command gives this error:
*[email protected]:~ kubectl exec -ti busybox – nslookup kubernetes
Error from server: error dialing backend: x509: certificate signed by unknown authority
How to fix this ? Anyone can help ? If you follow the github documentation you arrive at the same issue above
Thank you,
Roberto