Roberto Sebastiano:
Hi, another problem with the Kubernetes the Hard Way. Following all exactly word-by-word, I arrive at 14-dns-addon.md, where I run busybox, for debug I have one busybox running on worker-1 and one on worker-2.
vagrant@master-1:~$ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox 1/1 Running 0 40m 10.32.0.3 worker-2 <none> <none>
busybox-w1 1/1 Running 0 11m 10.44.0.2 worker-1 <none> <none>
Then I do:
vagrant@master-1:~$ kubectl exec -ti busybox-w1 – nslookup kubernetes
error: unable to upgrade connection: Forbidden (user=kube-apiserver, verb=create, resource=nodes, subresource=proxy)
I solved this by running:
kubectl create clusterrolebinding apiserver-kubelet-admin --user=kube-apiserver --clusterrole=system:kubelet-api-admin
and now worker-1 works:
vagrant@master-1:~$ kubectl exec -ti busybox-w1 – nslookup kubernetes
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
(note that I applied the 13-kube-apiserver-to-kubelet.md commands before the fix above)
Now worker-2 instead has problems with TLS certificates, the same command gives this error:
vagrant@master-1:~$ kubectl exec -ti busybox – nslookup kubernetes
Error from server: error dialing backend: x509: certificate signed by unknown authority
How to fix this ? Anyone can help ? If you follow the github documentation you arrive at the same issue above
Thank you,
Roberto