kubernetes 1.21.10 apiserver报错 Error: [service-account-issuer is a required flag]
生成sa证书和pub。
·
报错日志
Error: [service-account-issuer is a required flag, --service-account-signing-key-file and --service-account-issuer are required flags]
解决办法
生成sa证书和pub
[root@k8s-master01 ssl]# cat<<EOF > /root/k8s/certs/sa-csr.json
{
"CN":"sa",
"key":{
"algo":"rsa",
"size":2048
},
"names":[
{
"C":"CN",
"L":"ShenZhen",
"ST":"ShenZhen",
"O":"k8s",
"OU":"System"
}
]
}
EOF
# 此处修改自己的路径
[root@k8s-master01 ssl]# cfssl gencert -initca sa-csr.json | cfssljson -bare sa -
[root@k8s-master01 ssl]# openssl x509 -in sa.pem -pubkey -noout > sa.pub
[root@k8s-master01 ssl]# ls sa*
sa.csr sa-csr.json sa-key.pem sa.pem sa.pub
cp sa.pub sa-key.pem /etc/kubernetes/ssl/
# 修改apiserver的参数
--service-account-key-file=/etc/kubernetes/ssl/sa.pub
--service-account-signing-key-file=/etc/kubernetes/ssl/sa-key.pem
--service-account-issuer=api
更多推荐
已为社区贡献10条内容
所有评论(0)