想直接调用https的，没有token就会

[root@k8s-master1 ~]#  curl https://10.1.234.100:6443/api/v1/namespaces/default/pods --insecure
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\"",
  "reason": "Forbidden",
  "details": {
    "kind": "pods"
  },
  "code": 403

 加token 访问401,被拒绝

curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJhbGciOiJSUzI1NiIsImtpZCI6IlZ1a3JfUFhsNm45UU94QXV5ZElQNXlmOXZaZ0s1N2wxZjZsa0RiQXhSTncifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1tbmg4NCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAyYWZmZmIyLTE0OWItNDQxNC05YmEwLWEzN2NlMWI4M2NhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.u9a5TZxUKmsGx2UYYiQjEE730Jga7XZJo0F3RV_l6GDDygUmwvDHxxKwEJTjMkbBIgWpNwNJARpILzCJXU9HzfXuM80ksdalzurP8GiE7ukZ1aazPxUvQB0qaBx3g0jKcIZo2qsNTXayyL_GeXP9XTS634o18ekARBA5mI1Z2LHlgmk8zeewGy5DNVvWogWVGPu8SRCeHDMZg9HeK6xHxUeeAUrTpg_2VbWApoaoh9CYlT7IairqHcKtC6SCcMx8DoNPPd9M7MWBFV60swQ9Wi5M1l1RaQXSOX13w_aOlPSBGG_HXRxPY9QQ9YmbHvlLC7bZhh_X8Za0JOPwVoEm6Q.aMzef7qssxhFCkKHYFX99XBCkA_lnpKQhBvWPJ_AEsg89HUJ9cgYs2M7VRQJ2KcsG1BndSW0Ne-yLdsXFGDMaIRF58Rz02V99ViqAH8W86UZqcgARlw6DbYtpyHx2LZp4_HbrOy0xHJXGOx0FzwbCNJR5TE5LAZWx2Q5WowuxzdIhpkr15tn9UTZB0i2VXyANG3D6xyf1M67ojav59eC04qWu3ZuFC2GgngHGbZ1qnP55UnFTHWdFtHAzU5qAX7jrWJAOBdSPXwoxC9XTIBoL2umQk2XQN-OsBnQ_saXXLPe2cdpKdoboJCZgcUfO-5D94KO-5P8wNVhGWubNutvug' https://10.1.234.100:6443/api
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401

 查看权限

[root@k8s-master1 ~]# kubectl get clusterrole cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2021-03-02T16:08:01Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "45"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-admin
  uid: f58d218f-447e-4e04-9161-89c094782480
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

可能这个用户的权限问题，创建admin 用户测试

#创建用户
kubectl create serviceaccount admin -n kube-system

#用户授权
kubectl create clusterrolebinding admin --clusterrole=cluster-admin --serviceaccount=kube-system:admin

#查看token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/admin/{print $1}')

[root@k8s-master1 ~]# curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IlZ1a3JfUFhsNm45UU94QXV5ZElQNXlmOXZaZ0s1N2wxZjZsa0RiQXhSTncifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1tbmg4NCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAyYWZmZmIyLTE0OWItNDQxNC05YmEwLWEzN2NlMWI4M2NhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.u9a5TZxUKmsGx2UYYiQjEE730Jga7XZJo0F3RV_l6GDDygUmwvDHxxKwEJTjMkbBIgWpNwNJARpILzCJXU9HzfXuM80ksdalzurP8GiE7ukZ1aazPxUvQB0qaBx3g0jKcIZo2qsNTXayyL_GeXP9XTS634o18ekARBA5mI1Z2LHlgmk8zeewGy5DNVvWogWVGPu8SRCeHDMZg9HeK6xHxUeeAUrTpg_2VbWApoaoh9CYlT7IairqHcKtC6SCcMx8DoNPPd9M7MWBFV60swQ9Wi5M1l1RaQXSOX13w_aOlPSBGG_HXRxPY9QQ9YmbHvlLC7bZhh_X8Za0JOPwVoEm6Q" -k https://10.1.234.100:6443/api/v1/namespaces/default/pods
{
  "kind": "PodList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/api/v1/namespaces/default/pods",
    "resourceVersion": "323430"
  },
  "items": []