问题描述:

k8s版本1.25.3,kube-controller-manager使用https监听端口10257。监控Target页面显示DOWN,错误提示server returned HTTP status 403 Forbidden,点击metrics url 提示:

{
"kind": "Status",
"apiVersion": "v1",

"metadata": {},
"status": "Failure",
"message": "forbidden: User "system:anonymous" cannot get path "/metrics"",
"reason": "Forbidden",

"details": {},
"code": 403
}

解决方法:

在 kube-controller-manager 的启动参数增加下面两个参数:

--authentication-kubeconfig=/etc/kubernetes/controller-manager.kubeconfig
--authorization-kubeconfig=/etc/kubernetes/controller-manager.kubeconfig

修改后执行systemctl daemon-reloadsystemctl restart kube-controller-manager.service重启服务即可。

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐