fix kube-apiserver 访问 kubelet的权限

2022-11-26 11:18:02 +08:00 · 2022-11-26 11:18:02 +08:00 · 64d177aaea
parent ebf4f1e507
commit 64d177aaea
1 changed files with 1 additions and 1 deletions
--- a/roles/kube-master/tasks/main.yml
+++ b/roles/kube-master/tasks/main.yml
@ -143,7 +143,7 @@
      run_once: true

    - name: 创建user:kubernetes角色绑定
-      command: "{{ base_dir }}/bin/kubectl create clusterrolebinding kubernetes-crb --clusterrole=cluster-admin --user=kubernetes"
+      command: "{{ base_dir }}/bin/kubectl create clusterrolebinding kubernetes-crb --clusterrole=system:kubelet-api-admin --user=kubernetes"
      run_once: true
      when: "'notfound' in crb_info.stdout"
  connection: local