When I execute "systemctl start kubelet " the command, the result show "error: failed to run kubelet: cannot create certificate signing request: the server has asked for the client to provide credentials (post certificatesigningrequests.certificates.k8s.io)"
The configuration file is as follows:
--experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --require-kubeconfig --cert-dir=/etc/kubernetes/ssl --cluster-domain=cluster.local. --hairpin-mode promiscuous-bridge --serialize-image-pulls=false"
If I comment on the line above,then everything is OK,but I want to use the SSL authentication,so what should I do?
It could be that some extra parameters are missing. This is an example of a startup command using certificate sign requests (https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/06-kubernetes-worker.md):
ExecStart=/usr/bin/kubelet \\
--api-servers=${API_SERVERS} \\
--allow-privileged=true \\
--cluster-dns=10.32.0.10 \\
--cluster-domain=cluster.local \\
--container-runtime=docker \\
--experimental-bootstrap-kubeconfig=/var/lib/kubelet/bootstrap.kubeconfig \\
--network-plugin=kubenet \\
--kubeconfig=/var/lib/kubelet/kubeconfig \\
--serialize-image-pulls=false \\
--register-node=true \\
--tls-cert-file=/var/lib/kubelet/kubelet-client.crt \\
--tls-private-key-file=/var/lib/kubelet/kubelet-client.key \\
--cert-dir=/var/lib/kubelet \\
--v=2Could you try adding flags like register-node or the tls-cert-file and tls-cert-key-file (My take is that it would be generated)
However, when I tried to make the certificate sign request fully work, I saw that there were still some issue so I would advise you to create the certificates manually using the cluster CA.