您需要创建一个ClusterRoleBinding,其角色指向用户:kube-apiserver-kubelet-client
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubelet-api-admin subjects: - kind: User name: kube-apiserver-kubelet-client apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: system:kubelet-api-admin apiGroup: rbac.authorization.k8s.io
kubelet-api-admin通常是具有必要权限的角色,但您可以使用apt角色替换它。