kubernates 遇到到问题

kubectl 8080端口访问

kubectl -s http://localhost:8080

q: User "xx.xx.xx.xx" cannot list pods in the namespace "default". (get pods)

查看在default下或其他namespace下有没有对应到权限，也查看一下./kube/config 用户信息（token）是不是没有或不正确

q:Unable to connect to the server: x509: certificate signed by unknown authority

在kubectl 命令中加入 --insecure-skip-tls-verify=true  或在kubectl的config中加入配置

--kubelet-certificate-authority=/srv/kubernetes/ca.crt \
--kubelet-client-certificate=/var/run/kubernetes/kubelet.crt \
--kubelet-client-key=/var/run/kubernetes/kubelet.key 

q: Private registry:2 push fail: unable to ping registry endpoint...x509: cannot validate certificate for ... because it doesn't contain any IP SANs

查看是否在配置apiserver的证书的时候，没有加入ipsans，ipsans是 x509新加入的协议

查看证书是否有sans信息 使用命令  openssl x509 -noout -text -in ./server.crt   详细内容查看文档 http://www.01happy.com/https-principle-and-golang-practice/