kubelet: fix cert path

songhui1984 · Jul 10, 2018 · 9cac040 · 9cac040
1 parent 74d9059
commit 9cac040
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/07-2.kubelet.md b/07-2.kubelet.md
@@ -513,7 +513,7 @@ $ curl -s --cacert /etc/kubernetes/cert/ca.pem --cert /etc/kubernetes/cert/kube-
 Forbidden (user=system:kube-controller-manager, verb=get, resource=nodes, subresource=metrics)
 
 $ # 使用部署 kubectl 命令行工具时创建的、具有最高权限的 admin 证书；
-$ curl -s --cacert /etc/kubernetes/cert/ca.pem --cert admin.pem --key admin-key.pem https://172.27.129.111:10250/metrics|head
+$ curl -s --cacert /etc/kubernetes/cert/ca.pem --cert ./admin.pem --key ./admin-key.pem https://172.27.129.111:10250/metrics|head
 # HELP apiserver_client_certificate_expiration_seconds Distribution of the remaining lifetime on the certificate used to authenticate a request.
 # TYPE apiserver_client_certificate_expiration_seconds histogram
 apiserver_client_certificate_expiration_seconds_bucket{le="0"} 0
@@ -525,6 +525,7 @@ apiserver_client_certificate_expiration_seconds_bucket{le="345600"} 0
 apiserver_client_certificate_expiration_seconds_bucket{le="604800"} 0
 apiserver_client_certificate_expiration_seconds_bucket{le="2.592e+06"} 0
 ```
++ `--cacert`、`--cert`、`--key` 的参数值必须是文件路径，如上面的 `./admin.pem` 不能省略 `./`，否则返回 `401 Unauthorized`；
 
 bear token 认证和授权：