The required permissions for the various kubelet endpoints are referenced here:
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/#kubelet-authorization
https://github.com/kubernetes/kubernetes/blob/master/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.
I'm setting up a kubernetes clusters via "the hard way" but I"m stuck.
Right now I'm using flannel (tried canal too) and the apiserver runs with a
'kubernetes' cert.
I get this when I run kubectl:
root@host-9c16fd7a ~ # kubectl logs busybox-855686df5d-ln6ww
Error from server (Forbidden): Forbid