@cofyc Thanks to you reply!

I have tried it in default namespace according to readme and in rbac mode,but I have failed

[root@k8s-master01 examples]# kubectl create -f examples/class.yaml
error: the path "examples/class.yaml" does not exist
[root@k8s-master01 examples]# cd ..
[root@k8s-master01 rbd]# kubectl create -f examples/class.yaml
storageclass.storage.k8s.io/rbd created
[root@k8s-master01 rbd]# kubectl create -f examples/claim.yaml
persistentvolumeclaim/claim1 created
[root@k8s-master01 rbd]# kubectl get pvc
NAME     STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
claim1   Pending                                      rbd            5s
[root@k8s-master01 rbd]# kubectl describe pvc claim1 
Name:          claim1
Namespace:     default
StorageClass:  rbd
Status:        Pending
Volume:        
Labels:        <none>
Annotations:   volume.beta.kubernetes.io/storage-provisioner: ceph.com/rbd
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      
Access Modes:  
VolumeMode:    Filesystem
Mounted By:    <none>
Events:
  Type     Reason                Age                From                                                                               Message
  ----     ------                ----               ----                                                                               -------
  Normal   ExternalProvisioning  10s (x3 over 16s)  persistentvolume-controller                                                        waiting for a volume to be created, either by external provisioner "ceph.com/rbd" or manually created by system administrator
  Normal   Provisioning          0s (x2 over 15s)   ceph.com/rbd_rbd-provisioner-98b88f5d6-vh95q_4c8450aa-272e-11ea-a49d-cef16b3a1441  External provisioner is provisioning volume for claim "default/claim1"
  Warning  ProvisioningFailed    0s (x2 over 15s)   ceph.com/rbd_rbd-provisioner-98b88f5d6-vh95q_4c8450aa-272e-11ea-a49d-cef16b3a1441  failed to provision volume with StorageClass "rbd": failed to get admin secret from ["kube-system"/"ceph-admin-secret"]: secrets "ceph-admin-secret" is forbidden: User "system:serviceaccount:default:rbd-provisioner" cannot get resource "secrets" in API group "" in the namespace "kube-system"
[root@k8s-master01 rbd]# kubectl get pod
NAME                              READY   STATUS    RESTARTS   AGE
rbd-provisioner-98b88f5d6-vh95q   1/1     Running   0          2m18s
[root@k8s-master01 rbd]# kubectl get secrets --all
--all-namespaces               --allow-missing-template-keys  
[root@k8s-master01 rbd]# kubectl get secrets --all-namespaces |grep ceph
kube-system       ceph-admin-secret                                kubernetes.io/rbd                     1      6m28s
kube-system       ceph-secret                                      kubernetes.io/rbd                     1      5m35s

After I add the auth of get secrect