Kubernetes仪表板错误消息:configmap被禁止:用户"system:serviceaccount:kube-system:deployment-controller“不能列出资源
Kubernetes仪表板错误消息:configmap被禁止:用户"system:serviceaccount:kube-system:deployment-controller“不能列出资源
提问于 2020-10-08 12:17:36
Kubernetes仪表板输出大量错误消息。
你应该无视他们吗?如果没有,你如何解决这些问题?
warning
configmaps is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "configmaps" in API group "" in the namespace "default"
warning
persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "persistentvolumeclaims" in API group "" in the namespace "default"
warning
secrets is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "secrets" in API group "" in the namespace "default"
warning
services is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "services" in API group "" in the namespace "default"
warning
ingresses.extensions is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "ingresses" in API group "extensions" in the namespace "default"
warning
daemonsets.apps is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "daemonsets" in API group "apps" in the namespace "default"
warning
events is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "events" in API group "" in the namespace "default"
warning
jobs.batch is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "jobs" in API group "batch" in the namespace "default"
warning
cronjobs.batch is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "cronjobs" in API group "batch" in the namespace "default"
warning
replicationcontrollers is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"
warning
statefulsets.apps is forbidden: User "system:serviceaccount:kube-system:deployment-controller" cannot list resource "statefulsets" in API group "apps" in the namespace "default"回答 1
Stack Overflow用户
发布于 2020-10-09 10:08:06
看起来您的集群启用了RBAC,并且部署控制器缺少了部署控制器pod中定义的服务帐户。通过添加这个SA和它的角色/绑定,您应该能够轻松地缓解这个问题。
有两种方法。
您可以使用CLI或YAML方式使用简单的一个衬垫创建绑定:
$ kubectl create clusterrolebinding deployment-controller --clusterrole=cluster-admin --serviceaccount=kube-system:deployment-controller如果要在ClusterRoleBinding YAML文件中定义,请创建以下文件,并指定名称,比如dashboard-rb.yaml并执行特定的命令:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: deployment-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: deployment-controller
namespace: kube-system $ kubectl create -f dashboard-rb.yaml看看:kubernetes-仪表板-入口-警告,访问-启用rbac-kubernetes-仪表板,K8S-crb-警告,kubernetes-dashboard-is-forbidden-all-over-the-site。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/64262349
复制相关文章
相似问题
腾讯云开发者
