K8s (非舵手)权限问题上的牧场主
K8s (非舵手)权限问题上的牧场主
提问于 2020-11-19 16:30:45
我试图教自己K8s,并遇到一些问题,我一直在谷歌/堆栈搜索失败。我在尝试在不使用舵机的情况下安装Rancher。这是我的部署清单:
apiVersion: apps/v1
kind: Deployment
metadata:
name: rancher
labels:
app: rancher
namespace: cattle-system
spec:
replicas: 1
selector:
matchLabels:
app: rancher
template:
metadata:
labels:
app: rancher
spec:
containers:
- name: rancher
image: rancher/rancher
ports:
- containerPort: 80然而,吊舱进入了一个崩溃循环。日志显示什么样的权限问题。
2020/11/19 15:21:34 [INFO] No access to list CRDs, assuming CRDs are pre-created.
2020/11/19 15:21:34 [ERROR] unable to retrieve feature unsupported-storage-drivers in initialize features: features.management.cattle.io "unsupported-storage-drivers" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to create feature unsupported-storage-drivers in initialize features: features.management.cattle.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot create resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature istio-virtual-service-ui in initialize features: features.management.cattle.io "istio-virtual-service-ui" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to create feature istio-virtual-service-ui in initialize features: features.management.cattle.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot create resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature proxy in initialize features: features.management.cattle.io "proxy" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature multi-cluster-management in initialize features: features.management.cattle.io "multi-cluster-management" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature fleet in initialize features: features.management.cattle.io "fleet" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to create feature fleet in initialize features: features.management.cattle.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot create resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [FATAL] creating CRD store customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope有人知道怎么克服这件事吗?
回答 1
Server Fault用户
发布于 2020-11-19 18:06:28
我错过了一个服务帐户和ClusterRole。增加了以下内容:
kind: ServiceAccount
apiVersion: v1
metadata:
name: rancher
labels:
app: rancher
namespace: cattle-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rancher
labels:
app: rancher
subjects:
- kind: ServiceAccount
name: rancher
namespace: cattle-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io现在它运行时没有错误。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1043233
复制相关文章
相似问题
腾讯云开发者
