Izo*_*i4a 3 google-cloud-platform kubernetes google-kubernetes-engine traefik
我尝试traefik在GKE(google cloud kubernetes引擎)上安装为入口控制器,并且在尝试时:
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
我有这个错误:
来自服务器的错误(禁止):创建“ https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml时出错“ :: clusterroles.rbac.authorization.k8s.io“ traefik-ingress-controller”被禁止:尝试授予额外的特权:[PolicyRule {APIGroups:[“”],资源:[“服务”],动词:[“ get “]} PolicyRule {APIGroups:[”“],资源:[” services“],动词:[” list“]} PolicyRule {APIGroups:[”“],资源:[” services“],动词:[”监视“]} PolicyRule {APIGroups:[”“],资源:[” endpoints]],动词:[“ get”]} PolicyRule {APIGroups:[“”],资源:[“ endpoints”],动词:[“列表“]} PolicyRule {APIGroups:[”“],资源:[”端点“],动词:[” watch“]} PolicyRule {APIGroups:[”“],资源:[” secrets“],动词:[” get “]} PolicyRule {APIGroups:[“”],资源:[“ secrets”],动词:[“ list”]} PolicyRule {APIGroups:[“”],资源:[“ secrets”],动词:[“ watch”]} PolicyRule {APIGroups: [“扩展名”],资源:[“入口”],动词:[“ get”]} PolicyRule {APIGroups:[“扩展名”],资源:[“入口”],动词:[“列表”]} PolicyRule { APIGroups:[“扩展名”],资源:[“ ingresses”],动词:[“ watch”]}] user=&{IzoPi4a@gmail.com [system:authenticated] map [user-assertion.cloud.google.com :[ADKE0IBz9kwSuZRZkfbLil8iC / ijcmJJmuys2DvDGxoxQ5yP6Pdq1IQs3JRwDmd / lWm2vGdMXGB4h1QKiwx + 3uV2ciTb / oQNtkthBvONnVp4fJGOSW1S + 8O8dqvoUNRLNeB5gADNn1TKEYoB + JvRkjrkTOxtIh7rPugLaP5Hp7thWft9xwZqF9U4fgYHnPjCdRgvMrDvGIK8z7ONljYuStpWdJDu7LrPpT0L]]} ownerrules = [{PolicyRule APIGroups:[ “authorization.k8s.io”],资源:[ “selfsubjectaccessreviews” “selfsubjectrulesreviews”],动词:[“创建“]} PolicyRule {NonResourceURLs:[” / api“” / api /“” / apis“” / apis / “” / healthz“” / openapi“” / openapi / “” /swagger-2.0.0.pb-v1“” /swagger.json“” / swaggerapi“” / swaggerapi / “ “ / version”“ / version /”],动词:[“ get”]}] ruleResolutionErrors = []
问题仅在于此部分,另一个已成功创建:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
基于文档(https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control),我尝试执行此命令,但仍然遇到相同的错误
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=MY_EMAIL_THAT_I_LOGIN_INTO_GCP
有没有人设法解决这个问题?还是只是行不通?
我试图建立一个没有loadBalancer的kubernetes集群,以便在我的本地机器(minikube)上便宜,但我没有这样的问题。
因此,对于试图在GKE上安装traefik的每个人,您都会陷入该错误消息,只需先执行以下操作/sf/answers/3242167071/
# Get password value
$ gcloud container clusters describe CUSTER_NAME --zone ZONE_NAME | grep password
# Pass username and password parameters
$ kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml --username=admin --password=PASSWORD
感谢Nicola Ben帮助我弄清楚了
| 归档时间: |
|
| 查看次数: |
688 次 |
| 最近记录: |