him*_*shu 1 containers kubernetes microservices kubernetes-statefulset kubernetes-apiserver
PUT /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale
甚至尝试使用获取指定有状态集的规模数据
“GET /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale”
请求:curl -s -k -H“授权:承载$TOKEN”-X GET https://kubernetes.default.svc:443/apis/apps/v1/namespaces/$Namespace/$Kind/$PodNamePrefix/scale
给出错误:
"message": "statefulsets.apps "app-4x" 被禁止:用户 "system:serviceaccount::default" 无法在命名空间 ""","reason" 的 API 组 "apps" 中获取资源 "statefulsets/scale": “禁止”,
参考:https://v1-14.docs.kubernetes.io/docs/reference/ generated/kubernetes-api/v1.14/
有人可以帮我解决这个问题吗?
您需要使用定义RBACRole并RoleBinding授权服务帐户执行所需的操作
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: ss-role
rules:
- apiGroups: ["apps"]
resources: ["statefulsets/scale" ]
verbs: ["get", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: default
name: ss-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ss-role
subjects:
- kind: ServiceAccount
name: default
namespace: default
以上Role基于RoleBinding您使用命名空间default的服务帐户default来扩展statefulsets命名空间的假设default。
| 归档时间: |
|
| 查看次数: |
3280 次 |
| 最近记录: |