我Kubernetes在自定义构建的CoreOS集群上使用v1.8.14 :
$ kubectl version --short
Client Version: v1.10.5
Server Version: v1.8.14+coreos.0
尝试创建以下内容时ClusterRole:
$ cat ClusterRole.yml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:coredns
rules:
- apiGroups:
- ""
resources:
- endpoints
- services
- pods
- namespaces
verbs:
- list
- watch
我收到以下错误:
$ kubectl create -f ClusterRole.yml
Error from server (Forbidden): error when creating "ClusterRole.yml": clusterroles.rbac.authorization.k8s.io "system:coredns" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], …我正在尝试使用 kubespray 在一台机器上设置一个新的 kubernetes 集群(提交 7e84de2ae116f624b570eadc28022e924bd273bc)。
运行剧本后(在新的 ubuntu 16.04 上),我打开仪表板并看到那些警告弹出窗口:
- configmaps is forbidden: User "system:serviceaccount:default:default" cannot list configmaps in the namespace "default"
- persistentvolumeclaims is forbidden: User "system:serviceaccount:default:default" cannot list persistentvolumeclaims in the namespace "default"
- secrets is forbidden: User "system:serviceaccount:default:default" cannot list secrets in the namespace "default"
- services is forbidden: User "system:serviceaccount:default:default" cannot list services in the namespace "default"
- ingresses.extensions is forbidden: User "system:serviceaccount:default:default" cannot list ingresses.extensions in the namespace "default"
- daemonsets.apps is forbidden: User …