两个Kubernetes集群对RBAC的作用不同

我创建了一个应用程序，该应用程序需要有权列出、创建、更新和删除不同的Kubernetes资源，并为其创建了集群角色，如下所示。在Microk8s上运行的本地K8s集群上一切都很好，但当我将其部署在具有相同版本K8s的裸机集群上时，我会遇到无法正确访问的错误。

这是怎么可能的(两者的行为应该相同(，有没有办法提前发现这些错误？

我的集群角色：

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: {{ .Release.Namespace }}-cluster-manager-role
rules:
- apiGroups: ["","apps","core", "autoscaling"] # --> I was getting error that I cannot create HPA but after I added "autoscaling" to the apigroup now I can create HPA
resources: ["*", "namespaces"]
verbs: ["get", "watch", "list", "patch", "create", "delete", "update"]
# ================
# Current clusterrole on microk8s (which allows me to do all the things)
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: "2021-05-31T12:05:58Z"
name: default-cluster-manager-role
resourceVersion: "937643"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/default-cluster-manager-role
uid: 16fb63d6-1261-48a9-bc7f-5c8fffb72c9d
rules:
- apiGroups:
- ""
- apps
- core
resources:
- '*'
- namespaces
verbs:
- get
- watch
- list
- patch
- create
- delete
- update

Kubernetes版本：

# Microk8s
$ kubectl version 
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.15", GitCommit:"2adc8d7091e89b6e3ca8d048140618ec89b39369", GitTreeState:"clean", BuildDate:"2020-09-02T11:31:21Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
# Bare-metal
$ kubectl version 
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-13T11:23:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.15", GitCommit:"2adc8d7091e89b6e3ca8d048140618ec89b39369", GitTreeState:"clean", BuildDate:"2020-09-02T11:31:21Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}

我得到的一些错误：

time="2021-06-22T08:45:31Z" level=error msg="Getting list of PVCs for namespace wws-test failed." func=src/k8s.CreateClusterRole file="/src/k8s/k8s.go:1304"
time="2021-06-22T08:45:31Z" level=error msg="clusterroles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:wws:wws-cluster-manager-sa" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope" func=src/k8s.CreateClusterRole file="/src/k8s/k8s.go:1305"
time="2021-06-22T08:45:31Z" level=error msg="Getting list of PVCs for namespace wws-test failed." func=src/k8s.CreateClusterRoleBinding file="/src/k8s/k8s.go:1232"
time="2021-06-22T08:45:31Z" level=error msg="clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:wws:wws-cluster-manager-sa" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope" func=src/k8s.CreateClusterRoleBinding file="/src/k8s/k8s.go:1233"
time="2021-06-22T08:45:32Z" level=error msg="Getting list of PVCs for namespace wws-test failed." func=src/k8s.CreateRole file="/src/k8s/k8s.go:1448"
time="2021-06-22T08:45:32Z" level=error msg="roles.rbac.authorization.k8s.io is forbidden: User "system:serviceaccount:wws:wws-cluster-manager-sa" cannot create resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "wws-test"" func=src/k8s.CreateRole file="/src/k8s/k8s.go:1449"