我想创建一个允许在 OpenShift.com Online 上执行oc port-forward的服务帐户(在 Kubernetes 上也称为kubectl port-forward(,但终其一生都无法弄清楚我在oc get clusterrole中看到的众多角色中的哪一个允许这样做?(oc get role为空。
error: error upgrading connection: pods "minecraft-storeys-maker-40-ps85h" is forbidden: User "system:serviceaccount:learn-study:oc-port-forward-container" cannot create pods/portforward in the namespace "learn-study": User "system:serviceaccount:learn-study:oc-port-forward-container" cannot create pods/portforward in project "learn-study"
因此,根据此错误消息,我尝试了"pods/portforward",但没有好处:
oc policy add-role-to-user pods/portforward -z oc-port-forward-container
Error from server (BadRequest): Name parameter invalid: "pods/portforward": may not contain '/'
也只是"端口转发"是不好的:
oc policy add-role-to-user portforward -z oc-port-forward-container
Error from server (NotFound): rolebindings.authorization.openshift.io "portforward" not found
这是为了 https://github.com/OASIS-learn-study/oc-port-forward-container。
在 OpenShift 中,edit和admin群集角色应该对pods/portforward具有create权限。
因此,诸如oc policy add-role-to-user edit -z <your-sa-name>之类的命令应添加所需的权限。