我创建了一个 Kubernetes 清单文件来创建服务帐户和角色。这是它的外观:
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-service-account
namespace: test
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-only-api
rules:
- apiGroups:
- ""
resources: ["*"]
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: read-only-api
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: read-only-api
subjects:
- kind: ServiceAccount
name: test-service-account
namespace: test
但是,当我尝试执行和应用清单时,出现此错误。我不确定我是否遇到了缩进或其他问题。
解析服务帐户.yml 时出错:将 YAML 转换为 JSON 时出错:yaml:第 10 行:未找到预期的"-"指示符
非常感谢所有帮助。我尝试来回缩进它,将"-"指示器添加到它抱怨的特定行 - 但随后我收到一条新的错误消息:
验证"service-account.yml"时出错: 验证数据时出错: ValidationError(ClusterRole.metadata(: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta: 得到 "array",预期的 "map";如果选择忽略这些错误,请使用 --validate=false 关闭验证
谢谢!
服务帐户 yaml 很好
正确的群集角色和群集角色绑定 YAML,如下所示
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-service-account
namespace: test
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-only-api
rules:
- apiGroups:
- ""
resources:
- "*"
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: read-only-api
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: read-only-api
subjects:
- kind: ServiceAccount
name: test-service-account
namespace: test
master $ kubectl create ns test
namespace/test created
serviceaccount/test-service-account created
clusterrole.rbac.authorization.k8s.io/read-only-api created
clusterrolebinding.rbac.authorization.k8s.io/read-only-api created