我在 CentOS 7 上运行一个双节点集群,上面有最新版本的 Kubernetes。设置后似乎什么也做不了。.
每当我想从主节点创建部署时,我都会遇到此错误:
Error from server (Forbidden): error when retrieving current configuration of:
&{0xc4204bc6c0 0xc420098150 default nginx-deployment https://k8s.io/docs/tasks/run-application/deployment.yaml 0xc423138760 false}
from server for: "https://k8s.io/docs/tasks/run-application/deployment.yaml": deployments.apps "nginx-deployment" is forbidden: User "system:node:workhorse1" cannot get deployments.apps in the namespace "default"
还试图弄乱用户创建和角色绑定,并发生此错误:
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "system:node:workhorse1" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope
有什么想法吗?
检查 system:node:workhorse1 的角色,并了解它的详细信息,我认为它不允许节点访问 deploy.apps 资源。或者,也许您使用节点授权来授权节点,节点仅授权节点访问 pod,而不是部署。而且 node 不假定访问有关 rbac 的信息,因此您需要具有管理员角色的用户来处理 rbac 规则。