无法在 K8S 集群中创建 Prometheus [英] Not able to create Prometheus in K8S cluster
问题描述
我正在尝试在我的 K8S 集群上安装 Prometheus
I'm trying to install Prometheus on my K8S cluster
当我运行命令时
kubectl get namespaces
我得到以下命名空间:
default Active 26h
kube-public Active 26h
kube-system Active 26h
monitoring Active 153m
prod Active 5h49m
现在我想通过
helm install stable/prometheus --name prom -f k8s-values.yml
我得到了错误:
错误:发布prom-demo 失败:命名空间默认"被禁止:用户system:serviceaccount:kube-system:default"无法获取资源命名空间default"中API组"中的命名空间"
Error: release prom-demo failed: namespaces "default" is forbidden: User "system:serviceaccount:kube-system:default" cannot get resource "namespaces" in API group "" in the namespace "default"
即使我切换到 monitoring
ns 我也遇到了同样的错误,
even if I switch to monitoring
ns I got the same error,
k8s-values.yml 如下所示
the k8s-values.yml look like following
rbac:
create: false
server:
name: server
service:
nodePort: 30002
type: NodePort
知道这里可能缺少什么吗?
Any idea what could be missing here ?
推荐答案
您收到此错误是因为您在使用 RBAC 时未授予正确权限.
You are getting this error because you are using RBAC without giving the right permissions.
授予分蘖权限:
取自 https://github.com/helm/helm/blob/master/docs/rbac.md
示例:具有集群管理员角色的服务帐户在 rbac-config.yaml 中:
Example: Service account with cluster-admin role In rbac-config.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
注意:cluster-admin 角色是在 Kubernetes 集群中默认创建的,因此您不必明确定义它.
$ kubectl create -f rbac-config.yaml
serviceaccount "tiller" created
clusterrolebinding "tiller" created
$ helm init --service-account tiller
为 prometheus 创建服务帐户:
将rbac.create
的值改为true
:
rbac:
create: true
server:
name: server
service:
nodePort: 30002
type: NodePort
这篇关于无法在 K8S 集群中创建 Prometheus的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!