禁止deployments.apps:用户" system:serviceaccount:default:default"无法在名称空间中创建Deployments.apps [英] deployments.apps is forbidden: User "system:serviceaccount:default:default" cannot create deployments.apps in the namespace
问题描述
URL:/apis/apps/v1/namespaces/diyclientapps/deployments
URL: /apis/apps/v1/namespaces/diyclientapps/deployments
) "{"种类:"状态," apiVersion:" v1,"元数据:{},"状态:"故障,"消息:" deployments.apps 禁止:用户\"system:serviceaccount:default:default \"不能 在名称空间中创建Deployments.apps \"diyclientapps \","原因:"禁止,"详细信息:{" group:" apps,"种类:"部署},"代码:403}
) "{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"deployments.apps is forbidden: User \"system:serviceaccount:default:default\" cannot create deployments.apps in the namespace \"diyclientapps\"","reason":"Forbidden","details":{"group":"apps","kind":"deployments"},"code":403}
尝试通过Kubernetes REST API创建部署时出现上述错误.
I'm getting the above error when trying to create a deployment via the Kubernetes REST API.
为什么?我不明白错误消息...
Why? I don't understand the error message...
这发生在自定义的Kubernetes集群上...以上内容在本地Minikube实例上正常工作.
This occurs on a custom Kubernetes cluster... The above worked correctly on a local Minikube instance.
我可以通过以下方式成功创建部署:kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.4 --port=8080
I can successfully create a deployment via: kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.4 --port=8080
推荐答案
警告:这将使任何具有机密访问权限的用户或能够创建pod来访问超级用户凭据的用户.
WARNING: This allows any user with read access to secrets or the ability to create a pod to access super-user credentials.
kubectl create clusterrolebinding serviceaccounts-cluster-admin \
--clusterrole=cluster-admin \
--group=system:serviceaccounts
https://kubernetes.io/docs/admin/authorization/rbac/
这篇关于禁止deployments.apps:用户" system:serviceaccount:default:default"无法在名称空间中创建Deployments.apps的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!