带受限namspace访问权限的大三角帆 [英] Spinnaker with restricted namspace access
问题描述
我正在尝试使用kubernetes设置大三角帆并出现错误:用户无法列出名称空间.
I am trying to setup spinnaker with kubernetes and getting an error: user cannot list namespace.
我无权访问群集范围内的列表名称空间.是否可以在群集范围内设置和应用半配置而不访问列表名称空间?如果是,请让我知道步骤.
I don't have access to list namespace in cluster scope. Is it possible to set up and apply hal configuration without access to list namespaces at cluster scope? if yes, please let me know the steps.
下面我提到该命令以供参考:
Below I mention the command out for reference:
hal deploy apply
+ Get current deployment
Success
- Prep deployment
Failure
Problems in default.provider.kubernetes.my-k8s-account:
! ERROR Unable to communicate with your Kubernetes cluster: Failure
executing: GET at: https://<company>/api/v1/namespaces. Message:
Forbidden! User apc doesn't have permission. namespaces is forbidden: User
"system:anonymous" cannot list namespaces at the cluster scope..
? Unable to authenticate with your Kubernetes cluster. Try using
kubectl to verify your credentials.
- Failed to prep Spinnaker deployment
$ kubectl get ns
No resources found.
Error from server (Forbidden): namespaces is forbidden: User "ds:uid:2319639648" cannot list namespaces at the cluster scope
关于, 阿贾兹
Regards, Ajaz
推荐答案
您可以在没有ClusterRole的情况下进行操作. 经过测试,按预期工作.
You can do it without ClusterRole. Tested, works as expected.
请参见说明.
重要:默认情况下,这将限制您的Spinnaker部署到指定的名称空间.如果您希望能够部署到其他名称空间,请添加第二个云提供程序目标或删除--namespaces标志.
Important: This will by default limit your Spinnaker to deploying to the namespace specified. If you want to be able to deploy to other namespaces, either add a second cloud provider target or remove the --namespaces flag.
使用Halyard hal命令行工具将Halyard配置为在Kubernetes集群中安装Spinnaker
Use the Halyard hal command line tool to configure Halyard to install Spinnaker in your Kubernetes cluster
hal config deploy edit \
--type distributed \
--account-name ${ACCOUNT_NAME} \
--location ${NAMESPACE}
这篇关于带受限namspace访问权限的大三角帆的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
