deployments.apps 被禁止:用户“system:serviceaccount:default:default";无法在命名空间中创建 deployments.apps [英] deployments.apps is forbidden: User "system:serviceaccount:default:default" cannot create deployments.apps in the namespace
问题描述
网址:/apis/apps/v1/namespaces/diyclientapps/deployments
URL: /apis/apps/v1/namespaces/diyclientapps/deployments
)"{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"deployments.apps被禁止:用户 "system:serviceaccount:default:default" 不能在命名空间中创建 deployments.apps"diyclientapps"","reason":"Forbidden","details":{"group":"apps","kind":"deployments"},"code":403}
) "{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"deployments.apps is forbidden: User "system:serviceaccount:default:default" cannot create deployments.apps in the namespace "diyclientapps"","reason":"Forbidden","details":{"group":"apps","kind":"deployments"},"code":403}
我在尝试通过 Kubernetes REST API 创建部署时遇到上述错误.
I'm getting the above error when trying to create a deployment via the Kubernetes REST API.
为什么?我不明白错误信息...
Why? I don't understand the error message...
这发生在自定义 Kubernetes 集群上...以上在本地 Minikube 实例上正常工作.
This occurs on a custom Kubernetes cluster... The above worked correctly on a local Minikube instance.
我可以通过以下方式成功创建部署:kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.4 --port=8080
I can successfully create a deployment via: kubectl run hello-minikube --image=k8s.gcr.io/echoserver:1.4 --port=8080
推荐答案
警告:这允许任何对机密具有读取权限或能够创建 pod 以访问超级用户凭据的用户.
WARNING: This allows any user with read access to secrets or the ability to create a pod to access super-user credentials.
kubectl create clusterrolebinding serviceaccounts-cluster-admin
--clusterrole=cluster-admin
--group=system:serviceaccounts
https://kubernetes.io/docs/admin/authorization/rbac/
这篇关于deployments.apps 被禁止:用户“system:serviceaccount:default:default";无法在命名空间中创建 deployments.apps的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
