群集管理的GKE clusterrolebinding失败,并显示权限错误 [英] GKE clusterrolebinding for cluster-admin fails with permission error
问题描述
我刚刚使用运行Kubernetes 1.7.5的Google Container Engine创建了一个新集群,并启用了新的RBAC权限。我遇到了一些问题,为我的一些服务分配权限,这些服务导致我进行以下操作: $ b
docs 使用RBAC状态的容器引擎,必须授予用户通过运行下列内容创建授权角色的能力命令:
kubectl create clusterrolebinding cluster-admin-binding --clusterrole = cluster-admin [--user =< user-名称>]
然而,由于缺乏权限(我认为这是相同的
服务器错误(Forbidden):
用户<使用者名> 中无法在集群范围内创建clusterrolebindings.rbac.authorization.k8s.io。:
必需的\container.clusterRoleBindings.create \权限。
(post clusterrolebindings.rbac.authorization.k8s.io)
任何帮助都会很多如果您的kubeconfig是由<$自动创建的c $ c> gcloud 那么你的用户并不是所有强大的管理员用户 - 你试图创建一个绑定。
使用< a href =https://cloud.google.com/sdk/gcloud/reference/container/clusters/describe =nofollow noreferrer> gcloud container clusters describe< clustername> - zone ,然后查找密码字段。
其后执行 kubectl --username = admin --password = FROMABOVE create clusterrolebinding ...
I've just created a new cluster using Google Container Engine running Kubernetes 1.7.5, with the new RBAC permissions enabled. I've run into a problem allocating permissions for some of my services which lead me to the following:
The docs for using container engine with RBAC state that the user must be granted the ability to create authorization roles by running the following command:
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>]
However, this fails due to lack of permissions (which I would assume are the very same permissions which we are attempting to grant by running the above command).
Error from server (Forbidden):
User "<user-name>" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope.:
"Required \"container.clusterRoleBindings.create\" permission."
(post clusterrolebindings.rbac.authorization.k8s.io)
Any help would be much appreciated as this is blocking me from creating the permissions needed by my cluster services.
If your kubeconfig was created automatically by gcloud then your user is not the all powerful admin user - which you are trying to create a binding for.
Use gcloud container clusters describe <clustername> --zone <zone> on the cluster and look for the password field.
Thereafter execute kubectl --username=admin --password=FROMABOVE create clusterrolebinding ...
这篇关于群集管理的GKE clusterrolebinding失败,并显示权限错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
