无法创建集群角色。 已被分配为“容器引擎管理员”和“容器引擎集群管理员”的角色Error from server (Forbidden): error when creating "prometheus-operator/prometheus-operator-cluster-role.yaml":clusterroles.rbac.authorization.k8s.io "prometheus-operator"is forbidden: attempt to grant extra privileges: [{[create][extensions] [thirdpartyresources] [] []} {[*][monitoring.coreos.com] [alertmanagers] [] []} {[*][monitoring.coreos.com] [prometheuses] [] []} {[*][monitoring.coreos.com] [servicemonitors] [] []} {[*][apps] [statefulsets] [] []} {[*] [] [configmaps] [] []}{[*] [] [secrets] [] []} {[list] [] [pods] [] []} {[delete][] [pods] [] []} {[get] [] [services] [] []} {[create][] [services] [] []} {[update] [] [services] [] []} {[get][] [endpoints] [] []} {[create] [] [endpoints] [] []}{[update] [] [endpoints] [] []} {[list] [] [nodes][] []} {[watch] [] [nodes] [] []}]user=&{<<my_account>>@gmail.com[system:authenticated] map[]} ownerrules=[{[create][authorization.k8s.io] [selfsubjectaccessreviews][] []} {[get] [] [] [] [/api /api/* /apis /apis/*/healthz /swaggerapi /swaggerapi/* /version]}]ruleResolutionErrors=[] 最佳答案 基于https://cloud.google.com/container-engine/docs/role-based-access-control#setting_up_role-based_access_control Because of the way Container Engine checks permissions when you create a Role or ClusterRole, you must first create a RoleBinding that grants you all of the permissions included in the role you want to create. An example workaround is to create a RoleBinding that gives your Google identity a cluster-admin role before attempting to create additional Role or ClusterRolepermissions. This is a known issue in the Beta release of Role-Based Access Control in Kubernetes and Container Engine version 1.6.因此，您需要将您的帐户绑定(bind)到群集管理员角色。关于kubernetes - 来自服务器的错误(禁止):创建..时出错:clusterroles.rbac.authorization.k8s.io…:尝试授予额外的特权:，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/44349987/