我的目标是运行以下命令:
sudo pachctl deploy google ${BUCKET_NAME} ${STORAGE_SIZE} --dynamic-etcd-nodes=1
我遇到有关我拥有的权限的错误(最后发布)。因此,我想通过以下命令创建角色:
sudo kubectl create clusterrolebinding aviralsrivastava-cluster-admin-binding --clusterrole=cluster-admin [email protected]
但是,以上命令给我一个错误:
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "[email protected]" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission.
最佳答案
您需要将以下RBAC权限作为cluster-admin应用,以向用户[email protected]提供权限以创建clusterRole和clusterRoleBinding:
ClusterRole.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: prom-admin
rules:
# Just an example, feel free to change it
- apiGroups: [""]
resources: ["clusterRole", "clusterRoleBinding"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: prom-rbac
subjects:
- kind: User
name: [email protected]
roleRef:
kind: ClusterRole
name: prom-admin
apiGroup: rbac.authorization.k8s.io
关于kubernetes - 由于RBAC而无法在Kubernetes集群上部署厚皮动物,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/53956530/