我有一个包含以下模板的舵图:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: myrole
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
我无法在 minikube 上安装它,但我可以手动创建这样的角色:
$ helm install thing/
Error: release foiled-kitten failed: roles.rbac.authorization.k8s.io "myrole" is forbidden: attempt to grant extra privileges: [{[create] [] [pods] [] []}] user=&{system:serviceaccount:kube-system:default ecaca6c3-29ed-11e7-86ad-08002703b442 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /swaggerapi /swaggerapi/* /version]}] ruleResolutionErrors=[]
$ kubectl create role myrole --verb=create --resource=pods
role "myrole" created
为什么我不能使用 helm 创建这个角色?
其他信息:
minikube version: v0.18.0
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.4", GitCommit:"d6f433224538d4f9ca2f7ae19b252e6fcb66a3ae", GitTreeState:"clean", BuildDate:"2017-05-19T18:44:27Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"dirty", BuildDate:"2017-04-07T20:43:50Z", GoVersion:"go1.7.1", Compiler:"gc", Platform:"linux/amd64"}