0

我收到此错误 -

错误:呈现的清单包含已存在的资源。无法继续>安装:无法获取有关资源的信息:服务帐户“simpleapi”被禁止:>用户“系统:服务帐户:管理:gitlab-admin”无法在API>组“”中获取资源“服务帐户”在命名空间中“服务”

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab
    namespace: kube-system
  - kind: ServiceAccount
    name: gitlab
    namespace: services

我将它用于 RBAC 作为集群管理员。为什么我会得到这个。我也尝试了以下但仍然遇到同样的问题。有人可以解释我在这里做错了什么 -

apiVersion: rbac.authorization.k8s.io/v1
kind: "ClusterRole"
metadata:
  name: gitlab-admin
  labels:
    app: gitlab-admin
rules:
  - apiGroups: ["*"] # also tested with ""
    resources:
      [
        "replicasets",
        "pods",
        "pods/exec",
        "secrets",
        "configmaps",
        "services",
        "deployments",
        "ingresses",
        "horizontalpodautoscalers",
        "serviceaccounts",
      ]
    verbs: ["get", "list", "watch", "create", "patch", "delete", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: "ClusterRoleBinding"
metadata:
  name: gitlab-admin-global
  labels:
    app: gitlab-admin
roleRef:
  apiGroup: "rbac.authorization.k8s.io"
  kind: "ClusterRole"
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: gitlab-admin
    namespace: management
  - kind: ServiceAccount
    name: gitlab-admin
    namespace: services
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin
  namespace: management
  labels:
    app: gitlab-admin
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin
  namespace: services
  labels:
    app: gitlab-admin
4

1 回答 1

0

所以这就是发生的事情。我需要在命名空间内运行它,即我将配置更改为从命名空间管理本身运行。

kubectl config set-context --current --namespace=management

接着

kubectl apply -f gitlab-admin.yaml
于 2021-03-25T04:32:55.317 回答