0

我正在尝试从容器内部执行 K8S kubectl cmds(名称:autodeploy)。我已经配置了 ClusterRole、ServiceAccount 和 ClusterRoleBinding。但是在 K8S 部署上执行描述和缩放操作时出现 Forbidden 错误。

服务器错误(禁止): deployments.apps“test-deployment”被禁止:用户“system:node:ip-xx-xx-xx-xx.ec2.internal”无法在 API 组“apps”中获取资源“deployments”在命名空间“abc”中

自动部署容器也在同一个命名空间 abc 中

集群角色:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: autodeploy
rules:
  - apiGroups: ["*"]
    resources: ["deployments", "deployments/scale", "pods"]
    verbs: ["get", "list", "update"]

服务帐户:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: autodeploy
  namespace: abc

集群角色绑定:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: autodeploy
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: autodeploy
subjects:
  - kind: ServiceAccount
    name: autodeploy
    namespace: abc
4

0 回答 0