0

当我应用我的 terraform 配置时出现此错误,我不确定为什么会发生这种情况。

│ Error: clusterroles.rbac.authorization.k8s.io "test-psp-clusterrole" is forbidden: user "<GKE-Service-Account-Email>" (groups=["system:authenticated"]) 
is attempting to grant RBAC permissions not currently held:
│ {APIGroups:["policy"], Resources:["podsecuritypolicies"], ResourceNames:["test-psp"], Verbs:["use" "get" "list" "create" "delete" "update" "patch" "deletecollection"]}

集群角色绑定

resource "kubernetes_cluster_role_binding" "psp-clusterrolebinding" {
  metadata {
    name = "test-psp-clusterrolebinding"
  }

  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "test-psp-clusterrole"
  }

  subject {
    kind      = "Group"
    name      = "system:serviceaccounts"
    api_group = "rbac.authorization.k8s.io"
  }

  subject {
    kind      = "Group"
    name      = "system:authenticated"
    api_group = "rbac.authorization.k8s.io"
  }

  subject {
    kind      = "User"
    name      = "GKE-service-account-email@project-domain.com" #(the service account email)
    api_group = ""
  }

  subject {
    kind      = "ServiceAccount"
    name      = "tf-test-sa" #(the service account name)
    api_group = ""
  }
}
4

0 回答 0