当我应用我的 terraform 配置时出现此错误,我不确定为什么会发生这种情况。
│ Error: clusterroles.rbac.authorization.k8s.io "test-psp-clusterrole" is forbidden: user "<GKE-Service-Account-Email>" (groups=["system:authenticated"])
is attempting to grant RBAC permissions not currently held:
│ {APIGroups:["policy"], Resources:["podsecuritypolicies"], ResourceNames:["test-psp"], Verbs:["use" "get" "list" "create" "delete" "update" "patch" "deletecollection"]}
集群角色绑定
resource "kubernetes_cluster_role_binding" "psp-clusterrolebinding" {
metadata {
name = "test-psp-clusterrolebinding"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "test-psp-clusterrole"
}
subject {
kind = "Group"
name = "system:serviceaccounts"
api_group = "rbac.authorization.k8s.io"
}
subject {
kind = "Group"
name = "system:authenticated"
api_group = "rbac.authorization.k8s.io"
}
subject {
kind = "User"
name = "GKE-service-account-email@project-domain.com" #(the service account email)
api_group = ""
}
subject {
kind = "ServiceAccount"
name = "tf-test-sa" #(the service account name)
api_group = ""
}
}