0

我正在尝试按照此处的说明使用 mpdev 将 k8s 应用程序部署到市场。

https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/building-deployer-helm.md

我添加了 schema.yaml 和应用程序 yaml 文件。我创建了一个 helm deploy 映像并将其推送到 repo,当我尝试使用

mpdev install \
  --deployer=$REGISTRY/$APP_NAME/deployer \
  --parameters='{"name": "test-deployment", "namespace": "test-ns"}'

我面临与权限相关的错误。

名称:“test-deployment-consul-sync-catalog”,命名空间:“”对象:&{map[“apiVersion”:“rbac.authorization.k8s.io/v1”“kind”:“ClusterRole”“元数据”: map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "labels":map["app":"consul" "app.kubernetes.io/name":"test -deployment" "chart":"consul-helm" "heritage":"Helm" "release":"test-deployment"] "name":"test-deployment-consul-sync-catalog"] "rules":[ map["apiGroups":[""] "resources":["services" "endpoints"] "verbs":["get" "list" "watch" "从服务器更新”“补丁”“删除”“创建”]]地图[“apiGroups”:[“”]“资源”:[“节点”]“动词”:[“get”]]]]}从服务器:“ /data/resources.yaml": clusterroles.rbac.authorization.k8s.io "test-deployment-consul-sync-catalog" 被禁止:用户“system:serviceaccount:test-ns:test-deployment-deployer-sa”无法在集群范围内的 API 组“rbac.authorization.k8s.io”中获取资源“clusterroles” 服务器错误(禁止):检索时出错当前配置:资源:“rbac.authorization.k8s.io/v1,Resource=clusterroles”,GroupVersionKind:“rbac.authorization.k8s.io/v1,Kind=ClusterRole”

角色 :

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ .Release.Name }}-modify-pods
  namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]

角色绑定:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ .Release.Name }}-modify-pods-to-sa
  namespace: {{ .Release.Namespace }}
subjects:
  - kind: ServiceAccount
    name: {{ .Release.Name }}-controller
    namespace: {{ .Release.Namespace }}
  - kind: ServiceAccount
    name: {{ .Release.Name }}-deployer-sa
    namespace: {{ .Release.Namespace }}
  - kind: ServiceAccount
    name: {{ .Release.Name }}-app
    namespace: {{ .Release.Namespace }}
roleRef:
  kind: Role
  name: {{ .Release.Name }}-modify-pods
  apiGroup: rbac.authorization.k8s.io

服务帐户:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ .Release.Name }}-controller
  namespace: {{ .Release.Namespace }}

apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ .Release.Name }}-app
  namespace: {{ .Release.Namespace }}
4

0 回答 0