KubeSphere+DevOps部署到K8S问题
按照KubeSphere官方文档使用jenkinsfile部署流水线时遇到关于权限的问题
·
KubeSphere+DevOps部署到K8S问题
按照KubeSphere官方文档使用jenkinsfile部署流水线时遇到问题
报错信息描述如下
+ kubectl apply -f -
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"
Name: "ks-sample-dev", Namespace: "kubesphere-sample-dev"
from server for: "STDIN": deployments.apps "ks-sample-dev" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "deployments" in API group "apps" in the namespace "kubesphere-sample-dev"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=services", GroupVersionKind: "/v1, Kind=Service"
Name: "ks-sample-dev", Namespace: "kubesphere-sample-dev"
from server for: "STDIN": services "ks-sample-dev" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "services" in API group "" in the namespace "kubesphere-sample-dev"
script returned exit code 1
这个的错误的信息代表的意思是,system:serviceaccount:kubesphere-devops-worker:default是没有权限访问K8s的 API group的。
解决方法是给system:serviceaccount:kubesphere-devops-worker:default绑定更高的权限
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubesphere-devops-worker-installer-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ks-installer
subjects:
- kind: ServiceAccount
name: default
namespace: kubesphere-devops-worker
更多推荐
已为社区贡献8条内容
所有评论(0)