KubeSphere+DevOps部署到K8S问题

按照KubeSphere官方文档使用jenkinsfile部署流水线时遇到问题

报错信息描述如下

+ kubectl apply -f -
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"
Name: "ks-sample-dev", Namespace: "kubesphere-sample-dev"
from server for: "STDIN": deployments.apps "ks-sample-dev" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "deployments" in API group "apps" in the namespace "kubesphere-sample-dev"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=services", GroupVersionKind: "/v1, Kind=Service"
Name: "ks-sample-dev", Namespace: "kubesphere-sample-dev"
from server for: "STDIN": services "ks-sample-dev" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "services" in API group "" in the namespace "kubesphere-sample-dev"
script returned exit code 1

这个的错误的信息代表的意思是,system:serviceaccount:kubesphere-devops-worker:default是没有权限访问K8s的 API group的。
解决方法是给system:serviceaccount:kubesphere-devops-worker:default绑定更高的权限

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubesphere-devops-worker-installer-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ks-installer
subjects:
- kind: ServiceAccount
  name: default
  namespace: kubesphere-devops-worker
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐