开发者社区> 问答> 正文

由于RBAC,无法在kubernetes集群上部署pachyderm

我的目标是运行以下命令:

sudo pachctl deploy google ${BUCKET_NAME} ${STORAGE_SIZE} --dynamic-etcd-nodes=1
我面临一个关于我拥有的权限的错误(最后发布)。所以,我想通过以下命令创建我的角色:

sudo kubectl create clusterrolebinding aviralsrivastava-cluster-admin-binding --clusterrole=cluster-admin --user=aviral@socialcops.com
但是,上面的命令让我产生错误:

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "aviral@socialcops.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission.

展开
收起
k8s小能手 2018-12-29 15:13:52 4206 0
1 条回答
写回答
取消 提交回答
  • 整合最优质的专家资源和技术资料,问答解疑

    您需要将以下RBAC权限应用于cluster-admin为用户aviral@socialcops.com提供创建clusterRole和clusterRoleBinding的权限:

    ClusterRole.yaml

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
    name: prom-admin
    rules:

    Just an example, feel free to change it

    • apiGroups: [""]
      resources: ["clusterRole", "clusterRoleBinding"]

    verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
    ClusterRoleBinding.yaml

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: prom-rbac
    subjects:

    • kind: User
      name: aviral@socialcops.com

    roleRef:
    kind: ClusterRole
    name: prom-admin
    apiGroup: rbac.authorization.k8s.io

    2019-07-17 23:24:06
    赞同 展开评论 打赏
问答排行榜
最热
最新

相关电子书

更多
ACK 云原生弹性方案—云原生时代的加速器 立即下载
ACK集群类型选择最佳实践 立即下载
企业运维之云原生和Kubernetes 实战 立即下载

相关镜像