由于RBAC,无法在kubernetes集群上部署pachyderm-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

由于RBAC,无法在kubernetes集群上部署pachyderm

k8s小能手 2018-12-29 15:13:52 1445

我的目标是运行以下命令:

sudo pachctl deploy google ${BUCKET_NAME} ${STORAGE_SIZE} --dynamic-etcd-nodes=1
我面临一个关于我拥有的权限的错误(最后发布)。所以,我想通过以下命令创建我的角色:

sudo kubectl create clusterrolebinding aviralsrivastava-cluster-admin-binding --clusterrole=cluster-admin --user=aviral@socialcops.com
但是,上面的命令让我产生错误:

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "aviral@socialcops.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission.

Kubernetes 容器
分享到
取消 提交回答
全部回答(1)
  • k8s小能手
    2019-07-17 23:24:06

    您需要将以下RBAC权限应用于cluster-admin为用户aviral@socialcops.com提供创建clusterRole和clusterRoleBinding的权限:

    ClusterRole.yaml

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRole
    metadata:
    name: prom-admin
    rules:

    Just an example, feel free to change it

    • apiGroups: [""]
      resources: ["clusterRole", "clusterRoleBinding"]

    verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
    ClusterRoleBinding.yaml

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
    name: prom-rbac
    subjects:

    • kind: User
      name: aviral@socialcops.com

    roleRef:
    kind: ClusterRole
    name: prom-admin
    apiGroup: rbac.authorization.k8s.io

    0 0
云原生
使用钉钉扫一扫加入圈子
+ 订阅

云原生时代,是开发者最好的时代

推荐文章
相似问题
推荐课程