我尝试使用 kubectl 创建命名空间,但收到此错误:
Error from server (Forbidden): error when creating "namespacefoo": namespaces is forbidden: User "[email protected]" cannot create namespaces at the cluster scope
Kubernetes 中有“范围”的概念吗?我找不到有关不同类型范围的任何信息。如果我无法在集群范围内创建命名空间,我可以在哪里创建命名空间?如何检查我有权访问哪些“范围”?
最佳答案
这取决于您的 Kubernetes 环境。
这个answer suggest (在 Google Cloud environment 中):
That suggests that
gcloud config set container/use_client_certificateis set totruei.e. thatgcloudis expecting a client cluster certificate to authenticate to the cluster (this is what the 'client' in the error message refers to).Unsetting
container/use_client_certificateby issuing the following command in theglcoud configends the need for a legacy certificate or credentials and prevents the error message:gcloud config unset container/use_client_certificateIssues such as this may be more likely if you are using an older version of
gcloudon your home workstation or elsewhere.
仍然,kubernetes/kubernetes issue 62361提到了相同的错误消息。
关于Kubernetes 无法在集群范围内创建命名空间,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51915228/