我在centos 7上有kubernetes Cluster v1.10,裸机
helm version
Client: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0-rc.3", GitCommit:"28d295be2a94115b786ee277dffcc2b5483bde47", GitTreeState:"clean"}
我正在尝试使用Helm安装Nginx
helm install stable/nginx-ingress --name nginx
它返回
Error: release nginx failed:
clusterroles.rbac.authorization.k8s.io "nginx-nginx-ingress" is
forbidden: attempt to grant extra privileges:
[PolicyRule{APIGroups:[""], Resources:["configmaps"], Verbs:
["list"]} PolicyRule{APIGroups:[""], Resources:["configmaps"],
Verbs:["watch"]} PolicyRule{APIGroups:[""], Resources:
["endpoints"], Verbs:["list"]} PolicyRule{APIGroups:[""],
Resources:["endpoints"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["nodes"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["nodes"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["pods"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["pods"], Verbs:["watch"]} PolicyRule{APIGroups:
[""], Resources:["secrets"], Verbs:["list"]} PolicyRule{APIGroups:
[""], Resources:["secrets"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["nodes"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["get"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:["list"]}
PolicyRule{APIGroups:[""], Resources:["services"], Verbs:
["update"]} PolicyRule{APIGroups:[""], Resources:["services"],
Verbs:["watch"]} PolicyRule{APIGroups:["extensions"], Resources:
["ingresses"], Verbs:["get"]} PolicyRule{APIGroups:["extensions"],
Resources:["ingresses"], Verbs:["list"]} PolicyRule{APIGroups:
["extensions"], Resources:["ingresses"], Verbs:["watch"]}
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["create"]}
PolicyRule{APIGroups:[""], Resources:["events"], Verbs:["patch"]}
PolicyRule{APIGroups:["extensions"], Resources:
["ingresses/status"], Verbs:["update"]}] user=&
{system:serviceaccount:kube-system:default 8f248058-b684-11e8-
b781-daf0a0c10949 [system:serviceaccounts
system:serviceaccounts:kube-system system:authenticated] map[]}
ownerrules=[] ruleResolutionErrors=[]
我该如何解决这个问题?
谢谢:D
最佳答案
另一方面,由于kubectl apply -f用于创建或更新资源,因此Helm可以称为Kubernetes Package Manager。您发布的解决方案是一种解决方法,因为该问题与Helm有关,而不是与如何使用kubectl apply创建资源有关。添加--set rbac.create=false表示您可能部署了不支持RBAC的Tiller。问题是,是否有意进行?如果您尚未开启RBAC授权,则可以继续使用--set rbac.create=false;如果要启用RBAC,则必须为Tiller服务帐户添加cluster-admin角色。
您可以找到如何正确配置它here.
可以在here上获得有关Helm and Tiller的安装和配置的更多信息,以及此Github issue中类似情况的详细说明。
关于kubernetes - 无法通过Kubernetes使用Helm安装Nginx,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52535811/