kubernetes - 由于RBAC而无法在Kubernetes集群上部署厚皮动物

Question

我的目标是运行以下命令:

sudo pachctl deploy google ${BUCKET_NAME} ${STORAGE_SIZE} --dynamic-etcd-nodes=1

我遇到有关我拥有的权限的错误(最后发布)。因此，我想通过以下命令创建角色:

sudo kubectl create clusterrolebinding aviralsrivastava-cluster-admin-binding --clusterrole=cluster-admin --user=aviral@socialcops.com

但是，以上命令给我一个错误:

Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "aviral@socialcops.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission.

Answer 1

您需要将以下RBAC权限作为cluster-admin应用，以向用户aviral@socialcops.com提供权限以创建clusterRole和clusterRoleBinding:

ClusterRole.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: prom-admin
rules:
# Just an example, feel free to change it
- apiGroups: [""]
  resources: ["clusterRole", "clusterRoleBinding"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]

ClusterRoleBinding.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: prom-rbac
subjects:
- kind: User
  name: aviral@socialcops.com
roleRef:
  kind: ClusterRole
  name: prom-admin
  apiGroup: rbac.authorization.k8s.io