我正在尝试创建一个 Istio Virtualservice。但是,尽管我绑定(bind)了 cluster-admin 角色,但我还是收到以下错误。
UPGRADE FAILED: could not get information about the resource: virtualservices.networking.istio.io "admin-ui" is forbidden: User "vaish@admin" cannot get resource "virtualservices" in API group "networking.istio.io" in the namespace "onboarding"
我还尝试如下创建一个新的 Clusterrole 并创建一个绑定(bind)到我的用户,这也没有产生任何结果。
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: istio-editor-role
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["config.istio.io", "networking.istio.io", "rbac.istio.io", "authentication.istio.io", "security.istio.io"]
resources: ["virtualservices"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"
kubectl create clusterrolebinding istio-editor-binding --clusterrole=istio-editor-role --user=vaish@admin
最佳答案
解决方案是将用户添加到 cluster-admin 角色
关于kubernetes - Istio 虚拟服务创建访问被拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69728899/