Authentication 未能发现支持的资源
我正在尝试创建具有有限命名空间访问权限的用户。创建了名为test的命名空间,还创建了组:程序员,用户:前端。通过以下帮助为用户:前端生成凭据 我创造了一个角色。这是我的角色Authentication 未能发现支持的资源,authentication,kubernetes,rbac,kubernetes-security,Authentication,Kubernetes,Rbac,Kubernetes Security,我正在尝试创建具有有限命名空间访问权限的用户。创建了名为test的命名空间,还创建了组:程序员,用户:前端。通过以下帮助为用户:前端生成凭据 我创造了一个角色。这是我的角色 kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: namespace: test name: frontend-developer rules: - apiGroups: ["","extensions","apps"
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test
name: frontend-developer
rules:
- apiGroups: ["","extensions","apps"]
resources: ["deployments","replicasets","pods"]
verbs: ["get","list","watch","create","patch"]`
我创造了rolebinding。这里是role-binding.yml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: frontend-deploy
namespace: test
subjects:
- kind: User
name: frontend
namespace: test
roleRef:
kind: Role
name: frontend-developer
apiGroup: rbac.authorization.k8s.io
我说的是我的部署文件
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nodefrontend
namespace: test
spec:
replicas: 3
template:
metadata:
labels:
app: bookstore
spec:
containers:
- name: nodeweb
image: balipalligayathri/devops-develop
ports:
- name: http
containerPort: 3000
protocol: TCP
我在创建角色和角色绑定时使用以下命令
$ kubectl create -f role.yml
$ kubectl create -f role-binding.yml
已创建前端开发人员角色和前端部署角色绑定
我再次使用命令kubectl create-f node deployment.yml
创建部署。已成功创建并删除部署。在这里,我在创建部署时没有提到任何用户。因此,我尝试使用下面的命令使用user创建部署
kubectl create -f node-deployment.yml --as=frontend --context=frontend-context
我面临着这样的错误
Error from server (Forbidden):
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>
Authentication requiredhttps://stackoverflow.com/questions/48164369/kubernetes- 1-8-dashboard-configurations-fails-with-error-no-kind-role-is-regi
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
which is implied by: hudson.security.Permission.GenericRead
which is implied by: hudson.model.Hudson.Administer </body></html>
服务器错误(禁止):
window.location.replace('/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s');
认证请求iredhttps://stackoverflow.com/questions/48164369/kubernetes- 1-8-dashboard-configurations-fails-with-error-no-kind-role-is-regi
您的身份验证为:匿名
您所在的组:
您需要(但没有)的权限:hudson.model.hudson.Read
其中包含:hudson.security.Permission.GenericRead
这意味着:hudson.model.hudson.administrate
我的疑问是:是否有必要在
deployment.yml
文件中提及用户 您需要创建一个服务帐户
,请查看以下代码片段:
apiVersion: v1
kind: ServiceAccount
metadata:
name: myAccount
将其绑定到您的角色:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: myBinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: frontend-developer
subjects:
- kind: ServiceAccount
name: myAccount
并在部署中使用它:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nodefrontend
namespace: test
spec:
template:
metadata:
labels:
...
spec:
serviceAccountName: myAccount
参考: