Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/reporting-services/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kubernetes 名称空间对于新用户是禁止的错误_Kubernetes_Rbac_Kind - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Kubernetes 名称空间对于新用户是禁止的错误

Kubernetes 名称空间对于新用户是禁止的错误

kubernetes

Kubernetes 名称空间对于新用户是禁止的错误,kubernetes,rbac,kind,Kubernetes,Rbac,Kind,我将一个名为“hello”的新用户添加到具有客户端证书数据和客户端密钥数据的类集群中。当我切换到其上下文并按下命令时: kubectl get ns development你好 我得到: 服务器错误(禁止):名称空间“development hello”被禁止:用户“hello”无法获取名称空间“development hello”中API组“”中的资源“namespace” 我没有此用户的clusterrolebinding 以下是kubectl配置视图中的快照 apiVersion: v1

我将一个名为“hello”的新用户添加到具有客户端证书数据和客户端密钥数据的类集群中。当我切换到其上下文并按下命令时:

kubectl get ns development你好

我得到:

服务器错误(禁止):名称空间“development hello”被禁止:用户“hello”无法获取名称空间“development hello”中API组“”中的资源“namespace”

我没有此用户的clusterrolebinding

以下是kubectl配置视图中的快照

apiVersion: v1   
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://127.0.0.1:33445
  name: kind-kind
contexts:
- context:
    cluster: kind-kind
    user: hello
  name: hello-kind-kind
- context:
    cluster: kind-kind
    user: kind-kind
  name: kind-kind
current-context: hello-kind-kind
kind: Config
preferences: {}
users:
- name: hello
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
- name: kind-kind
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
需要使用
admin
帐户为
hello
用户创建ClusterRole和RoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ns-role
rules:
- apiGroups: [""]
  resources: ["namespace"]
  verbs: ["get", "watch", "list", "create", "delete"]    
---    
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ns-rolebinding
  namespace: development-hello
subjects:
- kind: User
  name: hello
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: ns-role
  apiGroup: rbac.authorization.k8s.io
可以使用以下命令检索具有管理员帐户的kubeconfig文件

docker exec -it <kind-control-plane-node-name>

sudo cat /etc/kubernetes/admin.conf

docker exec-it
sudo cat/etc/kubernetes/admin.conf
需要使用
admin
帐户为
hello
用户创建ClusterRole和RoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ns-role
rules:
- apiGroups: [""]
  resources: ["namespace"]
  verbs: ["get", "watch", "list", "create", "delete"]    
---    
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ns-rolebinding
  namespace: development-hello
subjects:
- kind: User
  name: hello
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: ns-role
  apiGroup: rbac.authorization.k8s.io
可以使用以下命令检索具有管理员帐户的kubeconfig文件

docker exec -it <kind-control-plane-node-name>

sudo cat /etc/kubernetes/admin.conf

docker exec-it
sudo cat/etc/kubernetes/admin.conf
谢谢您的回答。你能解释一下什么是管理员帐户吗?正如您所写,我使用kind user创建RoleBinding,但仍然出现相同的错误。我假设kind用户具有管理员权限,但我似乎错了…我更新了答案,并提供了有关如何使用管理员帐户获取kubeconfig的详细信息感谢您的回答。你能解释一下什么是管理员帐户吗?正如您所写,我使用kind user创建RoleBinding,但仍然出现相同的错误。我假设kind用户具有管理员权限,但我似乎错了…我更新了答案,并详细说明了如何使用管理员帐户获取kubeconfig