运行terraform apply为Kubernetes提供商在Azure云中部署k8s资源提供了未经授权的许可_Kubernetes_Terraform_Rbac_Azure Aks

运行terraform apply为Kubernetes提供商在Azure云中部署k8s资源提供了未经授权的许可

kubernetes terraform

运行terraform apply为Kubernetes提供商在Azure云中部署k8s资源提供了未经授权的许可,kubernetes,terraform,rbac,azure-aks,Kubernetes,Terraform,Rbac,Azure Aks,我正在部署一个带有terraform的AKSk8s集群群集已使用azure active directory启用rbac 集群创建进行得很顺利，之后terraform尝试在集群上执行一些TAK操作，如创建k8s角色存储类…，但失败时显示未经授权错误消息，如下所示： module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-retain: Creating... module.k8s_cluster.modu

我正在部署一个带有terraform的

AKS

k8s集群

群集已使用azure active directory启用rbac

集群创建进行得很顺利，之后terraform尝试在集群上执行一些TAK操作，如创建

k8s角色

存储类

…，但失败时显示

未经授权

错误消息，如下所示：

module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-retain: Creating...
module.k8s_cluster.module.infra.kubernetes_cluster_role.containerlogs: Creating...
module.k8s_cluster.module.infra.kubernetes_namespace.add_pod_identity: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-standard-retain: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-delete: Creating...
module.k8s_cluster.module.appgw.kubernetes_namespace.agic[0]: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-standard-delete: Creating...

Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/infra/k8s-roles.tf line 1, in resource "kubernetes_cluster_role" "containerlogs":
   1: resource "kubernetes_cluster_role" "containerlogs" {



Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 1, in resource "kubernetes_storage_class" "managed-standard-retain":
   1: resource "kubernetes_storage_class" "managed-standard-retain" {



Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 14, in resource "kubernetes_storage_class" "managed-standard-delete":
  14: resource "kubernetes_storage_class" "managed-standard-delete" {



Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 27, in resource "kubernetes_storage_class" "managed-premium-retain":
  27: resource "kubernetes_storage_class" "managed-premium-retain" {



Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 40, in resource "kubernetes_storage_class" "managed-premium-delete":
  40: resource "kubernetes_storage_class" "managed-premium-delete" {



Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/infra/r-aad-pod-identity.tf line 5, in resource "kubernetes_namespace" "add_pod_identity":
   5: resource "kubernetes_namespace" "add_pod_identity" {



Error: Unauthorized

  on .terraform/modules/k8s_cluster/modules/tools/agic/helm-agic.tf line 1, in resource "kubernetes_namespace" "agic":
   1: resource "kubernetes_namespace" "agic" {

正如您所看到的，这些不是

azure

错误，而是

kubernetes

似乎我无权在新创建的集群上执行上述资源创建任务。

为了授予我的用户帐户对这些terraform任务的权限，应该做什么和在哪里做？

您是如何配置terraform Kubernetes提供程序的？您是否静态定义了TLS证书凭据，或者您正在使用当前的kubectl上下文？两者都没有，我在azure帐户中使用了terraform，我没有terrafom的任何上下文设置。您实际完成了什么：az aks获取凭据？