运行terraform apply为Kubernetes提供商在Azure云中部署k8s资源提供了未经授权的许可
我正在部署一个带有terraform的运行terraform apply为Kubernetes提供商在Azure云中部署k8s资源提供了未经授权的许可,kubernetes,terraform,rbac,azure-aks,Kubernetes,Terraform,Rbac,Azure Aks,我正在部署一个带有terraform的AKSk8s集群 群集已使用azure active directory启用rbac 集群创建进行得很顺利,之后terraform尝试在集群上执行一些TAK操作,如创建k8s角色存储类…,但失败时显示未经授权错误消息,如下所示: module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-retain: Creating... module.k8s_cluster.modu
AKS
k8s集群
群集已使用azure active directory启用rbac
集群创建进行得很顺利,之后terraform尝试在集群上执行一些TAK操作,如创建k8s角色
存储类
…,但失败时显示未经授权
错误消息,如下所示:
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-retain: Creating...
module.k8s_cluster.module.infra.kubernetes_cluster_role.containerlogs: Creating...
module.k8s_cluster.module.infra.kubernetes_namespace.add_pod_identity: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-standard-retain: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-delete: Creating...
module.k8s_cluster.module.appgw.kubernetes_namespace.agic[0]: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-standard-delete: Creating...
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-roles.tf line 1, in resource "kubernetes_cluster_role" "containerlogs":
1: resource "kubernetes_cluster_role" "containerlogs" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 1, in resource "kubernetes_storage_class" "managed-standard-retain":
1: resource "kubernetes_storage_class" "managed-standard-retain" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 14, in resource "kubernetes_storage_class" "managed-standard-delete":
14: resource "kubernetes_storage_class" "managed-standard-delete" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 27, in resource "kubernetes_storage_class" "managed-premium-retain":
27: resource "kubernetes_storage_class" "managed-premium-retain" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 40, in resource "kubernetes_storage_class" "managed-premium-delete":
40: resource "kubernetes_storage_class" "managed-premium-delete" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/r-aad-pod-identity.tf line 5, in resource "kubernetes_namespace" "add_pod_identity":
5: resource "kubernetes_namespace" "add_pod_identity" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/tools/agic/helm-agic.tf line 1, in resource "kubernetes_namespace" "agic":
1: resource "kubernetes_namespace" "agic" {
正如您所看到的,这些不是azure
错误,而是kubernetes
似乎我无权在新创建的集群上执行上述资源创建任务。
为了授予我的用户帐户对这些terraform任务的权限,应该做什么和在哪里做?您是如何配置terraform Kubernetes提供程序的?您是否静态定义了TLS证书凭据,或者您正在使用当前的kubectl上下文?两者都没有,我在azure帐户中使用了terraform,我没有terrafom的任何上下文设置。您实际完成了什么:az aks获取凭据?