无法将ClusterRoleBinding附加到Kubernetes服务帐户
我正在尝试使用ClusterRoleBinding向Kubernetes ServiceAccount授予群集管理员角色:无法将ClusterRoleBinding附加到Kubernetes服务帐户,kubernetes,rbac,Kubernetes,Rbac,我正在尝试使用ClusterRoleBinding向Kubernetes ServiceAccount授予群集管理员角色: apiVersion: v1 kind: ServiceAccount metadata: name: jenkins namespace: jenkins --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: jenkins roleRef:
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
namespace: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: jenkins
namespace: jenkins
…我得到一个错误:
The ClusterRoleBinding "jenkins" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"cluster-admin"}:
cannot change roleRef
我已验证ClusterRole确实存在:
kubectl get clusterrole
NAME AGE
admin 1d
alb-ingress-controller 1d
aws-node 1d
cluster-admin 1d
我还尝试将其他群集角色附加到我的服务帐户,但无法执行此操作
我假设这意味着您无法将群集角色附加到服务帐户,如果是这种情况,那么如何向服务帐户授予群集级别的权限?错误“无法更改角色ref”指的是我尝试创建的ClusterRoleBinding已经存在
通过运行kubectl get clusterrolebinding
我可以看到clusterrolebinding已经存在
运行kubectl delete clusterrolebinding/jenkins
后,我能够成功地执行上面的YAML