在openshift中上载带有群集策略绑定的yml时出错;“已经存在”;
当我尝试执行此操作时:在openshift中上载带有群集策略绑定的yml时出错;“已经存在”;,openshift,openshift-origin,Openshift,Openshift Origin,当我尝试执行此操作时: oc create -f custom_clusterPolicyBinding.yml Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists oc version oc v1.4.1 kubernetes v1.4.0+776c994 features: Basic-Auth GS
oc create -f custom_clusterPolicyBinding.yml
Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists
oc version
oc v1.4.1
kubernetes v1.4.0+776c994
features: Basic-Auth GSSAPI Kerberos SPNEGO
这是custom_clusterPolicyBinding.yml
apiVersion: v1
kind: ClusterPolicyBinding
metadata:
name: custom
policyRef:
name: custom
roleBindings:
- name: custom:label-nodos
roleBinding:
groupNames:
- pachi
metadata:
name: custom:label-nodos
roleRef:
name: custom:label-nodos
subjects:
- kind: Group
name: pachi
userNames: null
群集角色绑定自定义:标签节点已存在
oc get clusterroleBinding | grep custom:label-nodos
custom:label-nodos /custom:label-nodos
集群角色绑定yaml的内容为:
apiVersion: v1
groupNames: null
kind: ClusterRoleBinding
metadata:
name: custom:label-nodos
roleRef:
name: custom:label-nodos
subjects: []
userNames: null
有什么想法吗?不要直接编辑策略。只有一个群集策略和群集策略绑定 相反,您希望创建一个
clusterrole
,其内容与此类似(编辑它以授予您想要授予的权限):
还有一个clusterrolebinding
,内容如下(编辑它以绑定到正确的主题):
您还可以使用oadm policy add-*role to-*
命令帮助绑定角色:
add-cluster-role-to-group
add-cluster-role-to-user
add-role-to-group
add-role-to-user
apiVersion: v1
kind: ClusterRoleBinding
metadata:
name: some-users
roleRef:
name: some-user
subjects:
- kind: User
name: foo
add-cluster-role-to-group
add-cluster-role-to-user
add-role-to-group
add-role-to-user