在openshift中上载带有群集策略绑定的yml时出错；“已经存在”；_Openshift_Openshift Origin

在openshift中上载带有群集策略绑定的yml时出错；“已经存在”；

openshift

在openshift中上载带有群集策略绑定的yml时出错；“已经存在”；,openshift,openshift-origin,Openshift,Openshift Origin,当我尝试执行此操作时： oc create -f custom_clusterPolicyBinding.yml Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists oc version oc v1.4.1 kubernetes v1.4.0+776c994 features: Basic-Auth GS

当我尝试执行此操作时：

oc create -f custom_clusterPolicyBinding.yml
Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists

oc version
oc v1.4.1
kubernetes v1.4.0+776c994
features: Basic-Auth GSSAPI Kerberos SPNEGO

这是custom_clusterPolicyBinding.yml

apiVersion: v1
kind: ClusterPolicyBinding
metadata:
  name: custom
policyRef:
  name: custom
roleBindings:
- name: custom:label-nodos
  roleBinding:
    groupNames:
    - pachi
    metadata:
      name: custom:label-nodos
    roleRef:
      name: custom:label-nodos
    subjects:
    - kind: Group
      name: pachi
    userNames: null

群集角色绑定自定义：标签节点已存在

oc get clusterroleBinding | grep custom:label-nodos
custom:label-nodos                              /custom:label-nodos

集群角色绑定yaml的内容为：

apiVersion: v1
groupNames: null
kind: ClusterRoleBinding
metadata:
  name: custom:label-nodos
roleRef:
  name: custom:label-nodos
subjects: []
userNames: null

有什么想法吗？

不要直接编辑策略。只有一个群集策略和群集策略绑定

相反，您希望创建一个

clusterrole

，其内容与此类似（编辑它以授予您想要授予的权限）：

还有一个

clusterrolebinding

，内容如下（编辑它以绑定到正确的主题）：

您还可以使用

oadm policy add-*role to-*

命令帮助绑定角色：

add-cluster-role-to-group
add-cluster-role-to-user
add-role-to-group
add-role-to-user

apiVersion: v1
kind: ClusterRoleBinding
metadata:
  name: some-users
roleRef:
  name: some-user
subjects:
- kind: User
  name: foo

add-cluster-role-to-group
add-cluster-role-to-user
add-role-to-group
add-role-to-user