我已经 Build 了一个双节点kops集群 . 我在哪里安装了helm工具 .
我创建了自己的应用程序特定的helm包并通过helm安装它,一切正常 .
但是当我试图通过稳定的helm图表安装nginx时(如标准说明中所指定的)我得到的误差低于
root@ip-172-31-27-86:~/helm# helm install --name my-nginx stable/nginx-ingress
Error: release tinseled-billygoat failed: clusterroles.rbac.authorization.k8s.io "tinseled-billygoat-nginx-ingress" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["patch"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["update"]}] user=&{system:serviceaccount:kube-system:default bdf8f2bc-84e2-11e8-8fa3-02f0fae19e8e [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]
舵列表,包含图表详细信息 .
root@ip-172-31-27-86:/home/appHome/HelmPackages# helm list
NAME REVISION UPDATED STATUS CHART NAMESPACE
my-nginx 1 Wed Jul 11 11:02:37 2018 FAILED nginx-ingress-0.22.1 default
nodeapp1 1 Wed Jul 11 10:36:23 2018 DEPLOYED nodeapp-helm-0.1.0 default
这似乎是某种rbac问题,但我之前已经成功地部署了nginx . 但现在我第一次面对这个,所以不确定它可能出错的地方 .
任何帮助赞赏
2 回答
听起来您的头盔服务帐户没有授予您的nginx入口图尝试创建的某些权限 . 如果正在这样做的用户没有自己的访问权限,则RBAC不允许创建特定访问权限,这对于在委派访问时避免权限提升是非常合理的 .
我尝试通过服务帐户重新安装helm,
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole = cluster-admin --serviceaccount = kube-system:tiller helm init --service-account tiller
然而,仍然面临同样的问题没有帮助 .
但作为测试环境的快速修复,我在安装nginx时设置了这个属性
现在Nginx工作正常,但不建议用于 生产环境 服务器 .