在 openshift "already exist" 中上传带有集群策略绑定的 yml 时出错
Error when upload a yml with cluster policy bindings in openshift "already exist"
当我尝试执行此操作时:
oc create -f custom_clusterPolicyBinding.yml
Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists
oc version
oc v1.4.1
kubernetes v1.4.0+776c994
features: Basic-Auth GSSAPI Kerberos SPNEGO
这是custom_clusterPolicyBinding.yml
apiVersion: v1
kind: ClusterPolicyBinding
metadata:
name: custom
policyRef:
name: custom
roleBindings:
- name: custom:label-nodos
roleBinding:
groupNames:
- pachi
metadata:
name: custom:label-nodos
roleRef:
name: custom:label-nodos
subjects:
- kind: Group
name: pachi
userNames: null
集群角色绑定custom:label-nodos已经存在
oc get clusterroleBinding | grep custom:label-nodos
custom:label-nodos /custom:label-nodos
而集群角色绑定yaml的内容为:
apiVersion: v1
groupNames: null
kind: ClusterRoleBinding
metadata:
name: custom:label-nodos
roleRef:
name: custom:label-nodos
subjects: []
userNames: null
有什么想法吗?
不要直接编辑策略。只有一个集群策略和集群策略绑定。
相反,您可能想要创建一个内容类似于此的 clusterrole(对其进行编辑以授予您想要授予的权限):
apiVersion: v1
kind: ClusterRole
metadata:
name: some-user
rules:
- apiGroups:
- project.openshift.io
- ""
resources:
- projects
verbs:
- list
还有一个 clusterrolebinding 具有这样的内容(编辑它以绑定到正确的主题):
apiVersion: v1
kind: ClusterRoleBinding
metadata:
name: some-users
roleRef:
name: some-user
subjects:
- kind: User
name: foo
您还可以使用 oadm policy add-*role-to-* 命令来帮助绑定角色:
add-cluster-role-to-group
add-cluster-role-to-user
add-role-to-group
add-role-to-user
当我尝试执行此操作时:
oc create -f custom_clusterPolicyBinding.yml
Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists
oc version
oc v1.4.1
kubernetes v1.4.0+776c994
features: Basic-Auth GSSAPI Kerberos SPNEGO
这是custom_clusterPolicyBinding.yml
apiVersion: v1
kind: ClusterPolicyBinding
metadata:
name: custom
policyRef:
name: custom
roleBindings:
- name: custom:label-nodos
roleBinding:
groupNames:
- pachi
metadata:
name: custom:label-nodos
roleRef:
name: custom:label-nodos
subjects:
- kind: Group
name: pachi
userNames: null
集群角色绑定custom:label-nodos已经存在
oc get clusterroleBinding | grep custom:label-nodos
custom:label-nodos /custom:label-nodos
而集群角色绑定yaml的内容为:
apiVersion: v1
groupNames: null
kind: ClusterRoleBinding
metadata:
name: custom:label-nodos
roleRef:
name: custom:label-nodos
subjects: []
userNames: null
有什么想法吗?
不要直接编辑策略。只有一个集群策略和集群策略绑定。
相反,您可能想要创建一个内容类似于此的 clusterrole(对其进行编辑以授予您想要授予的权限):
apiVersion: v1
kind: ClusterRole
metadata:
name: some-user
rules:
- apiGroups:
- project.openshift.io
- ""
resources:
- projects
verbs:
- list
还有一个 clusterrolebinding 具有这样的内容(编辑它以绑定到正确的主题):
apiVersion: v1
kind: ClusterRoleBinding
metadata:
name: some-users
roleRef:
name: some-user
subjects:
- kind: User
name: foo
您还可以使用 oadm policy add-*role-to-* 命令来帮助绑定角色:
add-cluster-role-to-group
add-cluster-role-to-user
add-role-to-group
add-role-to-user