Kubernetes RBAC - 用户有权获取 pods 但它说 'Unauthorized'
Kubernetes RBAC - user has access to get pods but it says 'Unauthorized'
我已经为 Kubernetes RBAC 配置了 keycloak。
- 有权获取 pods
的用户
vagrant@haproxy:~/.kube$ kubectl auth can-i get pods --user=oidc
Warning: the server doesn't have a resource type 'pods'
yes
vagrant@haproxy:~/.kube$ kubectl get pods --user=oidc
error: You must be logged in to the server (Unauthorized)
我的用户 kubeconfig 文件如下所示
users:
- name: oidc
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://test.example.com/auth/realms/kubernetes
- --oidc-client-id=kubernetes
- --oidc-client-secret=e479f74d-d9fd-415b-b1db-fd7946d3ad90
- --username=test
- --grant-type=authcode-keyboard
command: kubectl
有没有办法让这个工作?
问题出在集群的 IP 地址上。如果 IP 地址,您可能必须配置 DNS 名称。
我已经为 Kubernetes RBAC 配置了 keycloak。
- 有权获取 pods 的用户
vagrant@haproxy:~/.kube$ kubectl auth can-i get pods --user=oidc
Warning: the server doesn't have a resource type 'pods'
yes
vagrant@haproxy:~/.kube$ kubectl get pods --user=oidc
error: You must be logged in to the server (Unauthorized)
我的用户 kubeconfig 文件如下所示
users:
- name: oidc
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://test.example.com/auth/realms/kubernetes
- --oidc-client-id=kubernetes
- --oidc-client-secret=e479f74d-d9fd-415b-b1db-fd7946d3ad90
- --username=test
- --grant-type=authcode-keyboard
command: kubectl
有没有办法让这个工作?
问题出在集群的 IP 地址上。如果 IP 地址,您可能必须配置 DNS 名称。