Operator-sdk 问题
Operator-sdk issue
我有一个 Operator,并将其部署在同一个集群中的 3 个不同的命名空间上,然后出现以下错误。我不知道这里出了什么问题以及如何解决它们?有什么想法吗?
E1111 15:02:48.398838 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
E1111 15:02:50.193666 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
此消息表示您用于操作员的服务帐户确实缺少某些权限。您需要添加具有 list 资源 Birds.
权限的角色
像这样:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: operator
rules:
- apiGroups:
- xxxx.com
resources:
- birds
verbs:
- list
不用说了,还需要加上ClusterRoleBinding.
请查看示例中的更多详细信息:Build Your Operator with the Right Tool。
我有一个 Operator,并将其部署在同一个集群中的 3 个不同的命名空间上,然后出现以下错误。我不知道这里出了什么问题以及如何解决它们?有什么想法吗?
E1111 15:02:48.398838 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
E1111 15:02:50.193666 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
此消息表示您用于操作员的服务帐户确实缺少某些权限。您需要添加具有 list 资源 Birds.
像这样:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: operator
rules:
- apiGroups:
- xxxx.com
resources:
- birds
verbs:
- list
不用说了,还需要加上ClusterRoleBinding.
请查看示例中的更多详细信息:Build Your Operator with the Right Tool。