如何配置卷(第二部分)?
How can I provision a volume (part II)?
我正在尝试配置 RBAC 以便我可以配置卷。这是此 () 话题的后续。添加角色将错误从“cannot get resource”更改为“cannot create resource”。
我现在觉得是Kubernetes的问题,但是还是不明白怎么解决。
错误:
Error from server (Forbidden): error when creating "/tmp/manifest.yaml": persistentvolumeclaims is forbidden: User "system:serviceaccount:argo:argo" cannot create resource "persistentvolumeclaims" in API group "" in the namespace "argo"
role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: workflow
namespace: argo
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
RBAC auth rules配置了K8s资源,可分为两组:
Roles 和 ClusterRole 指定哪个 verbs/actions 可以是
在哪些资源上执行。RoleBindings 和 ClusterRoleBindings 将上述角色绑定到
特定用户、组或 ServiceAccounts。
在您的情况下,您已成功创建 Roles,但您缺少的是 RoleBindings,简而言之,谁可以执行您已经指定的操作。
可以使用 yaml 文件创建角色绑定:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: workflow-argo
namespace: argo
subjects:
# You can specify more than one "subject"
- kind: User
name: jane # "name" is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
# with "roleRef" you specify the binding to a Role / ClusterRole
kind: Role
name: workflow # here you have to reference the name of your Role
apiGroup: rbac.authorization.k8s.io
或使用命令:
kubectl create rolebinding workflow-argo --clusterrole=workflow --user=jane --namespace=argo
有关更多信息,请查看 K8s 部分:Using RBAC Authorization
我正在尝试配置 RBAC 以便我可以配置卷。这是此 (
我现在觉得是Kubernetes的问题,但是还是不明白怎么解决。
错误:
Error from server (Forbidden): error when creating "/tmp/manifest.yaml": persistentvolumeclaims is forbidden: User "system:serviceaccount:argo:argo" cannot create resource "persistentvolumeclaims" in API group "" in the namespace "argo"
role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: workflow
namespace: argo
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
RBAC auth rules配置了K8s资源,可分为两组:
Roles和ClusterRole指定哪个 verbs/actions 可以是 在哪些资源上执行。RoleBindings和ClusterRoleBindings将上述角色绑定到 特定用户、组或 ServiceAccounts。
在您的情况下,您已成功创建 Roles,但您缺少的是 RoleBindings,简而言之,谁可以执行您已经指定的操作。
可以使用 yaml 文件创建角色绑定:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: workflow-argo
namespace: argo
subjects:
# You can specify more than one "subject"
- kind: User
name: jane # "name" is case sensitive
apiGroup: rbac.authorization.k8s.io
roleRef:
# with "roleRef" you specify the binding to a Role / ClusterRole
kind: Role
name: workflow # here you have to reference the name of your Role
apiGroup: rbac.authorization.k8s.io
或使用命令:
kubectl create rolebinding workflow-argo --clusterrole=workflow --user=jane --namespace=argo
有关更多信息,请查看 K8s 部分:Using RBAC Authorization