kubectl 报告清单文件中所需的命名空间值

Question

我的清单文件有什么问题？

cat manifests/node-exporter-clusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: node-exporter
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: node-exporter
subjects:
- kind: ServiceAccount
  name: node-exporter

cat manifests/kube-state-metrics-clusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kube-state-metrics
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kube-state-metrics
subjects:
- kind: ServiceAccount
  name: kube-state-metrics

如果我将这些清单应用到命名空间，我会收到如下错误：


kubectl -f manifests/kube-state-metrics-clusterRoleBinding.yaml -n test-monitoring

The ClusterRoleBinding "node-exporter" is invalid: subjects[0].namespace: Required value

kubectl apply -f manifests/kube-state-metrics-clusterRoleBinding.yaml -n test-monitoring

The ClusterRoleBinding "kube-state-metrics" is invalid: subjects[0].namespace: Required value

清单文件有任何问题吗？

Answer 1

由于 ServiceAccount 是命名空间对象，您需要显式添加 ServiceAccount 的 namespace 为：

subjects:
- kind: ServiceAccount
  name: kube-state-metrics
  namespace: <namespace-of-kube-state-metrics-serviceaccount>

kubectl 报告清单文件中所需的命名空间值

kubectl reports namespace value required in manifest file

kubernetes

kubectl