使用 Helm 命令安装时出现 Kubernetes 清单错误

Getting Kubernetes manifest error when install using Helm command

做的时候helm install -f values.yaml xxx-xxx-Agent xxxx-repo/xxx-agent --namespace xxxxx-dev 低于错误

'''
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: secrets "azpsecretxxx" is forbidden: User "xxxxxxxxxxxx@xxxxx.com" cannot get resource "secrets" in API group "" in the namespace "xxxxxx-dev"
'''

PS:我可以访问我的命名空间。我用谷歌搜索了各种论坛,但无法理解并登陆这里。我是 AKS 和 Helm 的新手。任何人都可以分享您的见解。提前致谢

该错误与 Helm 无关,而是直接与 Kubernetes 相关,它告诉您您无权操作您所在的命名空间中的秘密。 你有什么角色?

例如,如果您不是集群或命名空间中的“root”用户,则应有人通过创建 ClusterRole 并将您分配给该角色来授予您权限,例如:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  # "namespace" omitted since ClusterRoles are not namespaced
  name: secret-writer
rules:
- apiGroups: [""]
  #
  # at the HTTP level, the name of the resource for accessing Secret
  # objects is "secrets"
  resources: ["secrets"]
  verbs: ["get", "watch", "list", "update", "create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: RoleBinding
metadata:
  name: write-secrets
  namespace: YOUR_NAMESPACE
subjects:
- kind: User
  name: YOUR_USER # Name is case sensitive
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: secret-writer
  apiGroup: rbac.authorization.k8s.io

或者只是要求成为 ClusterAdmin :D

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: aks-cluster-admins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: YOUR_USER_NAME

更多细节和例子在这里: https://kubernetes.io/docs/reference/access-authn-authz/rbac/

顺便问一下,如果这是 AKS,您是否尝试过使用 --admin 选项? 像这样:

az aks get-credentials --resource-group resource_group --name cluster_name --admin

如果您拥有 Azure IAM 权限,这会自动将您置于管理员模式,并赋予您对整个集群的全部权限。