版本 "iam.cnrm.cloud.google.com/v1beta1" 中的种类 "IAMPolicy" 没有匹配项
no matches for kind "IAMPolicy" in version "iam.cnrm.cloud.google.com/v1beta1"
我想使用工作负载身份访问服务帐户。
猫serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
name: rao-sa
namespace: test
我的 yaml 文件是 policy.yaml
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: iampolicy-workload-identity-sample
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:PROJECT_ID.svc.id.goog[test/rao-sa]
kubectl apply -f policy.yaml
error: unable to recognize "policy.yaml": no matches for kind "IAMPolicy" in version "iam.cnrm.cloud.google.com/v1beta1"
YAML 文件出现错误:版本“iam.cnrm.cloud.google.com/v1beta1”中的种类“IAMPolicy”没有匹配项
这是没有安装时的常见错误config connector,请检查第 7 步。
gcloud container clusters update CLUSTER_NAME \
--update-addons ConfigConnector=ENABLED
以下是 IAM 策略的一些资源以及如何启用 GKE Workload Identity
https://medium.com/bluecore-engineering/the-infrastructure-triumvirate-continuous-service-and-infrastructure-delivery-with-argo-a33a3f76dc06
https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iampolicy
https://dzone.com/articles/enabling-gke-workload-identity
同时检查您的 policy.yaml 文件,我发现了一些放错地方的项目,请检查这是否有效。
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: iampolicy-workload-identity-sample
namespace: rao-sa
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
bindings:
members:
- serviceAccount:PROJECT_ID.svc.id.goog[test/rao-sa]
role: roles/iam.workloadIdentityUser
我想使用工作负载身份访问服务帐户。
猫serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
name: rao-sa
namespace: test
我的 yaml 文件是 policy.yaml
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: iampolicy-workload-identity-sample
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:PROJECT_ID.svc.id.goog[test/rao-sa]
kubectl apply -f policy.yaml
error: unable to recognize "policy.yaml": no matches for kind "IAMPolicy" in version "iam.cnrm.cloud.google.com/v1beta1"
YAML 文件出现错误:版本“iam.cnrm.cloud.google.com/v1beta1”中的种类“IAMPolicy”没有匹配项
这是没有安装时的常见错误config connector,请检查第 7 步。
gcloud container clusters update CLUSTER_NAME \
--update-addons ConfigConnector=ENABLED
以下是 IAM 策略的一些资源以及如何启用 GKE Workload Identity
https://medium.com/bluecore-engineering/the-infrastructure-triumvirate-continuous-service-and-infrastructure-delivery-with-argo-a33a3f76dc06 https://cloud.google.com/config-connector/docs/reference/resource-docs/iam/iampolicy https://dzone.com/articles/enabling-gke-workload-identity
同时检查您的 policy.yaml 文件,我发现了一些放错地方的项目,请检查这是否有效。
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: iampolicy-workload-identity-sample
namespace: rao-sa
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: serviceaccount_key@PROJECT_ID.iam.gserviceaccount.com
bindings:
members:
- serviceAccount:PROJECT_ID.svc.id.goog[test/rao-sa]
role: roles/iam.workloadIdentityUser