Istio 虚拟服务创建访问被拒绝

Istio Virtualservice creation access denied

我正在尝试创建一个 Istio Virtualservice。但是,尽管我绑定了 cluster-admin 角色,但我还是收到以下错误。

UPGRADE FAILED: could not get information about the resource: virtualservices.networking.istio.io "admin-ui" is forbidden: User "vaish@admin" cannot get resource "virtualservices" in API group "networking.istio.io" in the namespace "onboarding"

我还尝试如下创建一个新的 Clusterrole 并创建一个绑定到我的用户,这也没有产生任何结果。

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:  
  name: istio-editor-role
  labels:
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["config.istio.io", "networking.istio.io", "rbac.istio.io", "authentication.istio.io", "security.istio.io"]
  resources: ["virtualservices"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"
 kubectl create clusterrolebinding istio-editor-binding --clusterrole=istio-editor-role --user=vaish@admin

解决方案是将用户添加到 cluster-admin 角色