缺少哪些权利?无法继续安装:无法获取有关资源的信息:podsecuritypolicies.policy
Which rights are missing? Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy
我正在尝试使用 helm 安装 loki
$ helm upgrade --install loki grafana/loki-stack
我收到以下错误消息:
Release "loki" does not exist. Installing it now.
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy "loki" is forbidden: User "secret user :)" cannot get resource "podsecuritypolicies" in API group "policy" at the cluster scope
$ helm list -all
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
我是一个普通用户,但我可以通过 yaml 文件手动制作 deployment/pods。
我需要使用 helm 图表。
您的用户似乎没有足够的权限来创建策略。您需要向您的集群管理员询问更多权限,除非您可以自己将它们分配给该用户。我在下面提供示例 yaml 来实现这一点。首先,创建具有适当权限的 ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: <role name>
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['get']
然后,您需要将此 ClusterRole 绑定到用户:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: <binding name>
roleRef:
kind: ClusterRole
name: <role name>
apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize all service accounts in a namespace (recommended):
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts:<authorized namespace>
# Authorize specific service accounts (not recommended):
- kind: ServiceAccount
name: <authorized service account name>
namespace: <authorized pod namespace>
# Authorize specific users (not recommended):
- kind: User
apiGroup: rbac.authorization.k8s.io
name: <authorized user name>
转到 here 以获得更详细的解释。
我正在尝试使用 helm 安装 loki
$ helm upgrade --install loki grafana/loki-stack
我收到以下错误消息:
Release "loki" does not exist. Installing it now.
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy "loki" is forbidden: User "secret user :)" cannot get resource "podsecuritypolicies" in API group "policy" at the cluster scope
$ helm list -all
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
我是一个普通用户,但我可以通过 yaml 文件手动制作 deployment/pods。 我需要使用 helm 图表。
您的用户似乎没有足够的权限来创建策略。您需要向您的集群管理员询问更多权限,除非您可以自己将它们分配给该用户。我在下面提供示例 yaml 来实现这一点。首先,创建具有适当权限的 ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: <role name>
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['get']
然后,您需要将此 ClusterRole 绑定到用户:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: <binding name>
roleRef:
kind: ClusterRole
name: <role name>
apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize all service accounts in a namespace (recommended):
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts:<authorized namespace>
# Authorize specific service accounts (not recommended):
- kind: ServiceAccount
name: <authorized service account name>
namespace: <authorized pod namespace>
# Authorize specific users (not recommended):
- kind: User
apiGroup: rbac.authorization.k8s.io
name: <authorized user name>
转到 here 以获得更详细的解释。