缺少哪些权利?无法继续安装:无法获取有关资源的信息:podsecuritypolicies.policy

Which rights are missing? Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy

我正在尝试使用 helm 安装 loki

$ helm upgrade --install loki grafana/loki-stack

我收到以下错误消息:

Release "loki" does not exist. Installing it now.

Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy "loki" is forbidden: User "secret user :)" cannot get resource "podsecuritypolicies" in API group "policy" at the cluster scope

$ helm list -all

NAME    NAMESPACE       REVISION        UPDATED STATUS  CHART   APP VERSION

我是一个普通用户,但我可以通过 yaml 文件手动制作 deployment/pods。 我需要使用 helm 图表。

您的用户似乎没有足够的权限来创建策略。您需要向您的集群管理员询问更多权限,除非您可以自己将它们分配给该用户。我在下面提供示例 yaml 来实现这一点。首先,创建具有适当权限的 ClusterRole:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: <role name>
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['get']

然后,您需要将此 ClusterRole 绑定到用户:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: <binding name>
roleRef:
  kind: ClusterRole
  name: <role name>
  apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize all service accounts in a namespace (recommended):
- kind: Group
  apiGroup: rbac.authorization.k8s.io
  name: system:serviceaccounts:<authorized namespace>
# Authorize specific service accounts (not recommended):
- kind: ServiceAccount
  name: <authorized service account name>
  namespace: <authorized pod namespace>
# Authorize specific users (not recommended):
- kind: User
  apiGroup: rbac.authorization.k8s.io
  name: <authorized user name>

转到 here 以获得更详细的解释。