kubectl 获取秘密:来自服务器的错误(禁止)
kubectl get secrets: Error from server (Forbidden)
我已经在本地安装了 Upbound CLI,从那时起,当我尝试使用 kubectl:
执行不同的命令时,我(我认为)收到了 receiving Error from server (Forbidden) 错误消息
kubectl get secrets
Error from server (Forbidden): secrets is forbidden: User "upbound-cloud-impersonator" cannot list resource "secrets" in API group "" in the namespace "default"
kubectl get all
Error from server (Forbidden): replicationcontrollers is forbidden: User "upbound-cloud-impersonator" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"
Error from server (Forbidden): services is forbidden: User "upbound-cloud-impersonator" cannot list resource "services" in API group "" in the namespace "default"
Error from server (Forbidden): daemonsets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "daemonsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): deployments.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "deployments" in API group "apps" in the namespace "default"
Error from server (Forbidden): replicasets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "replicasets" in API group "apps" in the namespace "default"
Error from server (Forbidden): statefulsets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "statefulsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): horizontalpodautoscalers.autoscaling is forbidden: User "upbound-cloud-impersonator" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" in the namespace "default"
Error from server (Forbidden): cronjobs.batch is forbidden: User "upbound-cloud-impersonator" cannot list resource "cronjobs" in API group "batch" in the namespace "default"
Error from server (Forbidden): jobs.batch is forbidden: User "upbound-cloud-impersonator" cannot list resource "jobs" in API group "batch" in the namespace "default"
似乎用户已更改为“upbound-cloud-impersonator”,但我不确定为什么以及如何将其切换回之前的状态。
如果有帮助,这些是命名空间:
crossplane-system Active 2d21h
default Active 2d21h
kube-node-lease Active 2d21h
kube-public Active 2d21h
kube-system Active 2d21h
upbound-system Active 2d21h
velero Active 2d21h
以及用户列表kubectl config view -o jsonpath='{.users[*].name}':
minikube upbound-3f93ea79-ba0e-4fdc-ae69-f2c562279579
- 用户
upbound-cloud-impersonator 没有足够的 RBAC 权限来获取机密。替代解决方案是设置足够的 RBAC 权限。
您可以使用以下命令验证这一点:
kubectl auth can-i get secret --as upbound-cloud-impersonator
或者 运行(因为您的上下文已经更改):
kubectl auth can-i get secret
您当前的上下文已切换到其他内容。新上下文正在使用 upbound-cloud-impersonator。您可以 运行 以下命令列出您当前的上下文
kubectl 配置current-context
To switch to another context,您可以先运行以下命令来列出您的上下文列表。请注意表示当前上下文的 * 符号。 请注意,此处使用的上下文名称是示例,可能因您的集群而异。
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
default default default
* upbound-cloud-impersonator@default default upbound-cloud-impersonator
要切换到另一个上下文,会将当前上下文更改为提供的上下文。使用适当的上下文进行切换。
kubectl config use-context default
注意 * 符号:
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* default default default
upbound-cloud-impersonator@default default upbound-cloud-impersonator
验证授权:
kubectl auth can-i get secret
yes
我已经在本地安装了 Upbound CLI,从那时起,当我尝试使用 kubectl:
receiving Error from server (Forbidden) 错误消息
kubectl get secrets
Error from server (Forbidden): secrets is forbidden: User "upbound-cloud-impersonator" cannot list resource "secrets" in API group "" in the namespace "default"
kubectl get all
Error from server (Forbidden): replicationcontrollers is forbidden: User "upbound-cloud-impersonator" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"
Error from server (Forbidden): services is forbidden: User "upbound-cloud-impersonator" cannot list resource "services" in API group "" in the namespace "default"
Error from server (Forbidden): daemonsets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "daemonsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): deployments.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "deployments" in API group "apps" in the namespace "default"
Error from server (Forbidden): replicasets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "replicasets" in API group "apps" in the namespace "default"
Error from server (Forbidden): statefulsets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "statefulsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): horizontalpodautoscalers.autoscaling is forbidden: User "upbound-cloud-impersonator" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" in the namespace "default"
Error from server (Forbidden): cronjobs.batch is forbidden: User "upbound-cloud-impersonator" cannot list resource "cronjobs" in API group "batch" in the namespace "default"
Error from server (Forbidden): jobs.batch is forbidden: User "upbound-cloud-impersonator" cannot list resource "jobs" in API group "batch" in the namespace "default"
似乎用户已更改为“upbound-cloud-impersonator”,但我不确定为什么以及如何将其切换回之前的状态。
如果有帮助,这些是命名空间:
crossplane-system Active 2d21h
default Active 2d21h
kube-node-lease Active 2d21h
kube-public Active 2d21h
kube-system Active 2d21h
upbound-system Active 2d21h
velero Active 2d21h
以及用户列表kubectl config view -o jsonpath='{.users[*].name}':
minikube upbound-3f93ea79-ba0e-4fdc-ae69-f2c562279579
- 用户
upbound-cloud-impersonator没有足够的 RBAC 权限来获取机密。替代解决方案是设置足够的 RBAC 权限。
您可以使用以下命令验证这一点:
kubectl auth can-i get secret --as upbound-cloud-impersonator
或者 运行(因为您的上下文已经更改):
kubectl auth can-i get secret
您当前的上下文已切换到其他内容。新上下文正在使用
upbound-cloud-impersonator。您可以 运行 以下命令列出您当前的上下文kubectl 配置current-context
To switch to another context,您可以先运行以下命令来列出您的上下文列表。请注意表示当前上下文的 * 符号。 请注意,此处使用的上下文名称是示例,可能因您的集群而异。
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
default default default
* upbound-cloud-impersonator@default default upbound-cloud-impersonator
要切换到另一个上下文,会将当前上下文更改为提供的上下文。使用适当的上下文进行切换。
kubectl config use-context default
注意 * 符号:
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* default default default
upbound-cloud-impersonator@default default upbound-cloud-impersonator
验证授权:
kubectl auth can-i get secret
yes