admin管理员组文章数量:1648428
Web UI部署、集群参考自 https://blog.csdn/weixin_41806245/article/details/89381752
解决方案参考自https://wwwblogs/harlanzhang/p/10045975.html
部署完K8sWeb UI后,在Web上部署Pod、Service、RS、RC等资源报错
报错信息: pods is forbidden: User "system:serviceaccount:kube-system:namespace-controller" cannot create resource "pods" in API group "" in the namespace "default"
问题分析: API组中用户不能在默认命名空间创建Pod,也就是说使用原token认证登录的用户是无权操作
解决方案:
1.创建kubernetes-dashboard管理员角色
[root@k8s-master ~]# vi k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
[root@k8s-master ~]# kubectl create -f k8s-admin.yaml
2.获取dashboard管理员角色token
[root@k8s-master ~]# kubectl describe secret dashboard-admin-token-7z6zm -n kube-system
Name: dashboard-admin-token-7z6zm
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: f0d1d33f-d43d-11e9-a75a-fa163e7d0486
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tN3o2em0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjBkMWQzM2YtZDQzZC0xMWU5LWE3NWEtZmExNjNlN2QwNDg2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Jmws1PEvnjG4fmR2YoZTV909dvPwJdRTi_KSkUnezA1i1GBd7YHpIjw_MmVj8Vx-C4dE83OPPqS2UIdslJQV-KsAYQNOMaPxhxOz4WRgIzEcxpOXMEKny93AGB6PcpQrmtNnmnwGEX8wF-dqogqoyH-8X-iDdpQ75-TbrVmco-NZtb7GMGKiTnBK_cRZ2iGg-Oq4ic7YoJpM0C1a87xNb4kOfUCIShj1JqWJTdoMtvjiCSTvjBVz8mICvQ9qMrJfxCZZJ6BjNNvMDqrd2cWKu14mjDo_hipt6DBcKSZDmp-jBCccx4RG_9CGpp6UyeFWVuEvDxeN8ABkX6RB74s3hw
ca.crt: 1025 bytes
namespace: 11 bytes
3.使用第二步第12行的token登陆kubernetes-dashboard web界面即可
附加阅读:详解kubernetes-dashboard.yaml文件,理解RBAC角色控制和认证
本文标签: quotSystemUserpodsforbidden
版权声明:本文标题:pods is forbidden: User "system:serviceaccount:kube-system:namespace-controller" cannot create resou 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/xitong/1729497414a1203079.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论