【发布时间】:2018-04-04 06:28:42
【问题描述】:
我正在尝试遵循本 Traefik 用户指南:https://docs.traefik.io/user-guide/kubernetes/
用户指南和我的设置之间的主要区别在于,指南假定我在 Minikube 上,而我试图在 Google Cloud Platform (GCP) 上进行此设置。我是 Kubernetes 新手,但我认为我已经掌握了基础知识。
无论如何,关于上面用户指南中介绍的基于角色的访问控制配置,我不断收到此错误:
来自服务器的错误(禁止):创建“rbac.yml”时出错:cl usterroles.rbac.authorization.k8s.io "traefik-ingress-controller" 被禁止:尝试授予额外权限:[PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"] } PolicyRule{资源 ces:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{资源:["endpoints"],APIGroups:[""],动词:["get"]} PolicyRule{Res ources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{资源:["secrets"],APIGroups:[""],动词:["get"]} PolicyRule{ 资源:["secrets"],APIGroups:[""],动词:["list"]} PolicyRule{资源:["secrets"],APIGroups:[""],动词:["watch"]} PolicyRule{资源:["ingresses"],APIGroups:["extensions"],动词:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch" ]}] 用户=&{evan@sherwood.io [system:authenti cated] map[authenticator:[GKE]]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{Resources:[" selfsubjectsrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/" "/apis" "/apis/" “/healthz” “/swagger-2.0.0.pb-v1” “/swagger.json” “/swaggerapi” “/swaggerapi/*” “/ 版本"],动词:["get"]}] ruleResolutionErrors=[]
我觉得我遇到了Privilege Escalation Prevention and Bootstrapping,但我不确定我需要更改/做什么才能超越这个。
【问题讨论】:
标签: kubernetes google-cloud-platform traefik google-kubernetes-engine