在没有rbac问题的情况下在aks中部署nginx-ingress
[英]Deploy nginx-ingress in aks without rbac issue
问题描述
I'm new in Kubernetes and was trying to deploy an nginx-ingress in a Aks cluster with Helm. 
我是Kubernetes的新手,并且正在尝试使用Helm在Aks集群中部署nginx-ingress。
After the cluster was created with az-cli, tried to deploy nginx-ingress with this command: 使用az-cli创建集群后,尝试使用以下命令部署nginx-ingress:
helm install stable/nginx-ingress -n nginx-ingress --namespace kube-system --set rbac.create=false
But I had the following error in command line: 但是我在命令行中出现以下错误:
Error: release nginx-ingress failed: clusterroles.rbac.authorization.k8s.io "nginx-ingress" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["patch"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["update"]}] user=&{system:serviceaccount:kube-system:default 5ddc4e18-5607-11e8-b434-0a58ac1f0fc5 [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[]
I'm using the latest az cli, Helm and Ubuntu 16.04 (Xenial Xerus). 我正在使用最新的az cli,Helm和Ubuntu 16.04(Xenial Xerus)。
1 个解决方案
解决方案1
7 已采纳 2018-05-14 04:27:44
I just got over this. 我刚刚克服了这一点。 It looks to me like RBAC may be enabled now on AKS, but only partially? 在我看来,现在可以在AKS上启用RBAC,但只是部分启用? I just created my cluster on 5/11/18. 我刚刚在5/11/18创建了我的集群。
I took pieces from these two issues... 我从这两个问题中拿走了一些东西......
https://github.com/kubernetes/helm/issues/3985 https://github.com/kubernetes/helm/issues/3985
https://github.com/jenkins-x/jx/issues/485 https://github.com/jenkins-x/jx/issues/485
kubectl create -f ClusterRoles.yaml # (this yaml came from herzogf in the jenkins issue)
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --upgrade --service-account tiller
helm repo update
helm install stable/nginx-ingress --namespace kube-system
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.