使用 AWS 代码管道部署到 EKS 集群
[英]Deploy to EKS cluster using AWS codepipleine
问题描述
I'm trying to automate deployment on EKS cluster using AWS codepipeline and was referring to the page: AWS CodePipeline and deployingto EKS
我正在尝试使用 AWS codepipeline 在 EKS 集群上自动部署并指的是页面: AWS CodePipeline and deployingto EKS
I am following the same steps as mentioned in the buildspec.yaml file but I am getting following error:我正在执行 buildspec.yaml 文件中提到的相同步骤,但出现以下错误:
[Container] 2020/01/05 08:26:35 Running command kubectl apply -f $CODEBUILD_SRC_DIR/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"
Name: "takenaka-user", Namespace: "default"
Object: &{map["apiVersion":"apps/v1" "kind":"Deployment" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"takenaka-user" "namespace":"default"] "spec":map["replicas":'\x01' "selector":map["matchLabels":map["app":"takenaka-user"]] "template":map["metadata":map["labels":map["app":"takenaka-user"]] "spec":map["containers":[map["image":"591209811908.dkr.ecr.ap-northeast-1.amazonaws.com/takenaka-ecr-repo:takenaka.user-4" "name":"takenaka-user" "ports":[map["containerPort":'P']]]]]]]]}
from server for: "/codebuild/output/src658704233/src/git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/Takenaka/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml": deployments.apps "takenaka-user" is forbidden: User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"
2 个解决方案
解决方案1
0 2020-01-05 08:41:53
User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"
If "Kubernetesdeployment" is a ServiceAccount that AWS CodePipeline uses to deploy, it looks like it is missing the necessary RBAC permissions to deploy "Deployment" in namespace "default".如果“Kubernetesdeployment”是 AWS CodePipeline 用于部署的 ServiceAccount,则它似乎缺少在命名空间“default”中部署“Deployment”所需的 RBAC 权限。
Using RBAC Authorization may be helpful. 使用 RBAC 授权可能会有所帮助。 Usually, you want to create and read both "Deployment", "Service" and possibly "Ingress" for deploying apps to a specific namespace.通常,您希望创建和读取“部署”、“服务”和可能的“入口”以将应用程序部署到特定命名空间。
From the link that you had followed, it looks like it miss point 4.从您所关注的链接来看,它似乎错过了第 4 点。
- Make kubernetes_deployment role as authorized in eks cluster
alternatively, that you have set the permissions to a different service account name?或者,您是否已将权限设置为不同的服务帐户名称? username: kubernetes_deployment is named Kubernetesdeployment in your error message. username: kubernetes_deployment在您的错误消息中被命名为Kubernetesdeployment 。
解决方案2
0 2020-01-07 07:14:42
Please also look at AWS recommended deployment methodology to EKS with CodePipeline:另请查看 AWS 推荐的使用 CodePipeline 的 EKS 部署方法:
Continuous Deployment to Kubernetes using AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, Amazon ECR and AWS Lambda - https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws-codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/使用 AWS CodePipeline、AWS CodeCommit、AWS CodeBuild、Amazon ECR 和 AWS Lambda 持续部署到 Kubernetes - https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws- codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.