运营商SDK问题
[英]Operator-sdk issue
问题描述
I had an Operator, and deploy it on 3 different namespaces in the same cluster, then I got the following errors.
我有一个 Operator,并将其部署在同一个集群中的 3 个不同命名空间上,然后出现以下错误。 I could not figure out what's wrong here and how to fix them?我不知道这里出了什么问题以及如何解决它们? Any idea for that?有什么想法吗?
E1111 15:02:48.398838 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
E1111 15:02:50.193666 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.6/tools/cache/reflector.go:125: Failed to list *v1alpha1.Bird: Birds.xxxx.com is forbidden: User "system:serviceaccount:aaaa-test:default" cannot list resource "Birds" in API group "xxxx.com" in the namespace "aaaa-test"
1 个解决方案
解决方案1
0 已采纳 2020-11-12 10:39:01
This message means that the service account you use for your Operator does misses certain permissions.此消息表示您为 Operator 使用的服务帐户确实缺少某些权限。 You need to add Role which has permissions to list the resource Birds .您需要添加具有list资源Birds权限的 Role。
Something like this:像这样的东西:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: operator
rules:
- apiGroups:
- xxxx.com
resources:
- birds
verbs:
- list
Needless to say, you also need to add ClusterRoleBinding .不用说,您还需要添加ClusterRoleBinding 。
Please check more details in the example: Build Your Operator with the Right Tool .请查看示例中的更多详细信息:使用正确的工具构建您的操作员。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.