问题描述

无法创建簇角色. <>已被指定为容器引擎管理员"& 容器引擎群集管理员"

Failed to create clusterroles. <> already assigned as the roles of "container engine admin" & "container engine cluster admin"

Error from server (Forbidden): error when creating "prometheus-
operator/prometheus-operator-cluster-role.yaml":
clusterroles.rbac.authorization.k8s.io "prometheus-operator"
is forbidden: attempt to grant extra privileges: [{[create]
[extensions] [thirdpartyresources] [] []} {[*]
[monitoring.coreos.com] [alertmanagers] [] []} {[*]
[monitoring.coreos.com] [prometheuses] [] []} {[*]
[monitoring.coreos.com] [servicemonitors] [] []} {[*]
[apps] [statefulsets] [] []} {[*] [] [configmaps] [] []}
{[*] [] [secrets] [] []} {[list] [] [pods] [] []} {[delete]
[] [pods] [] []} {[get] [] [services] [] []} {[create]
[] [services] [] []} {[update] [] [services] [] []} {[get]
[] [endpoints] [] []} {[create] [] [endpoints] [] []}
{[update] [] [endpoints] [] []} {[list] [] [nodes]
[] []} {[watch] [] [nodes] [] []}]
user=&{<<my_account>>@gmail.com
[system:authenticated] map[]} ownerrules=[{[create]
[authorization.k8s.io] [selfsubjectaccessreviews]
[] []} {[get] [] [] [] [/api /api/* /apis /apis/*
/healthz /swaggerapi /swaggerapi/* /version]}]
ruleResolutionErrors=[]

推荐答案

基于 https://cloud.google.com/container-engine/docs/role-based-access-control#setting_up_role-based_access_control

一种变通方法示例是创建一个``角色绑定''，在尝试创建其他``角色''或``ClusterRole''权限之前，为您的Google身份赋予cluster-admin角色.

An example workaround is to create a RoleBinding that gives your Google identity a cluster-admin role before attempting to create additional Role or ClusterRolepermissions.

这是Kubernetes和Container Engine 1.6版中基于角色的访问控制Beta版中的一个已知问题.

This is a known issue in the Beta release of Role-Based Access Control in Kubernetes and Container Engine version 1.6.

因此，您需要将您的帐户绑定到群集管理员角色.

So you need to bind your account to a cluster admin role.

这篇关于来自服务器的错误(禁止):创建..时出错:clusterroles.rbac.authorization.k8s.io ...:尝试授予额外的特权:的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！