我正在尝试自学 K8s,但遇到了一些问题,我一直无法通过 google/堆栈搜索找到这些问题。我尝试在不使用 helm 的情况下设置 Rancher。这是我的部署清单:
apiVersion: apps/v1
kind: Deployment
metadata:
name: rancher
labels:
app: rancher
namespace: cattle-system
spec:
replicas: 1
selector:
matchLabels:
app: rancher
template:
metadata:
labels:
app: rancher
spec:
containers:
- name: rancher
image: rancher/rancher
ports:
- containerPort: 80
然而,pod 陷入了崩溃循环。日志显示似乎是权限问题。
2020/11/19 15:21:34 [INFO] No access to list CRDs, assuming CRDs are pre-created.
2020/11/19 15:21:34 [ERROR] unable to retrieve feature unsupported-storage-drivers in initialize features: features.management.cattle.io "unsupported-storage-drivers" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to create feature unsupported-storage-drivers in initialize features: features.management.cattle.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot create resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature istio-virtual-service-ui in initialize features: features.management.cattle.io "istio-virtual-service-ui" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to create feature istio-virtual-service-ui in initialize features: features.management.cattle.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot create resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature proxy in initialize features: features.management.cattle.io "proxy" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature multi-cluster-management in initialize features: features.management.cattle.io "multi-cluster-management" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to retrieve feature fleet in initialize features: features.management.cattle.io "fleet" is forbidden: User "system:serviceaccount:cattle-system:default" cannot get resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [ERROR] unable to create feature fleet in initialize features: features.management.cattle.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot create resource "features" in API group "management.cattle.io" at the cluster scope
2020/11/19 15:21:34 [FATAL] creating CRD store customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:cattle-system:default" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
有人知道如何解决这个问题吗?
答案1
我缺少服务帐户和 ClusterRole。添加了以下内容:
kind: ServiceAccount
apiVersion: v1
metadata:
name: rancher
labels:
app: rancher
namespace: cattle-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rancher
labels:
app: rancher
subjects:
- kind: ServiceAccount
name: rancher
namespace: cattle-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
现在它运行没有错误。