我正在尝试 使用以下步骤进行velero安装GKE ClusterGCP Compute Engine Host
https://github.com/vmware-tanzu/velero-plugin-for-gcp
我正在使用以下命令velero从主机安装VM
velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.1.0 --bucket ${VELEROBUCKET} --secret-file ./credentials-velero
但失败并出现以下错误
Error installing Velero. Use `kubectl logs deploy/velero -n velero` to check the deploy logs:
Error creating resource ClusterRoleBinding/velero: clusterrolebindings.rbac.authorization.k8s.io is forbidden:
User "116865650821658545991" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope: requires one of ["container.clusterRoleBindings.create"] permission(s)
为了解决这个错误,我正在尝试这个
kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user velero
但这也失败了,出现以下错误
error: failed to create clusterrolebinding: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "116865650821658545991" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope: requires one of ["container.clusterRoleBindings.create"] permission(s).
针对上述场景的两个查询
clusterrolebinding创建资源来解决安装时看到的错误是否正确velero?如何识别第二个错误中出现的“116865650821658545991”对应的用户,以及需要分配什么角色来创建
clusterrolebinding资源?
答案1
现在已经解决了。
我通过VM使用
$ gcloud config list
[core]
account = [email protected]
之后,我们将角色“Kubernetes Engine Admin”分配给上述内容,并使用以下命令成功Service account安装velero
VELERO_BUCKET=gkevelerobackup
velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.1.0 --bucket ${VELEROBUCKET} --secret-file ./credentials-velero