ClusterRoleBinding 不适用

ClusterRoleBinding 不适用

rbac.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-account
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  namespace: default
  name: my-role
rules:
- apiGroups: [""]
  resources: ["*"]
  verbs: ["create", "delete", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: my-cluster-role-binding
  namespace: default
subjects:
- kind: ServiceAccount
  name: my-account
  namespace: default
roleRef:
  kind: ClusterRole
  name: my-role
  apiGroup: rbac.authorization.k8s.io

我尝试后kubectl apply -f rbac.yaml

user@host> kubectl auth can-i create pods --as=my-account
no

我的 yaml 有什么问题?

环境:新的 minikube。

答案1

我发现了错误。--as=..错误部分如下:

这有效:

kubectl auth can-i create pod --as=system:serviceaccount:default:my-account

相关内容