服务被禁止:用户“system:serviceaccount:default:mockup”无法在命名空间“default”中的 API 组“”中列出资源“services”

tag-icon tag-icon kubernetes helm
服务被禁止:用户“system:serviceaccount:default:mockup”无法在命名空间“default”中的 API 组“”中列出资源“services”

我有这个用于部署 kubernetes pod 的 Helm 图表:

https://github.com/rcbandit111/mockup/tree/master/helm_chart/mockup-chart

当我启动 pod 时出现错误:

2024-04-01 17:42:45.953 ERROR 1 --- [els.V1Service-1] i.k.c.informer.cache.ReflectorRunnable   : class io.kubernetes.client.openapi.models.V1Service#Reflector loop failed unexpectedly

io.kubernetes.client.openapi.ApiException: class V1Status {
    apiVersion: v1
    code: 403
    details: class V1StatusDetails {
        causes: null
        group: null
        kind: services
        name: null
        retryAfterSeconds: null
        uid: null
    }
    kind: Status
    message: services is forbidden: User "system:serviceaccount:default:mockup" cannot list resource "services" in API group "" in the namespace "default"
    metadata: class V1ListMeta {
        _continue: null
        remainingItemCount: null
        resourceVersion: null
        selfLink: null
    }
    reason: Forbidden
    status: Failure
}
        at io.kubernetes.client.util.generic.KubernetesApiResponse.lambda$throwsApiException$0(KubernetesApiResponse.java:64) ~[client-java-13.0.2.jar!/:na]
        at io.kubernetes.client.util.generic.KubernetesApiResponse.onFailure(KubernetesApiResponse.java:78) ~[client-java-13.0.2.jar!/:na]
        at io.kubernetes.client.util.generic.KubernetesApiResponse.throwsApiException(KubernetesApiResponse.java:62) ~[client-java-13.0.2.jar!/:na]
        at io.kubernetes.client.informer.SharedInformerFactory$2.list(SharedInformerFactory.java:254) ~[client-java-13.0.2.jar!/:na]
        at io.kubernetes.client.informer.cache.ReflectorRunnable.run(ReflectorRunnable.java:88) ~[client-java-13.0.2.jar!/:na]
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) ~[na:na]
        at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:358) ~[na:na]
        at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[na:na]
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[na:na]
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[na:na]
        at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]

我如何配置这个 Helm Chart 以便 Pod 可以访问 Kubernetes API?

相关内容