使用Kubernetes RBAC授权程序插件时无法协商API版本

时间:2016-07-11 04:20:01

标签: kubernetes

我按照deprecated the _escaped_fragment_中的说明进行操作。我创建了一个名为'admin-roles'的ClusterRole授予管理员权限,并将该角色绑定到用户'tester'。

在k8s大师中:

# curl localhost:8080/apis/rbac.authorization.k8s.io/v1alpha1/clusterroles
{
  "kind": "ClusterRoleList",
  "apiVersion": "rbac.authorization.k8s.io/v1alpha1",
  "metadata": {
    "selfLink": "/apis/rbac.authorization.k8s.io/v1alpha1/clusterroles",
    "resourceVersion": "480750"
  },
  "items": [
    {
      "metadata": {
        "name": "admins-role",
        "selfLink": "/apis/rbac.authorization.k8s.io/v1alpha1/clusterroles/admins-role",
        "uid": "88a58ac6-471a-11e6-9ad4-52545f942a3b",
        "resourceVersion": "479484",
        "creationTimestamp": "2016-07-11T03:49:56Z"
      },
      "rules": [
        {
          "verbs": [
            "*"
          ],
          "attributeRestrictions": null,
          "apiGroups": [
            "*"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    }

# curl localhost:8080/apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings
{
  "kind": "ClusterRoleBindingList",
  "apiVersion": "rbac.authorization.k8s.io/v1alpha1",
  "metadata": {
    "selfLink": "/apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings",
    "resourceVersion": "480952"
  },
  "items": [
    {
      "metadata": {
        "name": "bind-admin",
        "selfLink": "/apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindings/bind-admin",
        "uid": "c53bbc34-471a-11e6-9ad4-52545f942a3b",
        "resourceVersion": "479632",
        "creationTimestamp": "2016-07-11T03:51:38Z"
      },
      "subjects": [
        {
          "kind": "User",
          "name": "tester"
        }
      ],
      "roleRef": {
        "kind": "ClusterRole",
        "name": "admins-role",
        "apiVersion": "rbac.authorization.k8s.io/v1alpha1"
      }
    }

但是以'tester'作为用户运行kubectl get pods

error: failed to negotiate an api version; server supports: map[], client supports: map[extensions/v1beta1:{} authentication.k8s.io/v1beta1:{} autoscaling/v1:{} batch/v1:{} federation/v1alpha1:{} v1:{} apps/v1alpha1:{} componentconfig/v1alpha1:{} policy/v1alpha1:{} rbac.authorization.k8s.io/v1alpha1:{} authorization.k8s.io/v1beta1:{} batch/v2alpha1:{}]

1 个答案:

答案 0 :(得分:1)

您无法点击发现API。更新您的ClusterRole以包含"nonResourceURLs": ["*"]

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: admins-role
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
    nonResourceURLs: ["*"]
相关问题
最新问题