即使在向用户授予群集角色后,我也会得到Error from server (Forbidden): User "system:anonymous" cannot list nodes at the cluster scope. (get nodes)
我为用户设置了以下内容, {/ 1}}设置在〜/ .kube / config文件
中以及以下内容添加到admin.yaml以创建cluster-role和cluster-rolebindings
- context:
cluster: kubernetes
user: user@gmail.com
name: user@kubernetes
kind: CluserRouster: kubernetes user: nsp@gmail.com name: nsp@kubernetese
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: admin-role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
当我尝试命令时,我仍然会收到错误。
oidckind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: admin-binding
subjects:
- kind: User
name: nsp@gmail.com
roleRef:
kind: ClusterRole
name: admin-role
有人可以建议如何继续。
答案 0 :(得分:0)
就我而言,由于RBAC,我收到几乎类似的错误
错误
root@k8master:~# kubectl cluster-info dump --insecure-skip-tls-verify=true
Error from server (Forbidden): nodes is forbidden: User "system:anonymous" cannot list resource "nodes" in API group "" at the cluster scope
解决方案: 作为解决方案,我已经做了以下事情来重新配置我的用户以访问集群
cd $HOME
sudo whoami
sudo cp /etc/kubernetes/admin.conf $HOME/
sudo chown $(id -u):$(id -g) $HOME/admin.conf
export KUBECONFIG=$HOME/admin.conf
echo "export KUBECONFIG=$HOME/admin.conf" | tee -a ~/.bashrc
完成上述操作后,我进行了群集转储
root@k8master:~# kubectl cluster-info
Kubernetes master is running at https://192.168.10.15:6443
KubeDNS is running at https://192.168.10.15:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy