从Cluster中的容器更新部署

时间:2018-03-29 23:59:26

标签: kubernetes google-kubernetes-engine

我尝试从群集中的Go应用程序更新部署,但是由于授权错误而失败。

GKE Master版本1.9.4-gke.1 

package main

import (
    "fmt"

    "github.com/pkg/errors"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    "k8s.io/client-go/kubernetes"
    "k8s.io/client-go/rest"
)

func updateReplicas(namespace string, name string, replicas int32) error {
    config, err := rest.InClusterConfig()
    if err != nil {
        return errors.Wrap(err, "failed rest.InClusterConfig")
    }
    clientset, err := kubernetes.NewForConfig(config)
    if err != nil {
        return errors.Wrap(err, "failed kubernetes.NewForConfig")
    }

    deployment, err := clientset.AppsV1().Deployments(namespace).Get(name, metav1.GetOptions{})
    if err != nil {
        fmt.Printf("failed get Deployment %+v\n", err)
        return errors.Wrap(err, "failed get deployment")
    }
    deployment.Spec.Replicas = &replicas
    fmt.Printf("Deployment %v\n", deployment)
    ug, err := clientset.AppsV1().Deployments(deployment.Namespace).Update(deployment)
    if err != nil {
        fmt.Printf("failed update Deployment %+v", err)
        return errors.Wrap(err, "failed update Deployment")
    }
    fmt.Printf("done update deployment %v\n", ug)

    return nil
}

结果消息

failed get Deployment deployments.apps "land-node" is forbidden: User "system:serviceaccount:default:default" cannot get deployments.apps in the namespace "default": Unknown user "system:serviceaccount:default:default"

我已将权限设置如下,但这还不够吗?

部署-editor.yaml 

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: deployment-editor
rules:
- apiGroups: [""]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "create", "update", "patch"]

主编deployement.yaml 

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: editor-deployment
  namespace: default
subjects:
- kind: ServiceAccount
  name: default
  namespace: default
roleRef:
  kind: ClusterRole
  name: deployment-editor
  apiGroup: rbac.authorization.k8s.io

1 个答案:

答案 0 :(得分:3)

来自Unable to list deployments resources using RBAC

  

“扩展”和“应用”API组中存在复制副本和部署,而不是旧版“”组

- apiGroups:
  - extensions
  - apps
  resources:
  - deployments
  - replicasets
  verbs:
  - get
  - list
  - watch
  - update
  - create
  - patch
相关问题
最新问题