我想创建一个服务帐户,允许在OpenShift.com Online上进行oc port-forward(在Kubernetes上使用AKA kubectl port-forward),但不能在我的生活中找出哪个我在oc get clusterrole中看到的许多角色会允许这样做吗? (oc get role为空。)
error: error upgrading connection: pods "minecraft-storeys-maker-40-ps85h" is forbidden: User "system:serviceaccount:learn-study:oc-port-forward-container" cannot create pods/portforward in the namespace "learn-study": User "system:serviceaccount:learn-study:oc-port-forward-container" cannot create pods/portforward in project "learn-study"
基于此错误消息,我尝试过“pods / portforward”,但没有好处:
oc policy add-role-to-user pods/portforward -z oc-port-forward-container
Error from server (BadRequest): Name parameter invalid: "pods/portforward": may not contain '/'
同样只是“前进”并不好:
oc policy add-role-to-user portforward -z oc-port-forward-container
Error from server (NotFound): rolebindings.authorization.openshift.io "portforward" not found
适用于https://github.com/OASIS-learn-study/oc-port-forward-container。
答案 0 :(得分:0)
在OpenShift中,edit和admin群集角色应该对create具有pods/portforward权限。