我正在尝试按照以下说明安装入口控制器:
https://docs.microsoft.com/en-us/azure/aks/ingress-tls
运行helm install stable/nginx-ingress --namespace kube-system --set controller.replicaCount=1 --tls会导致以下错误:
Error: release unrealized-labradoodle failed: clusterroles.rbac.authorization.k8s.io "unrealized-labradoodle-nginx-ingress" is forbidden: attempt to grant extra privileges: [{[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints] [] []} {[list] [] [nodes] [] []} {[watch] [] [nodes] [] []} {[list] [] [pods] [] []} {[watch] [] [pods] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []} {[get] [] [nodes] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[update] [] [services] [] []} {[watch] [] [services] [] []} {[get] [extensions] [ingresses] [] []} {[list] [extensions] [ingresses] [] []} {[watch] [extensions] [ingresses] [] []} {[create] [] [events] [] []} {[patch] [] [events] [] []} {[update] [extensions] [ingresses/status] [] []}] user=&{system:serviceaccount:kube-system:tiller ************* [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[clusterroles.rbac.authorization.k8s.io "cluster-admin" not found]
如何解决此错误?是什么原因?
答案 0 :(得分:0)
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
我必须添加上面的ClusterRole。
https://github.com/Azure/acs-engine/issues/1892#issuecomment-402189707